Posts Tagged ‘free’

Birdwatcher: Accessing Calico/BIRD metrics through Prometheus

Friday, October 28th, 2016

At Kumina we maintain a Kubernetes setup running on Amazon EC2. For the low-level networking between containers, we make use of Calico. Calico configures all of our EC2 systems to form a mesh network. The systems in this mesh network all run an instance of the BIRD Internet Routing Daemon.

One of the problems we ran into with Calico is that it’s sometimes hard to get a holistic view of the state of the system. Calico ships with a utility called calicoctl that can be used to print the state of a single node in the mesh, but using this utility can easily become laborious as the number of EC2 instances increases.

Given that we already make strong use of Prometheus for our monitoring, we’ve solved this by writing a tool called Birdwatcher that exports the metrics generated by BIRD in Prometheus’ format. This allows us to put alerts in place for when an excessive number of changes to routes occur, or when routes simply fail to work for a prolonged period of time.

Today we’re happy to announce that Birdwatcher is now available on our company’s GitHub page. If you’re a user of both Calico and Prometheus, be sure to give it a try. Enjoy!



Buckler: Authentication and authorization for Kibana, for free!

Thursday, September 29th, 2016


At Kumina, we make heavy use of the ELK stack: Elasticsearch, Logstash and Kibana. All of our servers have their logs collected by Logstash and stored in Elasticsearch, so we can easily access them through Kibana. As of recently we started providing direct access to our Kibana instance to our customers, so that they can perform analysis on the data themselves. This brings us to an interesting problem: Elasticsearch – and in effect Kibana – does not implement any authentication and authorization mechanisms. This means that by default customers would be able to view each other’s data.

Support for access controls is instead offered by a commercial product by Elastic, called Shield. Though Shield certainly looks like an interesting product, it looks far too advanced and costly for the problem we tried to solve at Kumina: simply having partitioned access to the data for several customers. This is why we commissioned the development of a new piece of software called Buckler. Buckler is a light-weight proxy for Kibana, written in Python (Django). It allows you to restrict access in Kibana by adding password authentication. When logged in, a user is only allowed to access indices specified for that user in Buckler’s configuration file.

Free alternative to Shield

Today we’re glad to announce that we’re releasing Buckler as open source software licensed under the Apache License, version 2.0. The Git repository containing sources and documentation can be found on our company’s Git Hub page. In addition to the proxy itself, we’re also releasing a Vagrant environment that allows you to easily test and experiment with Buckler. Right now Buckler only works in combination with Kibana 4.1, as that’ s the version in use at Kumina. There is a fair chance we’re going to extend Buckler over time to support newer versions of Kibana, such as 4.3 and 5.x.