Kubernetes を使用したネットワークの可視性

このページでは、Kubernetes で実行されているアプリケーションをモニタするようにネットワークの可視性を設定する方法について説明します。

ネットワークの可視性では、アプリケーションのネットワーク上でのやり取りを監視し、主要なパフォーマンスメトリックを報告します。これらのメトリックでは、アプリケーションのネットワークの問題がアプリケーションの問題から分離されます。

ネットワークエージェントは、REST API を使用してアプリケーションコンテナの各ノードで TCP ポートを開き、ネットワーク DaemonSet コンテナと通信します。この通信により、ポッドとノード間のモニタリングが可能になります。エージェントを、ホストモードが有効になっている各ノードで DaemonSet として展開できます。

Before You Begin

Before you create a Docker image for the DaemonSet and configure the agent, verify the following requirements:

You have at least one pod with a Java Agent >= 4.4 deployed to the same cluster as the Network Agent.
The TCP port 3892 is not already used by the node. The application pods use port 3892 to communicate with the DaemonSet.
Network Visibility supports Red Hat Enterprise Linux (RHEL) versions 4.15 and 4.16 on AWS.

Create a Network Visibility DaemonSet Docker Image

To configure Network Visibility with Kubernetes, you must first create a Docker image for the Network Visibility DaemonSet and push the image to your Docker Trusted Registry.

Paste this sample Dockerfile into a text file and save the file.

FROM ubuntu:14.04
ARG NETVIZ_ZIP_PKG
RUN groupadd -r appd-netviz && useradd -r -g appd-netviz appd-netviz
RUN apt-get update && apt-get install -y \
net-tools \
tcpdump \
curl  \
unzip   \
ssh-client \
binutils \
build-essential
WORKDIR /netviz-agent
# copy NetViz agent contents
COPY $NETVIZ_ZIP_PKG .
# run the agent install script and disable netlib
RUN unzip $NETVIZ_ZIP_PKG && ./install.sh \
&& sed -i -e "s|enable_netlib = 1|enable_netlib = 0|g" ./conf/agent_config.lua \
&& sed -i -e "s|WEBSERVICE_IP=.*|WEBSERVICE_IP=\"0.0.0.0\"|g" ./conf/agent_config.lua
RUN chown -R appd-netviz:appd-netviz /netviz-agent
RUN setcap cap_net_raw=eip /netviz-agent/bin/appd-netagent
USER appd-netviz
# default command to run for the agent
CMD  ./bin/appd-netagent -c ./conf -l ./logs -r ./run

Navigate to the directory where you saved the Dockerfile and build the Docker image by entering the following command:
```
$ docker build --build-arg NETVIZ_ZIP_PKG=/path/to/netviz-agent-pkg.zip -t appd-netviz .
```
Push the Docker image to your Docker Trusted Registry.

Configure Network Visibility with Kubernetes

Create a yaml file with the following configuration:

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: DaemonSet
metadata:
name: appd-netviz-agent
spec:
selector:
matchLabels:
name: appd-netviz-agent
template:
metadata:
name: appd-netviz-agent
labels:
name: appd-netviz-agent
spec:
hostIPC: true
hostNetwork: true
containers:
- name: appd-netviz-agent
image: path/to/your/Docker/image # docker registry image
resources:
requests:
memory: "250Mi"
cpu: "0.5"
limits:
memory: "2Gi"
cpu: "1"
securityContext:
capabilities:
add: ["NET_RAW"]
ports:
- containerPort: 3892
hostPort: 3892
imagePullSecrets:
- name: your-registry-key # add the registry key, kubectl create secret ...

In the configuration file, update the following fields:
- image (under containers): the file path to the DaemonSet image in your Docker Trusted Registry.
- name (underimagePullSecrets): the key for your Docker Trusted Registry.
Deploy the Network Agent in Kubernetes by entering the following command:
```
$ kubectl apply -f MyConfigFile.yaml
```

Configure Network Visibility to Monitor Application Pods

After deploying Network Visibility in Kubernetes, you must deploy at least one pod with a Java Agent >= 4.4 to the same cluster as the Network Agent. This allows you to map network metrics to application flows.

Open the application's deployment configuration yaml file with Kubernetes in a text editor and set the APPDYNAMICS_NETVIZ_AGENT_HOST and APPDYNAMICS_NETVIZ_AGENT_PORT values:
```
- name: APPDYNAMICS_NETVIZ_AGENT_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: APPDYNAMICS_NETVIZ_AGENT_PORT
value: 3892
```
注: If you are using a version of the Java Agent that is <= 4.5.2, you must open the <app-agent-install-dir>/<version-number>/external-services/netviz/netviz-service.properties file to set these values.
In the Controller UI, enable socket instrumentation to map network metrics to application flows. See Set Up the Network and App Agents.