Outcold Solutions LLC

AWS Administration and User Guide

Introduction

Outcold Solutions provides solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. Our solutions help developers to monitor the performance of their applications and help operators to keep their clusters healthy. With 10 minutes setup, you will get a monitoring solution, that includes log aggregation, performance and system metrics, metrics from the control plane and application metrics, a dashboard for reviewing network activity, and alerts for notifying you about issues with your clusters or applications performance.

All our solutions powered by the collectord. Collectord is a container-native software built by Outcold Solutions. It provides capabilities of discovering, transforming and forwarding logs, for collecting system metrics, for collecting metrics from the control plane of the orchestration frameworks and for forwarding network activity. Collectord provides flexible and powerful tools for transforming logs. With our software you can hide sensitive information from the loglines before forwarding them. With collectord you can reduce the licensing cost of your logging aggregation tool by choosing which data you want to forward from the log streams. Collectord forwards container logs, host logs and can discover logs written by the containerized applications.

With our solutions you can monitor Docker, Kubernetes and OpenShift clusters deployed on EC2, and managed EKS and ECS clusters.

Prerequisites and Requirements

Compatibility:

  • Kubernetes ≥ 1.5
  • OpenShift ≥ 3.6
  • Docker ≥ 1.11
  • Splunk ≥ 6.5 (see FAQ for earlier versions)
  • CRI-O as a container runtime for Kubernetes and OpenShift ≥ 1.11

Requirements:

  • You need administrative rights for your clusters to be able to create new services and workloads.
  • Splunk HTTP Event Collector input needs to be enabled (see manuals below).
  • Clusters need access to the Splunk HTTP Event Collector (HEC) endpoint. The default port for HEC is 8088 for Splunk Enterprise and 443 for Splunk Cloud.

Architecture Diagrams

AWS EKS Deployment

Collectord is deployed as a container on every worker node as a DaemonSet. Additionally, one Collectord with the role addon is deployed per cluster.

ECS

AWS ECS Deployment

Collectord is deployed as a container on every node as a Daemon.

ECS

Planning Guidance

Security

Collectord is a single statically compiled binary. Images with collectord are built from scratch (0 size image), and contain Collectord in binary form, set of root certificates and timezone database. Our images do not contain dynamic runtimes and cannot execute arbitrary code. For OpenShift we provide RedHat certified images based on RHEL and hosted on RedHat registry.

Sizing and Costs of AWS infrastructure

Read our blog post about the performance of our collectord to plan the capacity and resources.

Deployment Guidance

Deployment Assets

Monitoring Kubernetes and EKS clusters

To start monitoring Kubernetes clusters (including clusters deployed with EKS), follow our installation guide for Monitoring Kubernetes

For EKS specific details read our blog post

Monitoring Docker and ECS Clusters

To start monitoring Docker clusters (including clusters deployed with ECS), follow our installation guide for Monitoring Docker

For ECS specific details read our blog post

Monitoring OpenShift

To start monitoring OpenShift clusters, follow our installation guide for Monitoring Docker

Operational Guidance

Support

Reference Materials


About Outcold Solutions

Outcold Solutions provides solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. We offer certified Splunk applications, which give you insights across all containers environments. We are helping businesses reduce complexity related to logging and monitoring by providing easy-to-use and deploy solutions for Linux and Windows containers. We deliver applications, which help developers monitor their applications and operators to keep their clusters healthy. With the power of Splunk Enterprise and Splunk Cloud, we offer one solution to help you keep all the metrics and logs in one place, allowing you to quickly address complex questions on container performance.