Achieving multi-tenant metrics with Prometheus Agent: a first building block

This is the first post of a series of articles about multi-tenant metrics with Prometheus Agent; here you will read how to enable Prometheus Agent mode and how to ingest metrics to a central Prometheus instance but also the limitations of this setup. Let’s say you’re managing 5 - 10 to n Kubernetes clusters (or hopefully Vclusters) for your tenants and you want to provide metrics to the developers: cpu usage, memory usage, custom metrics etc....

July 25, 2022 · 7 min · Justin

LDAP authentication with Dex on Kubernetes with Vcluster (K3S)

We set up our Vcluster but now we want to give proper access to the developers by leveraging their existing ldap credentials. The idea is to use DEX as a federated openid provider and kubelogin as a plugin for oidc integration. Scenario We’re going to achieve something like this: the user issues a command targeting our vcluster’s api server (kubectl get pods, for example), kubelogin will open the default browser on the user’s machine and display a login page....

June 11, 2022 · 8 min · Justin

How we reduced Kubernetes Clusters Sprawl by adopting Vclusters: An Introduction

With the consistent increasing of projects we were experiencing a huge growth of Kubernetes clusters for dev and test environments; each project had its own cluster with its stack: Nginx, Prometheus, Opa Gatekeeper etc. Moreover, each cluster had a different Kubernetes version with legacy clusters still pinned to the 1.15.x version. This meant we had to manage a different set of stacks (Prometheus, Nginx etc) since the skew between versions were too big....

April 24, 2022 · 9 min · Justin

Centralized (multi tenant) Logging with Kubernetes: Part 3

This is a series. You can find part 1 here and part 2 here. On this last post I am going to cover the monitoring (with Prometheus and Grafana) for OpenSearch and Fluentd. FluentD If you recall from part-1, we set up a specific configuration for Prometheus in Fluentd main-fluentd-conf.yaml kind: ConfigMap apiVersion: v1 metadata: name: fluentd-es-config namespace: logging labels: addonmanager.kubernetes.io/mode: Reconcile data: fluent.conf: |-<source> type forward bind 0.0.0.0 port 32000 </source> [....

December 12, 2021 · 3 min · Justin

Centralized (multi tenant) Logging with Kubernetes: Part 2

This is a series. You can find part 1 here and part 3 here. We were left on part-1 with a fully functional log pipeline. As I said, we’re going to check how to achieve a single shared index in OpenSearch. Shared Index If you recall, on the previous part we set a field on each document we were indexing in OpenSearch by leveraging the FluentD record_transformer plugin. main-fluentd-conf.yaml kind: ConfigMap apiVersion: v1 metadata: name: fluentd-es-config namespace: logging labels: addonmanager....

December 8, 2021 · 5 min · Justin

Centralized (multi tenant) Logging with Kubernetes: Part 1

This is a series. You can find part 2 here and part 3 here. Managing multiple Kubernetes clusters is not so easy; even more managing the logs that are produced from these clusters. The architecture that I want to show you is still a WIP but on the right track. Let’s start from this scenario: 15 Kubernetes clusters (that we will call Tenants) where Spring Boot based microservices are running. We need to provide to the developers a central logging dashboard where they can navigate and correlate logs; in this case we will use OpenSearch (formerly known as Open Distro for ElasticSearch)....

November 21, 2021 · 8 min · Justin