Updated on April 30, 2018 by UpGuard
Containers are all the rage these days, and for good reason: technologies such as Docker and CoreOS drastically simplify the packaging and shipping of applications, enabling them to scale without additional hardware or virtual machines. But with these benefits come issues related to management overhead and complexity—namely, how can developers quickly achieve visibility and validate configurations across distributed container clusters? The answer is with UpGuard's new etcd monitoring capabilities.
What is etcd?
Etcd—short for "/etc distributed"—is an open source distributed key-value store developed for CoreOS. Its name is a play on the "/etc" directory, where most of the system configuration files live on UNIX machines. Etcd extends this notion to distributed systems, offering a reliable mechanism to store data (e.g., configurations) across a cluster of machines.
Though initially designed for CoreOS clusters, etcd has been adopted by a myriad of cluster management solutions. Kubernetes—Google's container cluster manager for Docker—is built on top of etcd. Apache Mesos, Pivotal Cloud Foundry, Fleet, and over 500 GitHub projects also use it for service discovery, cluster coordination, and shared configuration and state management.
Etcd enables the discovery and management of state/configurations across all nodes in a cluster, serving as the single source of truth for maintaining integrity in distributed systems. A common use case involves using it to store database connection settings. In this scenario, an application's database backend is contained as a microservice with connection settings stored in etcd. The application can then be set to monitor the database container instances and dynamically reconfigure them if the need arises.
How does UpGuard monitor etcd keys?
As mentioned previously, etcd stores configuration data in key/value pairs. UpGuard monitors and ingests these configuration items like any other IT assets in the environment. Once captured by our platform, configurations can be diffed for inconsistencies and automatically monitored for policy deviations and unauthorized changes.
The platform's single pane of glass view makes spotting inconsistencies and misconfigurations across distributed systems a trivial affair. Clicking on an etcd key name displays its value on the right-hand side.
Why does this matter?
Modern organizations offering highly-available, mission critical applications and services require innovations like CoreOS, Docker, and Kubernetes to remain competitive. These technologies invariably add more moving parts and infrastructure complexity to the mix. And up until now, IT operations had no easy way to gain visibility into how their CoreOS or Kubernetes clusters were configured. Using UpGuard's new etcd monitoring capabilities, organizations can eliminate this opaqueness with full visibility into container configurations—where critical differences are, what changes have been made over time, and more. Our platform enables forward-thinking organizations to adopt cutting-edge technologies like Docker/Kubernetes and CoreOS without sacrificing control of their IT environments.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.