Skip to content

cAdvisor

cadvisor architecture

🐳 What is cAdvisor?

cAdvisor (Container Advisor) is an open-source container monitoring tool developed by Google. It runs as a daemon on a host and provides insights into:

  • Resource usage (CPU, memory, network, disk I/O)
  • Performance characteristics of running containers
  • Per-container statistics in real time

πŸ‘‰ cAdvisor is often used as a metrics source for Prometheus in Kubernetes and Docker environments.

It’s lightweight, designed to run inside a container, and exposes metrics at an HTTP endpoint (/metrics) in Prometheus format.

🧐 Why Do We Need cAdvisor?

In modern containerized environments (Docker, Kubernetes):

  • Containers are ephemeral (come and go quickly).
  • Multiple containers share the same host.
  • We need visibility into resource consumption per container (not just at the host level).

Without cAdvisor:

  • You can see host metrics (via node_exporter) but not per-container usage.
  • Hard to debug issues like β€œwhich container is consuming all the CPU?”

πŸ‘‰ cAdvisor provides fine-grained container-level metrics, making it critical for container monitoring.

πŸ“Š What Does cAdvisor Monitor?

cAdvisor collects and exposes:

  • CPU usage (total, per core, throttling).
  • Memory usage (working set, cache, limits).
  • Filesystem usage (per container).
  • Network stats (bytes sent/received, packets).
  • Container lifecycle stats (start, stop, restart).
  • Custom labels (Kubernetes adds pod, namespace, container name).

πŸ”§ How cAdvisor Works

  1. Runs as a daemon (usually a Docker container).

  2. Reads metrics from the Linux kernel cgroups and container runtime (Docker, containerd, CRI-O).

  3. Exposes metrics on an HTTP endpoint:

  4. JSON API β†’ /api/v1.3/subcontainers (legacy).

  5. Prometheus format β†’ /metrics.

  6. Tools like Prometheus scrape these metrics.

  7. Grafana visualizes them in dashboards.

πŸ”— Architecture Overview

+-------------------+
|   Linux Kernel    |
| (cgroups, stats)  |
+---------+---------+
          |
          v
+---------+---------+
|   cAdvisor        |  (container metrics daemon)
+---------+---------+
          |
          v
+-------------------+
| /metrics endpoint |  --> Scraped by Prometheus
+---------+---------+
          |
     +----v-----+
     | Grafana  |   (visualization)
     +----------+

πŸ”„ Metric Flow: From Container β†’ cAdvisor β†’ Prometheus β†’ Grafana

sequenceDiagram
    participant Cont as Container
    participant Kernel as Linux cgroups
    participant Cad as cAdvisor (/metrics)
    participant Prom as Prometheus
    participant Graf as Grafana
    participant User as DevOps/SRE

    Cont->>Kernel: Resource usage (CPU, mem, I/O)
    Cad->>Kernel: Collect stats via cgroups
    Prom->>Cad: Scrape /metrics
    Prom->>Prom: Store in TSDB
    Graf->>Prom: Query metrics
    Prom-->>Graf: Return data
    Graf-->>User: Show dashboards

πŸ—οΈ Prometheus + cAdvisor Architecture

flowchart TD

    subgraph Containers["Running Containers (Docker/K8s)"]
        C1["Container A"]
        C2["Container B"]
        C3["Container C"]
    end

    subgraph Kernel["Linux Kernel (cgroups, namespaces)"]
        M1["CPU usage"]
        M2["Memory usage"]
        M3["Disk I/O"]
        M4["Network I/O"]
    end

    Containers --> Kernel

    subgraph cAdvisor["cAdvisor Daemon (per-node)"]
        Cad["/metrics endpoint"]
    end

    Kernel --> Cad

    subgraph Prometheus["Prometheus Server"]
        P["Scrape & Store Metrics (TSDB)"]
    end

    Cad --> P

    subgraph Grafana["Grafana Dashboards"]
        G["Visualize Metrics"]
    end

    Prometheus --> G

    subgraph Alertmanager["Alertmanager"]
        A["Send Alerts (Slack, Email, PagerDuty)"]
    end

    Prometheus --> A

πŸ”Ž Explanation of the Flow

  1. Containers β†’ generate resource usage.
  2. Linux Kernel (cgroups) β†’ tracks CPU, memory, disk, and network per container.
  3. cAdvisor β†’ collects these stats and exposes them at /metrics.
  4. Prometheus β†’ scrapes cAdvisor metrics regularly and stores them in its TSDB.
  5. Grafana β†’ queries Prometheus for dashboards (per-container CPU/memory, etc.).
  6. Alertmanager β†’ triggers alerts if rules match (e.g., container using >90% memory).

πŸ‘‰ This stack gives complete visibility into container performance.

πŸ—οΈ Kubernetes + cAdvisor + Prometheus Architecture

flowchart TD

    subgraph Node["Kubernetes Node"]
        subgraph Pods["Pods & Containers"]
            P1["Pod A: Container A1, A2"]
            P2["Pod B: Container B1"]
        end

        subgraph Kubelet["Kubelet"]
            Cad["cAdvisor (built-in)"]
        end

        Kernel["Linux Kernel (cgroups, namespaces)"]
    end

    Pods --> Kernel
    Kernel --> Cad

    subgraph Prometheus["Prometheus Server"]
        P["Scrape & Store Metrics"]
    end

    Cad --> P

    subgraph Grafana["Grafana Dashboards"]
        G["Visualize Metrics"]
    end

    Prometheus --> G

    subgraph Alertmanager["Alertmanager"]
        A["Send Alerts (Slack, Email, PagerDuty)"]
    end

    Prometheus --> A

πŸ”Ž Explanation of the Kubernetes Flow

  1. Pods (containers) run on each node.
  2. Linux kernel (cgroups) tracks per-container resource usage (CPU, memory, I/O).

  3. Kubelet runs on every node and integrates cAdvisor internally.

  4. Exposes metrics at:

    • /metrics/cadvisor β†’ container-level
    • /metrics β†’ node & kubelet metrics
    • Prometheus scrapes kubelet endpoints across all nodes.
    • Grafana builds dashboards (per-pod, per-container, per-namespace).
    • Alertmanager notifies when resource thresholds are breached.

πŸ‘‰ In Kubernetes, you don’t usually run standalone cAdvisor. Instead, kubelet already provides cAdvisor-powered metrics.

πŸ“ˆ Example Metrics from cAdvisor

CPU

  • container_cpu_usage_seconds_total β†’ Total CPU time consumed.
  • container_cpu_cfs_throttled_seconds_total β†’ Time container spent throttled.

Memory

  • container_memory_usage_bytes β†’ Total memory usage.
  • container_memory_working_set_bytes β†’ Memory actively used.

Network

  • container_network_receive_bytes_total
  • container_network_transmit_bytes_total

Filesystem

  • container_fs_usage_bytes
  • container_fs_reads_bytes_total

βš™οΈ Running cAdvisor

Docker Example

docker run \
  --volume=/:/rootfs:ro \
  --volume=/var/run:/var/run:rw \
  --volume=/sys:/sys:ro \
  --volume=/var/lib/docker/:/var/lib/docker:ro \
  --publish=8080:8080 \
  --detach=true \
  --name=cadvisor \
  gcr.io/cadvisor/cadvisor:latest

πŸ‘‰ Access metrics at:

  • UI: http://localhost:8080
  • Prometheus metrics: http://localhost:8080/metrics

πŸ”Ž cAdvisor in Kubernetes

In Kubernetes, cAdvisor is built into the kubelet:

  • Every node’s kubelet runs cAdvisor.
  • Metrics are exposed at :4194/metrics/cadvisor.
  • Prometheus scrapes these endpoints.

πŸ‘‰ Many Kubernetes setups use kubelet’s cAdvisor integration rather than running cAdvisor as a separate container.

πŸ” Key Strengths of cAdvisor

  • Container-native: built specifically for container monitoring.
  • Lightweight: low resource overhead.
  • Rich metrics: CPU, memory, disk, network at per-container level.
  • Easy integration: works out-of-the-box with Prometheus.
  • UI dashboard: basic real-time web UI included.

⚠️ Limitations & Watch Outs

  • Short-term storage only β†’ cAdvisor itself doesn’t persist data (only in-memory). β†’ Must use Prometheus or other TSDB for historical metrics.

  • Scalability β†’ Standalone cAdvisor isn’t meant for very large clusters.

  • Limited security β†’ Exposes metrics unauthenticated (protect behind reverse proxy).

  • Deprecation concern β†’ Standalone cAdvisor development has slowed since metrics are now integrated into Kubernetes kubelet.

πŸ”” Example Prometheus Scrape Config for cAdvisor

scrape_configs:
  - job_name: 'cadvisor'
    static_configs:
      - targets: ['localhost:8080']

πŸ“Š Grafana Dashboards for cAdvisor

Grafana has many pre-built dashboards (via Grafana.com) for cAdvisor metrics:

  • Container CPU & memory usage
  • Disk & network performance
  • Top N containers by resource consumption
  • Per-pod or per-namespace breakdown

πŸ‘‰ Example dashboard ID: 893 (Google cAdvisor).

πŸ› οΈ Alternatives to cAdvisor

Tool Focus Notes
node_exporter Host-level metrics No per-container visibility
kubelet /metrics Node & pod metrics in k8s Already includes cAdvisor functionality
Docker stats API Docker container metrics Limited, less Prometheus-friendly
Datadog/ELK/others SaaS full observability stacks More features, but paid solutions

πŸ‘‰ In Kubernetes, cAdvisor + kubelet is usually enough.

πŸ›‘οΈ Security Best Practices

  • ❌ Don’t expose cAdvisor directly to the internet.
  • βœ… Run behind a reverse proxy (Nginx, Traefik).
  • βœ… Scrape metrics only from trusted networks.
  • βœ… Use Kubernetes RBAC with kubelet metrics proxying.

🧾 cAdvisor Cheat Sheet

βœ… Core Concepts

Term Meaning
cAdvisor Container metrics daemon (by Google)
Source Linux kernel cgroups + container runtime
Metrics CPU, memory, disk, network per container
Endpoint /metrics (Prometheus format)

πŸ“Š Example PromQL

rate(container_cpu_usage_seconds_total[1m])   # CPU usage per second
container_memory_usage_bytes                  # Current memory usage
container_network_receive_bytes_total         # Network RX bytes

🎯 Final Takeaway

cAdvisor is:

  • Essential for per-container resource monitoring.
  • Lightweight and easy to deploy.
  • Integrated into Kubernetes via kubelet.
  • Best used with Prometheus + Grafana for long-term monitoring.

πŸ‘‰ Think of cAdvisor as the container-level metrics engine that feeds Prometheus, while node_exporter gives you host-level metrics.