blog に戻る

2020年06月25日 Sumo Logic

Gaining Visibility Into Edge Computing with Kubernetes & Better Monitoring

Edge computing is likely the most interesting section of the broader world of IoT. If IoT is about connecting all the devices to the Internet, edge computing is about giving more processing power to devices at the edge. Edge computing views these edge devices as mini clouds or mini data centers. They each have their own mini servers, mini networking, mini storage, apps running on top of this infrastructure, and endpoint devices. Rather than sending data to the cloud for processing and receiving already-processed data from a central hub in the cloud, in edge computing all the processing happens on the edge device itself, or close to the edge device.

This is a revolutionary idea considering most organizations are still grappling with the shift from on-premise to cloud and multi-cloud. Even if they see the opportunity in edge computing, actually implementing a mesh of connected edge devices is easier said than done. Getting started may be easy by standing up a few devices at the edge and equipping them with enough infrastructure and an application layer to run a mini cloud at the edge. The hard part is managing and monitoring the edge. Day 2 is where the challenges really arise. Let’s look at some ways organizations can better prepare to monitor the edge.

Adopt a Kubernetes-Based Solution

If the edge is to function as a mini data center, it requires all the mature management and monitoring tools that a traditional data center needs – albeit in a smaller, more purpose-built package. Today, Kubernetes is the operating system for the data center and the public cloud. It follows that a cloud at the edge similarly needs a Kubernetes-like or Kubernetes-based solution.

The open-source community has risen to the challenge by creating two projects – KubeEdge and K3s – both stripped-down versions of Kubernetes (K8s), built for the edge. Any attempt to run an edge computing setup needs to start with opting for a Kubernetes-based solution like KubeEdge or K3s.

These tools come with much of the functionality of K8s, but shed weight whenever possible, and add enhancements where possible. They end up with lightweight binaries of 40 to 60MB and require a meager 30MB of memory when running. They adopt the same principles as Kubernetes, separating infrastructure from applications, allowing for a service mesh, having IAM and secrets management, and can be extended by integrating with external tools for things like monitoring. Let’s dive deeper into the approach these tools take when it comes to monitoring the edge.

Monitor Edge Devices & Their Cache

Edge computing involves interacting with the real world. Devices like sensors, smart home appliances and smart vehicles all take in data from the external world as well as process it. They further receive commands from a central cloud hub and act on it in the real world. These devices need monitoring 24/7. Even a slip-up of one second can be disastrous, as in the case of a self-driving car, for example. Device monitoring starts with monitoring multiple aspects of device health. The status of the devices should be updated at regular intervals, and any failures should be alerted according to their priority.

Device monitoring should go deeper though. This would include monitoring cache storage, which is a key aspect of edge devices. Due to having to make split-second decisions, edge devices don’t have the luxury of waiting for a response from a centralized cloud server. They handle processing in the device’s cache. This enables real-time data analysis. The cache should be monitored to avoid excess storage of temporary data. Data should be regularly deleted from the cache and this data should be stored persistently in the centralized cloud hub for use in troubleshooting later.

Monitor Edge Infrastructure

Beneath the devices, there is a complex mini-cloud, complete with its own infrastructure, storage, and networking. This layer importantly needs to be monitored for the edge devices to function normally.

With KubeEdge or K3s, powering this layer of the edge, there is already mature logic built in. It requires monitoring nodes, pods, clusters, and containers – all Kubernetes-native concepts. The status and health of each of these components needs to be reported on. Particularly for pods, there’s a need to run readiness probes to ensure they’re in running state, and liveness probes to check their health. As with Kubernetes, these resources are all short-lived. However, as the resources change, the changes should be recorded to help with troubleshooting and root-cause analysis.

At the networking layer, what’s required is a service mesh approach using tools like Istio. Though this is not supported at the time of this writing, it’s in the works and is on the roadmap for these tools. Still, these tools already support the monitoring of messages sent and received from each component within the system.

Monitor the Edge for Security Vulnerabilities

IAM is the centerpiece for data center security. With it, Admins give users and applications access to resources and revoke access periodically. KubeEdge and K3s have separate IAM modules to fully control access, authorization, and authentication of resources at the edge. This was previously thought of as overkill for IoT devices; but today, with more powerful edge computing devices, IAM is a prerequisite.

Within IAM, a key component is secrets management. These solutions also include mature secrets management capabilities, complete with auto-rotation of secrets. The secrets can be issued for specific parts of the system, and based on pre-configured policies and rules. This way, security is proactively enforced and the blast radius of an attack is greatly limited. In a world where smart devices are often the cause of numerous DDoS attacks, this type of intelligent and deliberate secrets management is a breath of fresh air.

In conclusion, monitoring the edge need not be compromised. We can find inspiration from mainstream cloud and data-center monitoring principles. Yet, we need to apply them afresh at the edge. Thanks to tools like KubeEdge and K3s, the building blocks are in place. The edge is ready to expand to new frontiers. Organizations that venture out to the edge should know what to monitor every step of the way.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Navigate Kubernetes with Sumo Logic.

Build, run, and secure modern applications and cloud infrastructures.

Start free trial

Sumo Logic

More posts by Sumo Logic.

これを読んだ人も楽しんでいます