Leveraging LogInsight for Kubernetes

As part of responsibly running applications, it’s important to have all the supporting Day 2 operations covered. That way, when something goes bump in the night, you’re immediately prepared and able to quickly find the source of the issue. Logging is one critical component of this overall architecture. Many shops are already running mature processes for logging with vRealize LogInsight in supporting their vSphere infrastructures. Wouldn’t it be great to use this existing logging setup for your Kubernetes clusters? You can!

Note: If you’d like help setting up a simple, single node test cluster see this blog.

Setting It Up

Fluentd is an open source project that provides a “unified logging layer.” It is a great project that provides a lot of capabilities, outside of Kubernetes as well. For our purposes, it will be deployed as a DaemonSet within our Kubernetes cluster to provide log collection and shipping to our vRealize LogInsight Appliance.

Luckily for us, the project maintains a set of templates that make it very easy to deploy fluentd as a DaemonSet within a Kubernetes cluster. Remember, a DaemonSet (DS), is a Kubernetes capability that ensures we always have pod of this type running on every node within our cluster. Perfect for the logging use case.

Github for templates: https://github.com/fluent/fluentd-kubernetes-daemonset

For our implementation with LogInsight, we will be using the Kubernetes syslog template.

If you click on that file, you will see the manifest file that shows the configuration that will be deployed into the Kubernetes cluster.

You can see that it will:

  • Create a ServiceAccount and ClusterRole for fluentd
  • Deploy as a DaemonSet
  • Deploy into the kube-system namespace
  • Pull the container image from Fluent’s repository

Within the manifest file, the parameters that we need to change are only the IP address and desired port for our LogInsight Appliance.

Once you change the value: to the LogInsight IP address you can simply use that yaml file to deploy fluentd to the cluster! This will automatically create the DS and start shipping logs to your LogInsight Appliance.

Step by step for the deployment (assumes your have your cluster up and running and kubeconfig set up):

1. git clone https://github.com/fluent/fluentd-kubernetes-daemonset.git

2. Use a text editor to change the syslog template file to have correct value for your LogInsight Appliance

sudo vim fluentd-kubernetes-daemonset/fluentd-daemonset-syslog.yaml

Edit the value field under SYSLOG_HOST to the LogInsight IP and save esc w q !

3. Apply the DS to the Kubernetes cluster kubectl apply -f fluentd-kubernetes-daemonset/fluentd-daemonset-syslog.yaml

Verify the success within the kube-system namespace kubectl get ds -n kube-system

It should be listed along with kube-proxy and whichever CNI you’re leveraging for your Kubernetes cluster, for me that is Antrea.

Testing to make sure it works

In order to test that the logs are shipping and being received, let’s deploy a simple webserver and send it a few requests. I’ve added the label app:nginx so when we create the nodeport service it will select this pod as it’s endpoint to communicate with.

kubectl run nginx --image=nginx --restart=Never --labels=app=nginx

Then create a nodeport service so we can access the default webpage from Nginx. By default, this command uses a selector as app and name of the service, Nginx.

kubectl create svc nodeport nginx --tcp=80

kubectl get svc This will allow us to see the port we need to access the test nginx webserver.

Okay! There should be some http requests we can view from LogInsight which is acting as our syslog server via fluentd DaemonSet running in our cluster!

Logging into LogInsight and selecting Interactive Analytics, with a simple ‘http’ search in the search bar should show our Nginx logs.

There you have it! Logs are now flowing from our Kubernetes into our existing LogInsight appliance and we are able to search for them.

You can match these against the logs being output within the Kubernetes cluster with the kubectl logs nginx command.

It’s not just our app logs that will be shipped, but Kubernetes logs as well. Within LogInsight and the Interactive Analytics window, filter the app name to fluentd and you should see all the logs being sent from the K8s cluster. For example, I had a failed postgres deployment which can be seen in the screenshot below.

That is a lot of material, but the steps are fairly simple and easy thanks to the work done by the fluentd project.

In part 2 of this blog, we will look at creating some dashboards within LogInsight that will help us more easily monitor and analyze the logs coming in from the Kubernetes cluster.

Helpful source docs:

AWS re:Invent 2019 Recap

Amazon AWS introduced almost eighty new services or service enhancements this year at re:Invent. Let’s go over a few of the more important ones.

Serverless

Serverless was one of the main focuses of re:Invent 2019. The big announcement was the launch of ‘provisioned concurrency’ for Lambda. Currently, there is some latency the first time Lambda is invoked because of ‘cold starts’, when containers need to initialize in the background to do processing for your functions. Provisioned concurrency mitigates this by allocating a pool of pre-initialized Lambda containers in the background. This should allow for better latency when a Lambda function is initialized for the first time.

Link to announcement: https://aws.amazon.com/about-aws/whats-new/2019/12/aws-lambda-announces-provisioned-concurrency/

A few other major announcements in the serverless compute space:

Security

IAM Access Analyzer was the biggest security announcement from re:Invent. This new feature continuously monitors your IAM policies for changes and alerts if anything has changed. When an IAM policy violates your security and access standards, it can be remediated faster.

Link to announcement: https://aws.amazon.com/about-aws/whats-new/2019/12/introducing-aws-identity-and-access-management-access-analyzer/

Other major releases and announcements in the security space:

Compute

ARM based compute is the coolest thing that came out of the major compute announcements. Graviton processors, custom ARM based CPUs designed by Amazon, can perform almost as well as x86 CPUs at a fraction of the cost.

Link to announcement: https://aws.amazon.com/about-aws/whats-new/2019/12/announcing-new-amazon-ec2-m6g-c6g-and-r6g-instances-powered-by-next-generation-arm-based-aws-graviton2-processors/

Other major releases and announcements in the AWS compute space:

Networking

The big announcement here seems to be AWS Wavelength, AWS services embedded into the datacenters of telecommunications providers. This will provide very low latency for sensitive applications.

Link to Announcement: https://aws.amazon.com/wavelength/

Other major networking releases and announcements:

Database

Enterprise

AWS Outpost was announced in 2018, but is now generally available. This allows for true hybrid functionality for the cloud with AWS services on-prem and in the public cloud. VMware also offers VMware Cloud on AWS Outpost for customers that want to bring the strengths of AWS and VMware together in their datacenters.

Link to Outposts GA announcement: https://aws.amazon.com/about-aws/whats-new/2019/12/announcing-general-availability-of-aws-outposts/

AWS re:Invent 2019 Keynotes & Further Announcements

If you’re interested in watching any of the keynotes, the re:Invent 2019 YouTube channel has them all here:
https://www.youtube.com/playlist?list=PLhr1KZpdzukcAXSVwQ3L9cWD4QgKPCQ5S

Announcements for the dozens of other new technologies we didn’t cover here can be found on the 2019 re:Invent announcement page:
https://aws.amazon.com/new/reinvent/

That’s about everything we’re going to cover. There was so much more announced this year, but these are what I think they key highlights are for. Thanks for reading!

Quick Start: Kubernetes Test Cluster w/ Antrea CNI

Recently, VMware announced an open source Kubernetes Networking project called Antrea. This project uses Open vSwitch (more here) as the data plane for a compatible Container Network Interface (CNI). To run Kubernetes (k8s) clusters, it is required that you provide a CNI to allow for pod to pod communication. It is assumed the hosts (physical or VMs) making up the cluster are already networked together.

In this post, I’d like to go over setting up a single node k8s cluster using Kubeadm on an Ubuntu 18.04 and Antrea CNI (with latest versions). For me, this is an easy way to spin up a cluster to mess around with or do some quick testing. A couple other ways that I’ve used and love are KinD (here) and simply enabling it in Docker for Desktop (probably the easiest way for most).

To start, you’ll need a single Ubuntu 18.04 machine. I’ve done this on AWS, and using VMware Workstation on my laptop and it’s worked well on both. The recommendation is to make sure you have 2 vCPU and 2 Gb RAM. (and if you use the script below, the install will fail without these resources)

To prepare the Ubuntu machine for k8s we need to install Docker (original Docker doc):

sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install -y docker-ce

sudo usermod -aG docker $USER 

In the commands above, Docker was added to the apt repository then downloaded and installed. Then we added our current user to the Docker group so we don’t have to use sudo with all the Docker commands. If someone knows differently, please let me know, but it has always required a restart for me for that to take effect. Which we will do after we download the rest of the required k8s system components, cli and kubelet.

sudo apt-get update && sudo apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

sudo reboot

With that, we should have everything needed to continue. Before we begin the Kubeadm bootstrap, we need to ensure swap is turned off because it will cause us problems if we don’t.

#turn off swap
sudo swapoff -a 

#initialize master cluster
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 

#Remove taint from master to use that node
kubectl taint nodes --all node-role.kubernetes.io/master-

#get cluster credentials and copy them into our kube-config file
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

#apply antrea CNI network latest version
sudo kubectl apply -f https://raw.githubusercontent.com/vmware-tanzu/antrea/master/build/yamls/antrea.yml

In the code above, we turn off swap for this machine and then pull down the Kubeadm images that are used to create our cluster components. This includes our API server, etcd database, controller manager, and scheduler.

After that we are initializing our cluster with the kubeadm init --cidr= command. The network address range we pass in here will be used for our pods and controlled by Antrea, which we are installing in the next command. **Important to grab the token given by Kubeadm if you want to grow your cluster with additional worker nodes!

After that, we are simply removing the taint from the master node so that we can run our pod/container workloads on the same node. By default, a taint is applied to the master so that workloads do not interfere with the operation of our control plane….obviously the right thing to do when it matters!

Make it faster for me: https://github.com/fitz0017/k8s

I have the script broken down into 2 parts, because I can’t get Docker to run properly without a full reboot. To run the scripts, log into your Ubuntu machine that has 2 CPU and at least 2Gb RAM and:

git clone https://github.com/fitz0017/k8s.git
source k8s/install_k8s_1.sh

At this point you may need to input your sudo password, and select ‘yes’ when asking if you will allow for system services to be restarted, if doing this on Workstation.

When that completes, you should see a full reboot of your Ubuntu machine. So log yourself back in and:

source k8s/install_k8s.sh 

This will kick off the initialization of the cluster and application of the Antrea CNI. Again, make sure to copy the discovery token output at the end of initialization if you want to grow this cluster.

From here, when ssh’d into that machine. You have access to a k8s cluster for testing and learning! Please tell me if you notice any problems or give feedback in the comments.

Good luck!

Weekly Update – Week of 12/09/2019

Updated KB Articles:
New KB articles published for the week ending 1 December, 2019

Upcoming Events:
Gartner IOCS – Las Vegas – 12/09/2019 to 12/12/2019 – Register
Dell Technologies Word 2020 – Las Vegas – 05/04/2020 to 05/07/2020 – Register

Upcoming Webinars:
vSAN View and Dashboard Development in vROps – 12/12/2019 – Register
vCenter Upgrades, What’s in it for You? – 12/17/2019 – Register
[Full Live Event List]

New Releases:
2019-11-22
VMware Horizon Cloud Connector [Download]

Weekly Update – Week of 12/2/2019

New and Noteworthy:
VMware Cloud on AWS Outposts Enters Beta – At AWS re:Invent 2019, VMware is announcing the VMware Cloud on AWS Outposts Beta program. We are begining the process for Beta nominations, so if you have an interest in expanding your AWS capabilities to your on-premises datacenter, definitely reach out to your solutions engineer ASAP. For those unfamiliar with the solution, VMware Cloud on AWS Outposts is a jointly engineered on-premises as-a-service offering, powered by VMware Cloud Foundation. It integrates our Software-Defined Data Center software that runs on next-generation, dedicated, elastic Amazon EC2 bare-metal infrastructure, delivered on-premises with optimized access to local and remote AWS cloud services.

Updated KB Articles:
New KB articles published for the week ending 1 December, 2019

Upcoming Events:
Gartner IOCS – Las Vegas – 12/09/2019 to 12/12/2019 – Register
Dell Technologies Word 2020 – Las Vegas – 05/04/2020 to 05/07/2020 – Register

Upcoming Webinars:
vSAN View and Dashboard Development in vROps – 12/12/2019 – Register
vCenter Upgrades, What’s in it for You? – 12/17/2019 – Register
[Full Live Event List]

New Releases:
2019-11-22
VMware Horizon Cloud Connector [Download]

Weekly Update – Week of 11/25/2019

New and Noteworthy:
Google buys CloudSimple – Google recently announced that they have completed their acquisition of CloudSimple, the leading VMware MaaS (Metal-as-a-Service) provider in Azure and Google’s Cloud Platform. “We believe in a multi-cloud world and will continue to provide choice for our customers to use the best technology in their journey to the cloud,” Rich Sanzi, a vice president of engineering at Google, wrote in a blog post on Monday. This appears to cement Google’s belief in the demand for VMware’s Cloud Foundation platform in the public cloud, but it will be interesting to see how Microsoft responds to the move.

VMware Reports Earnings on Tuesday, 11/26 – VMware will report earnings on 11/26, with analysts including RBC Capital expecting another quarter of strong results. VMware’s stock is up 14% since our last earnings call on 8/22.

Updated KB Articles:
New KB articles published for the week ending 17 November, 2019

Upcoming Events:
Gartner IOCS – Las Vegas – 12/09/2019 to 12/12/2019 – Register
Dell Technologies Word 2020 – Las Vegas – 05/04/2020 to 05/07/2020 – Register

Upcoming Webinars:
vSAN View and Dashboard Development in vROps – 12/12/2019 – Register
[Full Live Event List]

New Releases:
2019-11-22
VMware Horizon Cloud Connector [Download]

KubeCon 2019 – VMware Recap

VMware was very busy this year at KubeCon with the announcement of three new open source projects, a new podcast with rockstar hosts, and presenting lots of sessions.  These new open source projects are in addition to the already very popular and widely adopted Velero, Contour, Sonobuoy and Octant.  The commitment and number of employees at VMware working in the cloud native and open source space is truly impressive.

The first announcement was on Project Antrea, which is an open source CNI for Kubernetes based on Open vSwitch (OVS).  This project aims to deliver a simple and secure Kubernetes networking CNI.  One fantastic feature is it’s plugin for Octant, which is another developer-focused, open source project that gives a very powerful GUI for visibility and management of Kubernetes applications.  With Project Antrea and Octant, you can get even more visibility into your microservices and connectivity.

The next project announced was Project Hamlet, which is a joint effort between VMware, Google Anthos, HashiCorp and Pivotal, is an effort to create an interoperable API for the federation of service meshes.  The end goal being an API that allows for interconnectivity of service meshes across heterogeneous cloud environments.

The third project is Crash Diagnostics for Kubernetes, which is way to automate the investigation of unhealthy or unresponsive Kubernetes clusters.  It does this by automating the collection of diagnostics from all of the nodes within a cluster and bundling that into a TAR file for further analysis.

If that wasn’t enough, a new podcast, ‘The Podlets” was announced: https://blogs.vmware.com/cloudnative/2019/11/20/introducing-podlets-podcast-audio-guide-to-cloud-native-concepts/

The hosts include an impressive list of experts in cloud native and distributed system topics and great all around people.  This will be a great resource for keeping up on the latest news in the fast paced ecosystem.  Direct link to “The Podlets” is at thepodlets.io .  It will be available on the normal podcast distribution platforms, as well as the Cloud Native Applications YouTube Channel here.

Weekly Update – Week of 11/18/2019

New and Noteworthy:
Announcing Project Antrea – Open Source Kubernetes Networking – We are excited to announce Project Antrea – an open source networking and security project for Kubernetes clusters. Antrea uses Kubernetes extension mechanisms and the Open vSwitch (OVS) data plane to provide pod networking and help enforce network policies for Kubernetes clusters.

Security Advisory VMSA-2019-0020 – VMware has released Hypervisor-Specific Mitigations for two speculative-execution vulnerabilities impacting Intel processors known as Machine Check Error on Page Size Change (MCEPSC) and TSX Asynchronous Abort (TAA) identified by CVE-2018-12207 and CVE-2019-11135 respectively. Please see this page for details

Updated KB Articles:
New KB articles published for the week ending 9 November 2019
New KB articles published for the week ending 2 November 2019

Upcoming Events:
Gartner IOCS – Las Vegas – 12/09/2019 to 12/12/2019 – Register
Dell Technologies Word 2020 – Las Vegas – 05/04/2020 to 05/07/2020 – Register

Upcoming Webinars:
vSAN Encryption: Tales from the Field – 11/19/2019 – Register
Site Recovery Manager (SRM) 8.2: What’s New – 11/20/2019 – Register
What’s New with VMware Cloud Services – 11/21/2019 – Register
Instructor Hour covering ‘What’s New with VMware Cloud Services’ – 11/21/2019 – Register
vSAN View and Dashboard Development in vROps – 12/12/2019 – Register
[Full Live Event List]

New Releases:
2019-11-12
VMware Workstation 14.1.8 Pro for Windows [Download]
VMware Fusion 11.5.1 (for Intel-based Macs) [Download]
VMware Workstation 15.5.1 Pro for Windows [Download]
VMware Workstation 15.5.1 Pro for Linux [Download]

VMworld 2019 Europe Recap

Happy Sunday everyone, lets discuss some new announcements from our 2019 VMworld Europe conference.

Recap & Announcements:


– VMware Tanzu Progress and Design Principles: At VMworld US in San Francisco in August, Pat Gelsinger and Joe Beda were on stage to announce VMware Tanzu as a portfolio of products and services for customers that want to build, run and manage their applications on Kubernetes. Now here we are at VMworld Europe in Barcelona having made rapid progress toward our VMware Tanzu vision.

Please follow the link to our official blog for more details:
https://blogs.vmware.com/cloudnative/2019/11/05/vmware-tanzu-progress-design-principles/

Announcing VMware NSX Disributed IDS/IPS: Six years ago, VMware pioneered the concept of micro-segmentation to stop the internal, lateral spread of malware. We then launched the NSX Service-defined Firewall, an internal firewall that’s built into the hypervisor, distributed, and application aware. Shortly thereafter we introduced NSX Intelligence to automate security rule recommendations, streamlining the deployment of micro-segmentation. Now we are announcing that we will be taking internal security to the next level by introducing optional Intrusion Detection and Prevention (IDS/IPS) for our Service-defined Firewall. Built on the same philosophy, the new NSX Distributed IDS/IPS will allow enterprises to fortify applications across private and public clouds.

Please follow the link to our official blog for more details:
https://blogs.vmware.com/networkvirtualization/2019/11/extending-intrinsic-security.html/

– Interested in the Project Pacfic beta? Ever since we announced the technology preview of Project Pacific at VMworld 2019 back in August, customers and partners have been excited to hear more. It’s easy to see why. Leveraging vSphere to deploy and manage containers and Kubernetes infrastructure is a win-win for both vSphere administrators and application developers alike.

Please follow the link to our official blog for more details:
https://blogs.vmware.com/vsphere/2019/11/interested-in-the-project-pacific-beta.html

– VMware Introduces “Workspace ONE for Microsoft Endpoint Manager” to Enable Modern Management for Windows 10: VMware and Microsoft are working together to enable customers’ rapid move to modern management solutions that are built on cloud intelligence; and automate Windows 10 management tasks to help IT spend their precious time in the most impactful ways.

Please follow the link to our official blog for more details:
https://blogs.vmware.com/euc/2019/11/workspace-one-microsoft-endpoint-manager.html

– Announcing vRealize Network Insight 5.1: VMware is announcing the upcoming release of version 5.1 of both vRealize Network Insight and vRealize Network Insight Cloud. This next version of vRealize Network Insight will build on the momentum of the 5.0 release and include additional capabilities to help you discover, optimize and troubleshoot application security and network connectivity, no matter where the application livesdata center, cloud or even the branch.

Please follow the link to our official blog for more details:
https://blogs.vmware.com/management/2019/11/announcing-vrealize-network-insight-5-1.html

– Introducing Project Maestro: Today at VMworld Barcelona, VMware announced as a technology preview its new solution for telco cloud orchestration and automation: Project Maestro. This announcement heralds a critical milestone in VMware’s ongoing advancements in supporting the CSPs telco cloud transformation journey. This new purpose-built solution complements our growing Telco Cloud portfolio, providing capabilities that streamline network service orchestration and automation for any 4G and 5G networks.

Please follow the link to our official blog for more details:
https://blogs.vmware.com/telco/introducing-project-maestro/

——————————————————————————————————————-

VMworld Day 1 General Session Video:
https://www.youtube.com/watch?v=UHlo7aS_8Mc

VMworld Day 2 General Session Video:
https://www.youtube.com/watch?v=u3wWF-vTrzw

Weekly Update – Week of 10/28/2019

New and Noteworthy:
Dirk Hohndel, Chief Open Source Officer at VMware led an interview with Linus Torvalds at the Open Source Summit in France last week. They spent some time discussing how far the Linux kernel has come lately. Read about it here.

New Patches for vCenter, ESXi Released:
Those of you running any current version of vSphere (6.0, 6.5, 6.7) as well as Fusion and Workstation will want to get the new patches here:
* vCenter Server (an information disclosure bug)
* ESXi/Fusion/Workstation (denial of service flaw).

Updated KB Articles:
New KB articles published for the week ending 26 October 2019

Upcoming Events:
VMworld 2019 Europe – Barcelona – 11/04/2019 to 11/07/2019 – Register
KubeCon + CloudNativeCon – San Diego – 11/18/2019 to 11/21/2019 – Register
Gartner IOCS – Las Vegas – 12/09/2019 to 12/12/2019 – Register
Dell Technologies Word 2020 – Las Vegas – 05/04/2020 to 05/07/2020 – Register

Upcoming Webinars:
Tanzu: Any App, Any Cloud, Any Cluster – 11/13/2019 – Register
Troubleshooting vSphere HA and DRS Clusters – 11/14/2019 – Register
vSAN Encryption: Tales from the Field – 11/19/2019 – Register
Site Recovery Manager (SRM) 8.2: What’s New – 11/20/2019 – Register
What’s New with VMware Cloud Services – 11/21/2019 – Register
Instructor Hour covering ‘What’s New with VMware Cloud Services’ – 11/21/2019 – Register
vSAN View and Dashboard Development in vROps – 12/12/2019 – Register
[Full Live Event List]

New Releases:
2019-10-29
VMware Horizon 7.5.3 Standard (ESB Release) [Download]
VMware Horizon 7.5.3 Advanced (ESB Release) [Download]
VMware Horizon 7.5.3 Enterprise (ESB Release) [Download]
VMware App Volumes 2.14.8 (ESB Release) [Download]
VMware Horizon 7.5.3 Enterprise Add-On [Download]