Outcold Solutions LLC

AWS Administration and User Guide

Introduction

Outcold Solutions provides solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. Our solutions help developers to monitor the performance of their applications and help operators to keep their clusters healthy. With 10 minutes setup, you will get a monitoring solution, that includes log aggregation, performance and system metrics, metrics from the control plane and application metrics, a dashboard for reviewing network activity, and alerts for notifying you about issues with your clusters or applications performance.

All our solutions powered by the collectord. Collectord is a container-native software built by Outcold Solutions. It provides capabilities of discovering, transforming and forwarding logs, for collecting system metrics, for collecting metrics from the control plane of the orchestration frameworks and for forwarding network activity. Collectord provides flexible and powerful tools for transforming logs. With our software you can hide sensitive information from the loglines before forwarding them. With collectord you can reduce the licensing cost of your logging aggregation tool by choosing which data you want to forward from the log streams. Collectord forwards container logs, host logs and can discover logs written by the containerized applications.

With our solutions you can monitor Docker, Kubernetes and OpenShift clusters deployed on EC2, and managed EKS and ECS clusters.

Prerequisites and Requirements

Compatibility:

  • Kubernetes ≥ 1.5
  • OpenShift ≥ 3.6
  • Docker ≥ 1.11
  • Splunk ≥ 6.5 (see FAQ for earlier versions)
  • CRI-O as a container runtime for Kubernetes and OpenShift ≥ 1.11

Requirements:

  • You need administrative rights for your clusters to be able to create new services and workloads.
  • Splunk HTTP Event Collector input needs to be enabled (see manuals below).
  • Clusters need access to the Splunk HTTP Event Collector (HEC) endpoint. The default port for HEC is 8088 for Splunk Enterprise and 443 for Splunk Cloud.

Architecture Diagrams

AWS EKS Deployment

Collectord is deployed as a container on every worker node as a DaemonSet. Additionally, one Collectord with the role addon is deployed per cluster.

ECS

AWS ECS Deployment

Collectord is deployed as a container on every node as a Daemon.

ECS

Planning Guidance

Security

Collectord is a single statically compiled binary. Images with collectord are built from scratch (0 size image), and contain Collectord in binary form, set of root certificates and timezone database. Our images do not contain dynamic runtimes and cannot execute arbitrary code. For OpenShift we provide RedHat certified images based on RHEL and hosted on RedHat registry.

Sizing and Costs of AWS infrastructure

Read our blog post about the performance of our collectord to plan the capacity and resources.

Pricing

Collectord Enterprise

Subscribe through AWS Marketplace

Includes support. Send support requests to support@outcoldsolutions.com with the License ID (received with subscription).

Example 1

You have 2 EKS clusters. One with 30 worker nodes, and second with 10 worker nodes. Running 24/7. That is 40 monitored hosts in total.

You can choose a tier of 50 Enterprise Hosts for $710 a month, or $7,250 with 12 months commitment. That plan includes 50 monitored hosts, your number of monitored hosts under this capacity, no additional usage fees applied.

Example 2

You have 1 EKS cluster with 30 nodes, 1 EKS cluster with 8 nodes, ECS cluster with 20 nodes and self-managed Docker hosts on Auto Scale Group, with a minimum amount of nodes 40 and you scale it to 80 nodes between 8 am and 6 pm (10 hours a day). That is 170 Monitored hosts in total, running 24/7 and additionally 40 nodes that you run only for 10 hours a day.

You can subscribe to 100 Enterprise Hosts with the commitment of 1 month for $1,300 or 12 months for $13,250. That plan includes 100 monitored hosts, you will pay for additional usage, as

0.004*(70*24 + 40*10)=8.32

You will pay $8.32 per day or approximately $249.6 a month added to your monthly commitment.

Collectord Pay-As-You-Go Pricing

Subscribe through AWS Marketplace

Does not include support.

Example

You are running 24/7 10 ECS nodes and 1 EKS clusters with 12 worker nodes that are 22 monitored hosts in total. Additionally, you scale up your EKS cluster to 20 worker nodes every day between 8 am and 6 pm (10 hours a day).

0.01*(22*24 + 20*10)=7.28

You will pay $7.28 a day, or approximately $218.4 a month.

Deployment Guidance

Deployment Assets

Monitoring Kubernetes and EKS clusters

To start monitoring Kubernetes clusters (including clusters deployed with EKS), follow our installation guide for Monitoring Kubernetes

For EKS specific details read our blog post

Monitoring Docker and ECS Clusters

To start monitoring Docker clusters (including clusters deployed with ECS), follow our installation guide for Monitoring Docker

For ECS specific details read our blog post

Monitoring OpenShift

To start monitoring OpenShift clusters, follow our installation guide for Monitoring Docker

Operational Guidance

Support

Reference Materials


About Outcold Solutions

Outcold Solutions provides solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. We offer certified Splunk applications, which give you insights across all containers environments. We are helping businesses reduce complexity related to logging and monitoring by providing easy-to-use and deploy solutions for Linux and Windows containers. We deliver applications, which help developers monitor their applications and operators to keep their clusters healthy. With the power of Splunk Enterprise and Splunk Cloud, we offer one solution to help you keep all the metrics and logs in one place, allowing you to quickly address complex questions on container performance.