Outcold Solutions LLC

Monitoring Kubernetes - Version 5



To find server version of your Kubernetes cluster use

$ kubectl version

Match the server version with one of the links below.

Configuration files for previous releases of Collectord deployment files you can find at github.com/outcoldsolutions/collectord-configurations

Created Kubernetes Objects

Configuration file collectorforkubernetes.yaml creates several Kubernetes Objects.

  • Namespace collectorforkubernetes.
  • ClusterRole collectorforkubernetes with limited capabilities to get, list and watch deployed objects. Collector uses this information to enrich logs and stats with Kubernetes specific metadata.
  • ServiceAccount collectorforkubernetes is used to connect to Kubernetes API.
  • ClusterRoleBinding collectorforkubernetes to bind a service account to a cluster role.
  • ConfigMap collectorforkubernetes delivers configuration files for collector.
  • DaemonSet collectorforkubernetes allows to deploy collector on none-master nodes.
  • DaemonSet collectorforkubernetes-master allows to deploy collector on master nodes.
  • Deployment collectorforkubernetes-addon is a single collector that needs to forward data from the whole cluster once.

Read commentaries in the collectorforkubernetes.yaml file to get more deep details on all configurations and source of the logs and metrics.

Collector configuration

ConfigMap collectorforkubernetes delivers configuration files for collector. These are ini files, where you can find all the default values.

Values can be overridden using environment values with the format as specified below


Configurations with environment variables are the simplest way to explore and debug quickly, but we recommend to write your configuration file based on the default provided with collectorforkubernetes.yaml.

Using secrets to manage configurations

You can use Kubernetes secrets and map them as an environment variable to override configurations for the collector.

As an example, we will show how you can configure HTTP Event Collector and License with secrets.

At first, make sure that collectorforkubernetes namespace already exists. If it does not exist, you need to create it.

kubectl create namespace collectorforkubernetes
kubectl create secret generic collectorforkubernetes \
    --namespace collectorforkubernetes \
    --from-literal=splunk-token="output.splunk__token=B5A79AAD-D822-46CC-80D1-819F80D7BFB0" \

In our YAML manifest find a configuration of environment variables for each Deployment type (2 DaemonSets and 1 Deployment) and add following the information to the environment variables

      name: collectorforkubernetes
      key: splunk-token
      name: collectorforkubernetes
      key: license

Apply the manifest by following installation instructions.

Attaching EC2 Metadata

You can include EC2 metadata with the forwarded data (logs and metrics) by specifying desired field name and path from Instance Metadata and User Data.

# Include EC2 Metadata (see list of possible fields https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
# Should be in format ec2Metadata.{desired_field_name} = {url path to read the value}
# ec2Metadata.ec2_instance_id = /latest/meta-data/instance-id
# ec2Metadata.ec2_instance_type = /latest/meta-data/instance-type

As an example, you can modify YAML file and include two fields ec2_instance_id and ec2_instance_type

ec2Metadata.ec2_instance_id = /latest/meta-data/instance-id
ec2Metadata.ec2_instance_type = /latest/meta-data/instance-type

Placeholders in indexes and sources

You can apply dynamic index names in the configurations to forward logs or stats to a specific index, based on the meta fields. For example, you can define an index as


index = oc_{{kubernetes_namespace}}

Similarly you can change the source of all the forwarded logs like


source = /{{kubernetes_namespace}}/{{::coalesce(kubernetes_daemonset_name, kubernetes_deployment_name, kubernetes_statefulset_name, kubernetes_cronjob_name, kubernetes_job_name, kubernetes_replicaset_name, kubernetes_pod_name)}}/{{kubernetes_pod_name}}/{{kubernetes_container_name}}

About Outcold Solutions

Outcold Solutions provides solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. We offer certified Splunk applications, which give you insights across all containers environments. We are helping businesses reduce complexity related to logging and monitoring by providing easy-to-use and deploy solutions for Linux and Windows containers. We deliver applications, which help developers monitor their applications and operators to keep their clusters healthy. With the power of Splunk Enterprise and Splunk Cloud, we offer one solution to help you keep all the metrics and logs in one place, allowing you to quickly address complex questions on container performance.