# Monitoring and Logging in Kubernetes

## Metrics Versus Logs

#### You first need to understand the difference between log collection and metrics collection. They are complementary but serve different purposes:

#### Metrics
- A series of numbers measured over a period of time.

#### Logs
- Logs keep track of what happens while a program is running, including any errors, warnings, or notable events that occur.



#### A example of where you would need to use both metrics and logging is when an application is performing poorly. Our first indication of the issue might be an alert of high latency on the pods hosting the application, but the metrics might not give a good indication of the issue. We then can look into our logs to investigate errors that are being emitted from the application.

## Monitoring Techniques

#### Closed-box monitoring focuses on monitoring from the outside of an application and is what’s been used traditionally when monitoring systems for components like CPU, memory, storage, and so on. Closed-box monitoring can still be useful for monitoring at the infrastructure level, but it lacks insights and context into how the application is operating. For example, to test whether a cluster is healthy, we might schedule a pod, and if it’s successful, we know that the scheduler and service discovery are healthy within our cluster, so we can assume the cluster components are healthy.

#### Open-box monitoring focuses on the details in the context of the application state, such as total HTTP requests, number of 500 errors, latency of requests, and so on. With open-box monitoring, we can begin to understand the why of our system state. It allows us to ask, “Why did the disk fill up?” and not just state, “The disk filled up.”

## Monitoring Patterns
#### You might look at monitoring and say, “How difficult can this be? We’ve always monitored our systems.” The concept of monitoring isn’t new, and we have many tools at our disposal to help us understand how our systems are performing. But platforms like Kubernetes are much more dynamic and transient, so you’ll need to change your thinking about how to monitor these environments. For example, when monitoring a virtual machine (VM) you expect that VM to be up 24/7 and all its state preserved. In Kubernetes, pods can be very dynamic and short-lived, so you need to have monitoring in place that can handle this dynamic and transient nature.

#### There are two monitoring patterns to focus on when monitoring distributed systems. The USE method, popularized by Brendan Gregg, focuses on the following:

- U—Utilization
- S—Saturation
- E—Errors

#### This method is focused on infrastructure monitoring because there are limitations on using it for application-level monitoring. The USE method is described as “For every resource, check utilization, saturation, and error rates.” This method lets you quickly identify resource constraints and error rates of your systems. For example, to check the health of the network for your nodes in the cluster, you will want to monitor the utilization, saturation, and error rate to be able to easily identify any network bottlenecks or errors in the network stack. The USE method is a tool in a larger toolbox and is not the only method you will utilize to monitor your systems.

#### Another monitoring approach, called the RED method, was popularized by Tom Wilkie. The RED method approach is focused on the following:

- R—Rate
- E—Errors
- D—Duration