Put open source to work
July 16–17, 2018: Training & Tutorials
July 18–19, 2018: Conference
Portland, OR

Using application identity to correlate metrics: A look at SPIFFE and SPIRE

Priyanka Sharma (GitLab), Sabree Blackmon (Scytale)
1:45pm2:25pm Wednesday, July 18, 2018
Evolutionary architecture
 Location: D137/138
Level: Intermediate
Average rating: ***..
(3.33, 3 ratings)

Who is this presentation for?

  • Engineering practitioners working on distributed systems and those working on identity management or observability

Prerequisite knowledge

  • An understanding of microservices in production (useful but not required)

What you'll learn

  • Understand the emerging Google-inspired open source standards for identity authentication and learn how to leverage them to gain better observability
  • Explore the SPIFFE and SPIRE projects for authentication, the OpenTracing standard for distributed tracing, and best practices to correlate logs, metrics, and traces along with identity management

Description

With the explosion of open source tooling for logging (e.g., Fluentd), monitoring (e.g., Prometheus), and tracing (e.g., OpenTracing, Zipkin, and Jaeger), there have never been more ways to observe and introspect application behavior. Often, quickly identifying and resolving application pathologies requires several of these tools to be used in concert. But in a world where software can be deployed in many different ways (such as clusters, VMs, containers, and functions), understanding which metrics correlate to behavior in different applications can be difficult.

In an ideal world, we would have a standardized way to identify running software systems that our monitoring tools could easily lean on, even when spread over multiple teams, geographies, and platforms. But real-world deployments are rarely so simple. Priyanka Sharma and Sabree Blackmon explain how application identity can be used as the basis for correlating metrics from multiple sources (with the help of OpenTracing) and detail some of the challenges inherent in defining application identity in different contexts (such as virtual machines, functions, and different Kubernetes primitives). They then offer an overview of open source projects like SPIFFE and SPIRE, which have modernized identity authentication across microservices, and demonstrate how SPIRE, Fluentd, Prometheus, and Zipkin can be used together to precisely correlate logs, metrics, and traces to improve and diagnose real-world production issues.

Photo of Priyanka Sharma

Priyanka Sharma

GitLab

Priyanka Sharma is the director of technical evangelism at GitLab and serves on the board of the Cloud Native Computing Foundation (CNCF). She has deep expertise in DevOps and observability. A former entrepreneur with a passion for growing developer products through open source communities, Priyanka advises startups at HeavyBit industries, an accelerator for developer products. She holds a BA in political science from Stanford University and loves reading and playing with her dog, Ollie, in her spare time.

Photo of Sabree Blackmon

Sabree Blackmon

Scytale

Sabree Blackmon is a technologist and developer advocate at Scytale, where he helps organize the SPIFFE and SPIRE open source communities while also mentoring engineers on application identity and security.