Alauda Container Platform

Network Observability

TOC

About DeepFlow

What is DeepFlow

The DeepFlow open-source project aims to provide deep observability for complex cloud-native and AI applications. DeepFlow implemented Zero Code data collection with eBPF for metrics, distributed tracing, request logs and function profiling, and is further integrated with SmartEncoding to achieve Full Stack correlation and efficient access to all observability data. With DeepFlow, cloud-native and AI applications automatically gain deep observability, removing the heavy burden of developers continually instrumenting code and providing monitoring and diagnostic capabilities covering everything from code to infrastructure for DevOps/SRE teams.

Using eBPF Technology

Assuming you have a basic understanding of eBPF, it is a secure and efficient technology for extending kernel functionality by running programs in a sandbox, a revolutionary innovation compared to traditional methods of modifying kernel source code and writing kernel modules. eBPF programs are event-driven, and when the kernel or user programs pass through an eBPF Hook, the corresponding eBPF program loaded at the Hook point will be executed. The Linux kernel predefines a series of commonly used Hook points, and you can also dynamically add custom Hook points in the kernel and applications using kprobe and uprobe technologies. Thanks to Just-in-Time (JIT) technology, the execution efficiency of eBPF code can be comparable to native kernel code and kernel modules. Thanks to the Verification mechanism, eBPF code will run safely without causing kernel crashes or entering infinite loops.

Software Architecture

DeepFlow consists of two components, Agent and Server. An Agent runs in each K8s node, legacy host and cloud host, and is responsible for AutoMetrics and AutoTracing data collection of all application processes on the host. Server runs in a K8s cluster and provides Agent management, tag injection, data ingest and query services.

Install DeepFlow

Introduction

Kernel Requirements

The eBPF capabilities (AutoTracing, AutoProfiling) in DeepFlow have the following kernel version requirements:

ArchitectureDistributionKernel VersionkprobeGolang uprobeOpenSSL uprobeperf
X86CentOS 7.93.10.0

1

YY

2

Y

2

Y
RedHat 7.63.10.0

1

YY

2

Y

2

Y
*4.9-4.13Y
4.14

3

YY

2

Y
4.15YY

2

Y
4.16YYY
4.17+YYYY
ARMCentOS 84.18YYYY
EulerOS5.10+YYYY
KylinOS V10 SP24.19.90-25.24+YYYY
KylinOS V10 SP34.19.90-52.24+YYYY
Other Distributions5.8+YYYY

Additional notes on kernel versions:

  1. CentOS 7.9 and RedHat 7.6 have backported some eBPF capabilities (opens new window)into the 3.10 kernel. In these two distributions, the detailed kernel versions supported by DeepFlow are as follows (dependent hook points):
    • 3.10.0-957.el7.x86_64
    • 3.10.0-1062.el7.x86_64
    • 3.10.0-1127.el7.x86_64
    • 3.10.0-1160.el7.x86_64
  2. Golang/OpenSSL processes inside containers are not supported.
  3. In kernel version 4.14, a tracepoint cannot be attached by multiple eBPF programs (e.g., two or more deepflow-agents cannot run simultaneously), this issue does not exist in other versions
NOTE

RedHat's statement:

The eBPF in Red Hat Enterprise Linux 7.6 is provided as Tech Preview and thus doesn't come with full support and is not suitable for deployment in production. It is provided with the primary goal to gain wider exposure, and potentially move to full support in the future. eBPF in Red Hat Enterprise Linux 7.6 is enabled only for tracing purposes, which allows attaching eBPF programs to probes, tracepoints and perf events.

Deployment Topology

Preparation

Storage Class

We recommend using Persistent Volumes to store MySQL and ClickHouse data to avoid unnecessary maintenance costs. You can provide a default Storage Class or add the --set global.storageClass=<your storageClass> parameter to select a Storage Class for creating PVC.

For more information on storage configuration, please refer to the Storage documentation.

Package

Download the DeepFlow package

Visit the Custom Portal to download the DeepFlow package.

If you don't have access to the Custom Portal, contact technical support.

Upload the package to the platform

Use the violet tool to publish the package to the platform.

For detailed instructions on using this tool, refer to the CLI.

Install

Create an application resource in the cpaas-system namespace to deploy DeepFlow. Here is an example manifest:

apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
  name: deepflow
  namespace: cpaas-system
  annotations:
    app.cpaas.io/chart.source: public-charts/deepflow-plugin
    app.cpaas.io/chart.version: v4.1.0
    app.cpaas.io/chart.values: |
      {
        "global": {
          "storageClass": "example-sc"
        },
        "server": {
          "service": {
            "type": "ClusterIP"
          }
        },
        "deepflow-agent": {
          "clusterNAME": "cluster1"
        },
        "grafana": {
          "adminUser": "admin",
          "adminPassword": "password",
          "service": {
            "type": "ClusterIP"
          },
          "grafana.ini": {
            "server": {
              "root_url": "%(protocol)s://%(domain)s/clusters/cluster1/deepflow",
              "serve_from_sub_path": true
            }
          }
        },
        "mysql": {
          "storageConfig": {
            "persistence": {
              "size": "50G"
            }
          }
        },
        "clickhouse": {
          "storageConfig": {
            "persistence": [
              {
                "accessModes": [
                  "ReadWriteOnce"
                ],
                "name": "clickhouse-path",
                "size": "100Gi",
                "storageClass": "{{ .Values.global.storageClass }}"
              },
              {
                "accessModes": [
                  "ReadWriteOnce"
                ],
                "name": "clickhouse-storage-path",
                "size": "200Gi",
                "storageClass": "{{ .Values.global.storageClass }}"
              }
            ]
          }
        }
      }
    cpaas.io/display-name: 'DeepFlow'
  labels:
    sync-from-helmrequest: 'true'
  1. Source of the DeepFlow chart. If you want to use a different chart, please contact technical support.
  2. Version of the DeepFlow chart. MUST match the version of the DeepFlow package uploaded to the platform.
  3. Storage Class used to create Persistent Volumes for MySQL and ClickHouse.
  4. Name of the cluster where DeepFlow is deployed.
  5. Username of the Grafana web UI. You can change it to your desired username.
  6. Password of the Grafana web UI. It's recommended to change it to a secure password.
  7. The root URL for Grafana web UI. You can change it to your desired URL.
  8. Size of the persistent volume for MySQL. Please adjust it according to your needs.
  9. Size of the persistent volume for ClickHouse path. Please adjust it according to your needs.
  10. Size of the persistent volume for ClickHouse storage path. Please adjust it according to your needs.

Wait for the application to be ready:

kubectl -n cpaas-system wait --for=jsonpath='{.spec.assemblyPhase}'=Succeeded application deepflow
kubectl -n cpaas-system rollout status statefulset deepflow-clickhouse
kubectl -n cpaas-system rollout status deployment deepflow-mysql
kubectl -n cpaas-system rollout status deployment deepflow-server
kubectl -n cpaas-system rollout status deployment deepflow-app
kubectl -n cpaas-system rollout status deployment deepflow-grafana
kubectl -n cpaas-system rollout status daemonset deepflow-agent

Configure Ingress for Grafana web UI

Create an Ingress resource to access the Grafana web UI. Here is an example manifest:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: http
    nginx.ingress.kubernetes.io/enable-cors: "true"
  name: deepflow-grafana
  namespace: cpaas-system
spec:
  ingressClassName: cpaas-system
  rules:
  - http:
      paths:
      - backend:
          service:
            name: deepflow-grafana
            port:
              number: 80
        path: /clusters/${CLUSTER_NAME}/deepflow($|/)(.*)
        pathType: ImplementationSpecific
  1. Ingress Class name. If you are installing DeepFlow in the global cluster, set it to global-alb2. You can also set it to your custom Ingress Class name.
  2. This path MUST match the root URL configured in the Application resource.

Access the Grafana web UI

You can access the Grafana web UI via the URL specified in the Ingress resource, and login with the username and password you set in the Application resource.

NOTICE

It's highly recommended to change the password after the first login.

Additional resources

View full docs as PDF