Observability for GitOps pipelines
Observability and monitoring may sound similar, but they are different. In this post, understand the difference, and how to implement both in a GitOps pipeline.
Continuous AWS Cloud Security with Trusted Delivery
Progressive Delivery: Towards Continuous Resilience with Flagger & Weave GitOps
Safety Fast with Weave GitOps Trusted & Progressive Delivery
With the growing complexity of modern cloud-native systems, observability is more important than ever. Without it, any Platform Architect or DevOps Engineer would be flying blind. GitOps has provided a set of practices for building and managing development platforms and production Kubernetes clusters. Yet, there is no room for compromise with observability when it comes to a GitOps pipeline. You cannot manage what you cannot see. That’s why in this post we look at the leading observability and monitoring solutions for GitOps available today.
Observability and monitoring:
The terms ‘observability’ and ‘monitoring’ are often used interchangeably. However, there is a difference between them. Observability involves collecting data about different parts of a system. Monitoring involves alerting on abnormal data. Monitoring tracks the system’s health, whereas observability enables you to deep-dive into issues and debug them. Monitoring tells you that something is wrong, and observability tells you where the issue is and how you can fix it.
Key factors in GitOps observability
There are a few primary factors that affect the level of observability in a GitOps system:
1. Monitoring metrics
Monitoring is used to track the health of a system. It can include up/downtime, disk/memory utilization, service availability, or application status - all of which can be monitored by predefining metrics and configuring parameters. The most widely used open source monitoring tools with GitOps are Prometheus and Grafana.
2. Logs and event data
After every event or code execution, logs are generated that record all activity details with metadata. These logs are analyzed to detect and debug issues. Logs have always been an essential part of observability, and it’s no different with GitOps as well.
In a distributed Kubernetes system, there are numerous services communicating with each other. This communication is tracked in the form of traces. This tracing data tracks the path of every network request, and helps to pinpoint at which point any request fails or experiences latency.
By aggregating tracing and logging data, you can profile a system and detect performance bottlenecks more easily.
4. Data visualization
Visualization is one of the key factors while monitoring infrastructure, systems, and applications. Looking at raw observability data can hinder operations, delay resolutions, and impact overall performance. This is why data, when it is retrieved from monitoring, logging, and tracing, should be aggregated and displayed in a visual way. Visualization brings all the data together in a meaningful way, and greatly reduces MTTR (mean time to resolution).
The essential observability tools for GitOps
Primarily used for event monitoring, Prometheus delivers time-series data in a structured format and reports on the performance of production Kubernetes clusters and Flux controllers. In large-scale systems, the monitoring data being churned out is on a large scale as well. In these cases, Prometheus is highly scalable, with capabilities such as functional sharding and federation.
Because of its user-friendly interface, accurate alerting, various custom libraries, and integrations, Prometheus (along with Grafana) is one of the most widely-used open source tools for GitOps monitoring.
Grafana and Prometheus are like two sides of the same coin. Prometheus collects metrics, while Grafana helps to visualize, and gain insight from these metrics. Grafana can be connected to multiple data sources like Prometheus, Elastic Stack, Telegraf, MySQL, and Graphite. It then presents the accumulated data in the form of interactive dashboards, charts, heatmaps, histograms, geomaps, alerting, and more. This provides accurate and concise visualization of monitoring data to analyze any GitOps pipeline.
Fluentd is the most widely used logging tool for collecting and transporting logs. It can be put to good use in a GitOps pipeline to deliver granular details on every event. Primarily a log collector, Fluentd is not built to analyze logs. For analysis, Fluentd ships logs to Elasticsearch, Grafana Loki, or your favorite log analysis tool.
Jaeger is the most widely-used distributed tracing tool. Especially in a service mesh, which is the preferred networking model used in Kubernetes systems, distributed tracing is leveraged for better management and observability. Jaeger delivers call flow data in a visualized way which can further be utilized for troubleshooting and enhancing the latency and performance of the network whether it's in the production cluster, or in a GitOps pipeline.
Apart from monitoring and observability tools, the modern service mesh model is a surprisingly effective way to gain deeper observability into GitOps processes.
The role of a service mesh with GitOps observability
Service mesh tools like Istio and Linkerd depend on sidecars for network management and security implementations. These sidecars play a key role in network monitoring for Kubernetes and GitOps.
As pointed out by Nicolas Chaillan of the Department of Defense, Sidecars ensure that all traffic passes through them before any data packet enters or exits a container. This greatly enhances the security of a GitOps system. Sidecars can be independently updated and auto-injected despite the workload. This makes them effortless to implement at scale, and is a great way to ensure security is baked-in across all teams and workloads.
Weave GitOps brings it all together
The most convenient feature of modern cloud-native observability tools is their ability to integrate with existing tools. Weave GitOps leverages this strength to enable pluggable integrations with all these monitoring tools for better observability into your GitOps pipeline.
Get built-in, real-time feedback and control loops with Prometheus for observability where problems can be detected and tracked down, preventing and recovering from entire cluster meltdowns more quickly, and reducing mean time to detect (MTTD) and mean time to locate (MTTL).
Apart from the open source tooling mentioned above, Weave GitOps also makes it easy to integrate with third-party commercial observability tools like DataDog, New Relic, SumoLogic, PagerDuty and more. The options are limitless, and there is sure to be something that delivers exactly the kind of observability your organization needs.
If you’re just getting started with GitOps, or are looking for a way to gain better observability into your supply chain, consider Weave GitOps and its long list of plug-n-play observability tools.