Containers are all the rage these days, and for good reason: technologies such as Docker and CoreOS drastically simplify the packaging and shipping of applications, enabling them to scale without additional hardware or virtual machines. But with these benefits come issues related to management overhead and complexity—namely, how can developers quickly achieve visibility and validate configurations across distributed container clusters? The answer is with UpGuard's new etcd scanning capabilities.
What is etcd?
Etcd—short for "/etc distributed"—is an open source distributed key-value store developed for CoreOS. Its name is a play on the "/etc" directory, where most of the system configuration files live on UNIX machines. Etcd extends this notion to distributed systems, offering a reliable mechanism to store data (e.g., configurations) across a cluster of machines.
Though initially designed for CoreOS clusters, etcd has been adopted by a myriad of cluster management solutions. Kubernetes—Google's container cluster manager for Docker—is built on top of etcd. Apache Mesos, Pivotal Cloud Foundry, Fleet, and over 500 GitHub projects also use it for service discovery, cluster coordination, and shared configuration and state management.
Etcd enables the discovery and management of state/configurations across all nodes in a cluster, serving as the single source of truth for maintaining integrity in distributed systems. A common use case involves using it to store database connection settings. In this scenario, an application's database backend is contained as a microservice with connection settings stored in etcd. The application can then be set to monitor the database container instances and dynamically reconfigure them if the need arises.
How does UpGuard scan etcd keys?
As mentioned previously, etcd stores configuration data in key/value pairs. UpGuard scans and ingests these configuration items like any other IT assets in the environment. Once captured by our platform, configurations can be diffed for inconsistencies and automatically monitored for policy deviations and unauthorized changes.
The platform's single pane of glass view makes spotting granular inconsistencies and misconfigurations across distributed systems a trivial affair. Clicking on an etcd key name displays its value on the right-hand side.
Why does this matter?
Modern organizations offering highly-available, mission critical applications and services require innovations like CoreOS, Docker, and Kubernetes to remain competitive. These technologies invariably add more moving parts and infrastructure complexity to the mix. And up until now, IT operations had no easy way to gain visibility into how their CoreOS or Kubernetes clusters were configured. Using UpGuard's new etcd scanning capabilities, organizations can eliminate this opaqueness with full visibility into container configurations—where critical differences are, what changes have been made over time, and more. Our platform enables forward-thinking organizations to adopt cutting-edge technologies like Docker/Kubernetes and CoreOS without sacrificing control of their IT environments.
It's hard to understate how valuable automated testing can be. Policies are now coupled more tightly with node scans, giving you one interface to see exactly how a node is configured, how it's changing, and how compliant it is with your operational or security standards.
Read Article >
In our previous piece, 10 Essential Steps for Configuring a New Server, we walked through some of the best practices to follow when setting up a new Linux server. But how can you tell if your server is setup correctly?
Read Article >
One of the best out-of-the-box features of UpGuard is the ability to build a policy from one configuration and apply that policy to other nodes that should match it. This gives you instant visibility of the differences in configuration between systems.
Read Article >