Security
Collector
Image
Starting from version 5.2, we build our docker.io image from scratch (0 size image). The collectord image contains a binary (collectord),
the set of root certificates, and a timezone database. Our collectord is a statically compiled binary. We use the Go language
to produce this binary. We do not use a dynamic runtime. Our binary can only do what we programmed it to do.
Alternatively, we provide a certified image hosted on the Red Hat registry. This image is based on a RHEL image. We keep it up to date and track vulnerabilities in the base image.
Container configuration
To be able to collect logs and metrics from the cluster, the collectord needs to have access to the host filesystem.
Because of that, our container requires privileged access. Collectord treats the host as read-only; the only information
it writes to the host is the acknowledgement information in the form of a database. By default, it writes it under
/var/lib/collectorforopenshift, and if a volume database is requested, it writes it in the volume root.
If you don’t use the volume database, you can change the permissions for the host filesystem to read-only, but you need to provide write access to the Collectord primary database directory (data folder).
Collectord also requires read-only access to the API Server. We limit the access to the API Server with RBAC to be able to read data from the API Server.
Using secrets to manage configurations
Please follow our instructions to learn how to use secrets to manage Token and License Key.
Internet access
The default license requires internet access for license verification. We can offer a license that does not require internet access.
The collectord forwards telemetry to our license server. You can turn off telemetry with our configuration.
Connection to Splunk HTTP Event Collector
We recommend using SSL for the connection to Splunk HEC. Please follow our manual on how to configure a secure SSL connection between the collectord and Splunk HEC.
Links
- Installation
- Start monitoring your OpenShift environments in under 10 minutes.
- Automatically forward host, container and application logs.
- Test our solution with the embedded 30 days evaluation license.
- Collectord Configuration
- Collectord configuration reference.
- Annotations
- Changing index, source, sourcetype for namespaces, workloads and pods.
- Forwarding application logs.
- Multi-line container logs.
- Fields extraction for application and container logs (including timestamp extractions).
- Hiding sensitive data, stripping terminal escape codes and colors.
- Forwarding Prometheus metrics from Pods.
- Audit Logs
- Configure audit logs.
- Forwarding audit logs.
- Prometheus metrics
- Collect metrics from control plane (etcd cluster, API server, kubelet, scheduler, controller).
- Configure the collectord to forward metrics from the services in Prometheus format.
- Configuring Splunk Indexes
- Using not default HTTP Event Collector index.
- Configure the Splunk application to use not searchable by default indexes.
- Splunk fields extraction for container logs
- Configure search-time field extractions for container logs.
- Container logs source pattern.
- Configurations for Splunk HTTP Event Collector
- Configure multiple HTTP Event Collector endpoints for Load Balancing and Fail-overs.
- Secure HTTP Event Collector endpoint.
- Configure the Proxy for HTTP Event Collector endpoint.
- Monitoring multiple clusters
- Learn how to monitor multiple clusters.
- Learn how to set up ACL in Splunk.
- Streaming OpenShift Objects from the API Server
- Learn how to stream all changes from the OpenShift API Server.
- Stream changes and objects from OpenShift API Server, including Pods, Deployments or ConfigMaps.
- License Server
- Learn how to configure a remote License URL for Collectord.
- Monitoring GPU
- Alerts
- Troubleshooting
- Release History
- Upgrade instructions
- Security
- FAQ and the common questions
- License agreement
- Pricing
- Contact
