Workload monitoring

Lifecycle management operations of a MOSK cluster may impose impact on its workloads and, specifically, may cause network connectivity interruptions for instances running in OpenStack. To make sure that the downtime caused on the cloud applications still fits into Service Level Agreements (SLAs), MOSK provides the tooling to measure the network availability of instances.

Additionally, continuous monitoring of the network connectivity in the cluster is essential for early detection of infrastructure problems.

MOSK offers cloud operators to oversee the availability of workloads hosted in their OpenStack infrastructure on several levels:

  • Monitoring of floating IP addresses through the Cloudprober service

  • Monitoring of network ports availability through the Portprober service

Floating IP address availability monitoring (Cloudprober)

Available since MOSK 23.2 TechPreview

The floating IP address availability monitoring service (Cloudprober) is a special probing agent that starts on controller nodes and periodically pings selected floating IP addresses. As of today, the agent supports only Internet Control Message Protocol (ICMP) to determine the IP address availability.

instance_availability_arch

To monitor the availability of floating IP addresses, your MOSK cluster and workloads need to meet the following requirements:

  • There must be the layer-3 connectivity between the clusters floating IP networks and nodes running the OpenStack control plane.

  • The guest operating system of the monitored OpenStack instances must allow the ICMP ingress and egress traffic.

  • OpenStack security groups used by the monitored instances must allow the ICMP ingress and egress traffic.

To enable the floating IP address availability monitoring service, use the following OpenStackDeployment definition:

spec:
  features:
    services:
      - cloudprober

For the detailed configuration procedure of the floating IP address availability monitoring service, refer to Configure monitoring of cloud workload availability.

Network port availability monitoring (Portprober)

Available since MOSK 24.2 TechPreview

The network port availability monitoring service (Portprober) is implemented as an extension to OpenStack Neutron service which gets enabled automatically together with the cloudprober service described above.

Also, you can enable Portprober explicitly, regardless of whether Cloudprober is enabled or not. To do so, specify the following structure in the OpenStackDeployment custom resource:

spec:
  features:
    neutron:
      extensions:
        portprober:
          enabled: true

The Portprober service is supported only for the following cloud configurations:

  • OpenStack version is Antelope or newer

  • Neutron OVS backend for networking (Tungsten Fabric and OVN backends are not supported)

portprober

The Portprober agent automatically connects to all OpenStack virtual networks and probes all the ports that are plugged in there and are in the bound state, meaning they are associated with an instance or a network service.

The service makes no difference between private and external networks and also reports the availability of the ports that belong to virtual routers.

The service relies on the ARP protocol to determine port availability and does not require any security groups to be assigned to monitored instances, as opposed to the Floating IP address monitoring service (Cloudprober).

Known limitations

Among the known limitations of the network port availability monitoring service is the lack of support for IPv6. The service ignores the ports that do not have IPv4 addresses associated with them.