Kata implement CRI's API and support ContainerStats and ListContainerStats interfaces to expose containers metrics. User can use these interface to get basic metrics about container.
But unlike runc, Kata is a VM-based runtime and has a different architecture.
Kata 1.x has a number of limitations related to observability that may be obstacles to running Kata Containers at scale.
In Kata 2.0, the following components will be able to provide more details about the system.
- containerd shim v2 (effectively
kata-runtime) - Hypervisor statistics
- Agent process
- Guest OS statistics
Note: In Kata 1.x, the main user-facing component was the runtime (
kata-runtime). From 1.5, Kata then introduced the Kata containerd shim v2 (containerd-shim-kata-v2) which is essentially a modified runtime that is loaded by containerd to simplify and improve the way VM-based containers are created and managed.For Kata 2.0, the main component is the Kata containerd shim v2, although the deprecated
kata-runtimebinary will be maintained for a period of time.Any mention of the "Kata runtime" in this document should be taken to refer to the Kata containerd shim v2 unless explicitly noted otherwise (for example by referring to it explicitly as the
kata-runtimebinary).
Kata 2.0 metrics strongly depend on Prometheus, a graduated project from CNCF.
Kata Containers 2.0 introduces a new Kata component called kata-monitor which is used to monitor the other Kata components on the host. It's the monitor interface with Kata runtime, and we can do something like these:
- Get metrics
- Get events
In this document we will cover metrics only. And until now it only supports metrics function.
This is the architecture overview metrics in Kata Containers 2.0.
And the sequence diagram is shown below:
For a quick evaluation, you can check out this how to.
kata-monitor is a management agent on one node, where many Kata containers are running. kata-monitor's work include:
Note: node is a single host system or a node in K8s clusters.
- Aggregate sandbox metrics running on this node, and add
sandbox_idlabel - As a Prometheus target, all metrics from Kata shim on this node will be collected by Prometheus indirectly. This can easy the targets count in Prometheus, and also need not to expose shim's metrics by
ip:port
Only one kata-monitor process are running on one node.
kata-monitor is using a different communication channel other than that conatinerd communicating with Kata shim, and Kata shim listen on a new socket address for communicating with kata-monitor.
The way kata-monitor get shim's metrics socket file(monitor_address) like that containerd get shim address. The socket is an abstract socket and saved as file abstract with the same directory of address for containerd.
Note: If there is no Prometheus server is configured, i.e., there is no scrape operations,
kata-monitorwill do nothing initiative.
Runtime is responsible for:
- Gather metrics about shim process
- Gather metrics about hypervisor process
- Gather metrics about running sandbox
- Get metrics from Kata agent(through
ttrpc)
Agent is responsible for:
- Gather agent process metrics
- Gather guest OS metrics
And in Kata 2.0, agent will add a new interface:
rpc GetMetrics(GetMetricsRequest) returns (Metrics);
message GetMetricsRequest {}
message Metrics {
string metrics = 1;
}
The metrics field is Prometheus encoded content. This can avoid defining a fixed structure in protocol buffers.
Metrics should not become the bottleneck of system, downgrade the performance, and run with minimal overhead.
Requirements:
- Metrics MUST be quick to collect
- Metrics MUST be small.
- Metrics MUST be generated only if there are subscribers to the Kata metrics service
- Metrics MUST be stateless
In Kata 2.0, metrics are collected mainly from /proc filesystem, and consumed by Prometheus, based on a pull mode, that is mean if there is no Prometheus collector is running, so there will be zero overhead if nobody cares the metrics.
Metrics service also doesn't hold any metrics in memory.
| * | No Sandbox | 1 Sandbox | 2 Sandboxes |
|---|---|---|---|
| Metrics count | 39 | 106 | 173 |
| Metrics size(bytes) | 9K | 144K | 283K |
Metrics size(gzipped, bytes) |
2K | 10K | 17K |
Metrics size: Response size of one Prometheus scrape request.
It's easy to estimated that if there are 10 sandboxes running in the host, the size of one metrics fetch request issued by Prometheus will be about to 9 + (144 - 9) * 10 = 1.35M (not gzipped) or 2 + (10 - 2) * 10 = 82K (gzipped). Of course Prometheus support gzip compression, that can reduce the response size of every request.
And here is some test data:
- End-to-end (from Prometheus server to
kata-monitorandkata-monitorwrite response back): 20ms(avg) - Agent(RPC all from shim to agent): 3ms(avg)
Test infrastructure:
- OS: Ubuntu 20.04
- Hardware: Intel(R) Core(TM) i5-8500 CPU @ 3.00GHz, 6 Cores, and 16GB memory.
Scrape interval
Prometheus default scrape_interval is 1 minute, and usually it is set to 15s. Small scrape_interval will cause more overhead, so user should set it on monitor demand.
Here listed is all supported metrics by Kata 2.0. Some metrics is dependent on guest kernels in the VM, so there may be some different by your environment.
Metrics is categorized by component where metrics are collected from and for.
- Metric types
- Kata agent metrics
- Firecracker metrics
- Kata guest OS metrics
- Hypervisor metrics
- Kata monitor metrics
- Kata containerd shim v2 metrics
Note:
- Labels here are not include
instanceandjoblabels that added by Prometheus.- Notes about metrics unit
Kibibytes, abbreviatedKiB. 1KiBequals 1024 B.- For some metrics (like network devices statistics from file
/proc/net/dev), unit is depend on label( for examplerecv_bytesandrecv_packetsare having different units).- Most of these metrics is collected from
/procfilesystem, so the unit of metrics are keeping the same unit as/proc. See theproc(5)manual page for further details.
Prometheus offer four core metric types.
-
Counter: A counter is a cumulative metric that represents a single monotonically increasing counter whose value can only increase.
-
Gauge: A gauge metric represents a single numerical value that can go up and down, typically used for measured values like current memory usage.
-
Histogram: A histogram samples observations (usually things like request durations or response sizes) and counts them in configurable buckets.
-
Summary: A summary samples observations like histogram, it can calculate configurable quantiles over a sliding time window.
See Prometheus metric types for detailed explanations about these metric types.
Agent's metrics contains metrics about agent process.
| Metric name | Type | Units | Labels | Introduced in Kata version |
|---|---|---|---|---|
kata_agent_io_stat: Agent process IO stat. |
GAUGE |
|
2.0.0 | |
kata_agent_proc_stat: Agent process stat. |
GAUGE |
|
2.0.0 | |
kata_agent_proc_status: Agent process status. |
GAUGE |
|
2.0.0 | |
kata_agent_process_cpu_seconds_total: Total user and system CPU time spent in seconds. |
COUNTER |
seconds |
|
2.0.0 |
kata_agent_process_max_fds: Maximum number of open file descriptors. |
GAUGE |
|
2.0.0 | |
kata_agent_process_open_fds: Number of open file descriptors. |
GAUGE |
|
2.0.0 | |
kata_agent_process_resident_memory_bytes: Resident memory size in bytes. |
GAUGE |
bytes |
|
2.0.0 |
kata_agent_process_start_time_seconds: Start time of the process since unix epoch in seconds. |
GAUGE |
seconds |
|
2.0.0 |
kata_agent_process_virtual_memory_bytes: Virtual memory size in bytes. |
GAUGE |
bytes |
|
2.0.0 |
kata_agent_scrape_count: Metrics scrape count |
COUNTER |
|
2.0.0 | |
kata_agent_total_rss: Agent process total rss size |
GAUGE |
|
2.0.0 | |
kata_agent_total_time: Agent process total time |
GAUGE |
|
2.0.0 | |
kata_agent_total_vm: Agent process total vm size |
GAUGE |
|
2.0.0 |
Metrics for Firecracker vmm.
| Metric name | Type | Units | Labels | Introduced in Kata version |
|---|---|---|---|---|
kata_firecracker_api_server: Metrics related to the internal API server. |
GAUGE |
|
2.0.0 | |
kata_firecracker_block: Block Device associated metrics. |
GAUGE |
|
2.0.0 | |
kata_firecracker_get_api_requests: Metrics specific to GET API Requests for counting user triggered actions and/or failures. |
GAUGE |
|
2.0.0 | |
kata_firecracker_i8042: Metrics specific to the i8042 device. |
GAUGE |
|
2.0.0 | |
kata_firecracker_latencies_us: Performance metrics related for the moment only to snapshots. |
GAUGE |
|
2.0.0 | |
kata_firecracker_logger: Metrics for the logging subsystem. |
GAUGE |
|
2.0.0 | |
kata_firecracker_mmds: Metrics for the MMDS functionality. |
GAUGE |
|
2.0.0 | |
kata_firecracker_net: Network-related metrics. |
GAUGE |
|
2.0.0 | |
kata_firecracker_patch_api_requests: Metrics specific to PATCH API Requests for counting user triggered actions and/or failures. |
GAUGE |
|
2.0.0 | |
kata_firecracker_put_api_requests: Metrics specific to PUT API Requests for counting user triggered actions and/or failures. |
GAUGE |
|
2.0.0 | |
kata_firecracker_rtc: Metrics specific to the RTC device. |
GAUGE |
|
2.0.0 | |
kata_firecracker_seccomp: Metrics for the seccomp filtering. |
GAUGE |
|
2.0.0 | |
kata_firecracker_signals: Metrics related to signals. |
GAUGE |
|
2.0.0 | |
kata_firecracker_uart: Metrics specific to the UART device. |
GAUGE |
|
2.0.0 | |
kata_firecracker_vcpu: Metrics specific to VCPUs' mode of functioning. |
GAUGE |
|
2.0.0 | |
kata_firecracker_vmm: Metrics specific to the machine manager as a whole. |
GAUGE |
|
2.0.0 | |
kata_firecracker_vsock: Vsock-related metrics. |
GAUGE |
|
2.0.0 |
Guest OS's metrics in hypervisor.
| Metric name | Type | Units | Labels | Introduced in Kata version |
|---|---|---|---|---|
kata_guest_cpu_time: Guest CPU stat. |
GAUGE |
|
2.0.0 | |
kata_guest_diskstat: Disks stat in system. |
GAUGE |
|
2.0.0 | |
kata_guest_load: Guest system load. |
GAUGE |
|
2.0.0 | |
kata_guest_meminfo: Statistics about memory usage on the system. |
GAUGE |
|
2.0.0 | |
kata_guest_netdev_stat: Guest net devices stats. |
GAUGE |
|
2.0.0 | |
kata_guest_tasks: Guest system load. |
GAUGE |
|
2.0.0 | |
kata_guest_vm_stat: Guest virtual memory stat. |
GAUGE |
|
2.0.0 |
Hypervisors metrics, collected mainly from proc filesystem of hypervisor process.
| Metric name | Type | Units | Labels | Introduced in Kata version |
|---|---|---|---|---|
kata_hypervisor_fds: Open FDs for hypervisor. |
GAUGE |
|
2.0.0 | |
kata_hypervisor_io_stat: Process IO statistics. |
GAUGE |
|
2.0.0 | |
kata_hypervisor_netdev: Net devices statistics. |
GAUGE |
|
2.0.0 | |
kata_hypervisor_proc_stat: Hypervisor process statistics. |
GAUGE |
|
2.0.0 | |
kata_hypervisor_proc_status: Hypervisor process status. |
GAUGE |
|
2.0.0 | |
kata_hypervisor_threads: Hypervisor process threads. |
GAUGE |
|
2.0.0 |
Metrics about monitor itself.
| Metric name | Type | Units | Labels | Introduced in Kata version |
|---|---|---|---|---|
kata_monitor_go_gc_duration_seconds: A summary of the pause duration of garbage collection cycles. |
SUMMARY |
seconds |
2.0.0 | |
kata_monitor_go_goroutines: Number of goroutines that currently exist. |
GAUGE |
2.0.0 | ||
kata_monitor_go_info: Information about the Go environment. |
GAUGE |
|
2.0.0 | |
kata_monitor_go_memstats_alloc_bytes: Number of bytes allocated and still in use. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_alloc_bytes_total: Total number of bytes allocated, even if freed. |
COUNTER |
bytes |
2.0.0 | |
kata_monitor_go_memstats_buck_hash_sys_bytes: Number of bytes used by the profiling bucket hash table. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_frees_total: Total number of frees. |
COUNTER |
2.0.0 | ||
kata_monitor_go_memstats_gc_cpu_fraction: The fraction of this program's available CPU time used by the GC since the program started. |
GAUGE |
2.0.0 | ||
kata_monitor_go_memstats_gc_sys_bytes: Number of bytes used for garbage collection system metadata. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_heap_alloc_bytes: Number of heap bytes allocated and still in use. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_heap_idle_bytes: Number of heap bytes waiting to be used. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_heap_inuse_bytes: Number of heap bytes that are in use. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_heap_objects: Number of allocated objects. |
GAUGE |
2.0.0 | ||
kata_monitor_go_memstats_heap_released_bytes: Number of heap bytes released to OS. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_heap_sys_bytes: Number of heap bytes obtained from system. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_last_gc_time_seconds: Number of seconds since 1970 of last garbage collection. |
GAUGE |
seconds |
2.0.0 | |
kata_monitor_go_memstats_lookups_total: Total number of pointer lookups. |
COUNTER |
2.0.0 | ||
kata_monitor_go_memstats_mallocs_total: Total number of mallocs. |
COUNTER |
2.0.0 | ||
kata_monitor_go_memstats_mcache_inuse_bytes: Number of bytes in use by mcache structures. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_mcache_sys_bytes: Number of bytes used for mcache structures obtained from system. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_mspan_inuse_bytes: Number of bytes in use by mspan structures. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_mspan_sys_bytes: Number of bytes used for mspan structures obtained from system. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_next_gc_bytes: Number of heap bytes when next garbage collection will take place. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_other_sys_bytes: Number of bytes used for other system allocations. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_stack_inuse_bytes: Number of bytes in use by the stack allocator. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_stack_sys_bytes: Number of bytes obtained from system for stack allocator. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_memstats_sys_bytes: Number of bytes obtained from system. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_go_threads: Number of OS threads created. |
GAUGE |
2.0.0 | ||
kata_monitor_process_cpu_seconds_total: Total user and system CPU time spent in seconds. |
COUNTER |
seconds |
2.0.0 | |
kata_monitor_process_max_fds: Maximum number of open file descriptors. |
GAUGE |
2.0.0 | ||
kata_monitor_process_open_fds: Number of open file descriptors. |
GAUGE |
2.0.0 | ||
kata_monitor_process_resident_memory_bytes: Resident memory size in bytes. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_process_start_time_seconds: Start time of the process since unix epoch in seconds. |
GAUGE |
seconds |
2.0.0 | |
kata_monitor_process_virtual_memory_bytes: Virtual memory size in bytes. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_process_virtual_memory_max_bytes: Maximum amount of virtual memory available in bytes. |
GAUGE |
bytes |
2.0.0 | |
kata_monitor_running_shim_count: Running shim count(running sandboxes). |
GAUGE |
2.0.0 | ||
kata_monitor_scrape_count: Scape count. |
COUNTER |
2.0.0 | ||
kata_monitor_scrape_durations_histogram_milliseconds: Time used to scrape from shims |
HISTOGRAM |
milliseconds |
2.0.0 | |
kata_monitor_scrape_failed_count: Failed scape count. |
COUNTER |
2.0.0 |
Metrics about Kata containerd shim v2 process.
| Metric name | Type | Units | Labels | Introduced in Kata version |
|---|---|---|---|---|
kata_shim_agent_rpc_durations_histogram_milliseconds: RPC latency distributions. |
HISTOGRAM |
milliseconds |
|
2.0.0 |
kata_shim_fds: Kata containerd shim v2 open FDs. |
GAUGE |
|
2.0.0 | |
kata_shim_go_gc_duration_seconds: A summary of the pause duration of garbage collection cycles. |
SUMMARY |
seconds |
|
2.0.0 |
kata_shim_go_goroutines: Number of goroutines that currently exist. |
GAUGE |
|
2.0.0 | |
kata_shim_go_info: Information about the Go environment. |
GAUGE |
|
2.0.0 | |
kata_shim_go_memstats_alloc_bytes: Number of bytes allocated and still in use. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_alloc_bytes_total: Total number of bytes allocated, even if freed. |
COUNTER |
bytes |
|
2.0.0 |
kata_shim_go_memstats_buck_hash_sys_bytes: Number of bytes used by the profiling bucket hash table. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_frees_total: Total number of frees. |
COUNTER |
|
2.0.0 | |
kata_shim_go_memstats_gc_cpu_fraction: The fraction of this program's available CPU time used by the GC since the program started. |
GAUGE |
|
2.0.0 | |
kata_shim_go_memstats_gc_sys_bytes: Number of bytes used for garbage collection system metadata. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_heap_alloc_bytes: Number of heap bytes allocated and still in use. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_heap_idle_bytes: Number of heap bytes waiting to be used. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_heap_inuse_bytes: Number of heap bytes that are in use. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_heap_objects: Number of allocated objects. |
GAUGE |
|
2.0.0 | |
kata_shim_go_memstats_heap_released_bytes: Number of heap bytes released to OS. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_heap_sys_bytes: Number of heap bytes obtained from system. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_last_gc_time_seconds: Number of seconds since 1970 of last garbage collection. |
GAUGE |
seconds |
|
2.0.0 |
kata_shim_go_memstats_lookups_total: Total number of pointer lookups. |
COUNTER |
|
2.0.0 | |
kata_shim_go_memstats_mallocs_total: Total number of mallocs. |
COUNTER |
|
2.0.0 | |
kata_shim_go_memstats_mcache_inuse_bytes: Number of bytes in use by mcache structures. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_mcache_sys_bytes: Number of bytes used for mcache structures obtained from system. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_mspan_inuse_bytes: Number of bytes in use by mspan structures. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_mspan_sys_bytes: Number of bytes used for mspan structures obtained from system. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_next_gc_bytes: Number of heap bytes when next garbage collection will take place. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_other_sys_bytes: Number of bytes used for other system allocations. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_stack_inuse_bytes: Number of bytes in use by the stack allocator. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_stack_sys_bytes: Number of bytes obtained from system for stack allocator. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_memstats_sys_bytes: Number of bytes obtained from system. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_go_threads: Number of OS threads created. |
GAUGE |
|
2.0.0 | |
kata_shim_io_stat: Kata containerd shim v2 process IO statistics. |
GAUGE |
|
2.0.0 | |
kata_shim_netdev: Kata containerd shim v2 network devices statistics. |
GAUGE |
|
2.0.0 | |
kata_shim_pod_overhead_cpu: Kata Pod overhead for CPU resources(percent). |
GAUGE |
percent |
|
2.0.0 |
kata_shim_pod_overhead_memory_in_bytes: Kata Pod overhead for memory resources(bytes). |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_proc_stat: Kata containerd shim v2 process statistics. |
GAUGE |
|
2.0.0 | |
kata_shim_proc_status: Kata containerd shim v2 process status. |
GAUGE |
|
2.0.0 | |
kata_shim_process_cpu_seconds_total: Total user and system CPU time spent in seconds. |
COUNTER |
seconds |
|
2.0.0 |
kata_shim_process_max_fds: Maximum number of open file descriptors. |
GAUGE |
|
2.0.0 | |
kata_shim_process_open_fds: Number of open file descriptors. |
GAUGE |
|
2.0.0 | |
kata_shim_process_resident_memory_bytes: Resident memory size in bytes. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_process_start_time_seconds: Start time of the process since unix epoch in seconds. |
GAUGE |
seconds |
|
2.0.0 |
kata_shim_process_virtual_memory_bytes: Virtual memory size in bytes. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_process_virtual_memory_max_bytes: Maximum amount of virtual memory available in bytes. |
GAUGE |
bytes |
|
2.0.0 |
kata_shim_rpc_durations_histogram_milliseconds: RPC latency distributions. |
HISTOGRAM |
milliseconds |
|
2.0.0 |
kata_shim_threads: Kata containerd shim v2 process threads. |
GAUGE |
|
2.0.0 |