Kubernetes events π
Description π
The Splunk Distribution of OpenTelemetry Collector provides the kubernetes-events monitor type. This monitor type listens for Kubernetes events by calling the Kubernetes API running on manager nodes, and sends Kubernetes events into Splunk Observability Cloud as Infrastructure Monitoring events through the OTel pipeline using the Splunk Observability Cloud Smart Agent Receiver.
After it starts, the Kubernetes events monitor type sends all of the events that Kubernetes has that are still persisted, and any new events as they come in. The various agents decide which instance will lead and sends event. If alwaysClusterReporter is set to true, every node emits the same data, and there is no additional querying of the manager node.
This monitor type is available on Kubernetes, Linux, and Windows.
Benefits π
Configure the integration to access these features:
View events. You can create your own custom dashboards, and most monitors provide built-in dashboards as well. For information about dashboards, see View dashboards in Observability Cloud.
View a data-driven visualization of the physical servers, virtual machines, AWS instances, and other resources in your environment that are visible to Infrastructure Monitoring. For information about navigators, see Splunk Infrastructure Monitoring navigators.
Installation π
Follow these steps to deploy this integration:
Deploy the Splunk Distribution of OpenTelemetry Collector to your host or container platform:
Configure the monitor, as described in the Configuration section.
Restart the Splunk Distribution of OpenTelemetry Collector.
Deploy with Helm π
To activate this monitor with the Helm chart, include this argument with the helm install command:
-set splunkObservability.infrastructureMonitoringEventsEnabled='true'
Deploy without Helm π
To deploy without Helm, include the following in the OTel configuration:
processors:
resource/add_event_k8s:
attributes:
- action: insert
key: kubernetes_cluster
value: CHANGEME
receivers:
smartagent/kubernetes-events:
type: kubernetes-events
alwaysClusterReporter: true
service:
pipelines:
logs/events:
exporters:
- signalfx
processors:
- memory_limiter
- batch
- resourcedetection
- resource/add_event_k8s
receivers:
- smartagent/kubernetes-events
Configuration π
1. Activate the monitor π
To use this Smart Agent monitor with the Collector, include the smartagent receiver and service pipeline in your configuration file. The Smart Agent receiver is fully supported only on x86_64/amd64 platforms.
Read more in Use Smart Agent monitors with the Collector.
Learn about config options in Collector default configuration.
See the examples below for more details.
receivers:
smartagent/kubernetes-events:
type: kubernetes-events
... # Additional config
2. Include the monitor in a pipeline π
Next, include the monitor type in an events pipeline in your configuration file.
services:
logs/events:
receivers:
- smartagent/kubernetes-events
3. Select which events to send π
Configure which events to send. You can see the types of events happening in your cluster with the following command:
kubectl get events -o yaml --all-namespaces
To send all events, set the option _sendAllEvents to true in your values.yaml, and remove the whitelistedEvents option.
From the output, combine Reason (Started, Created, Scheduled) and Kind (Pod, ReplicaSet, Deploymentβ¦) to select which events to send.
Specify a single reason and involveObjectKind individually for each event rule you want to allow.
Events are placed in the
whitelistedEventsconfiguration option as a list of events you want to send.Event names will match the reason name.
Configuration settings π
Option |
Required |
Type |
Description |
|---|---|---|---|
|
no |
|
Configuration of the Kubernetes API client. |
|
no |
|
A list of event types to send events for. Only events matching these items will be sent. |
|
no |
|
Whether to always send events from this agent instance or to do leader election to only send from one agent instance. Default is |
The nested kubernetesAPI config object has the following fields:
Option |
Required |
Type |
Description |
|---|---|---|---|
|
no |
|
To authenticate to the K8s API server: |
|
no |
|
Whether to skip verifying the TLS certificate from the API server. Almost never needed. Default is |
|
no |
|
The path to the TLS client certificate on the podβs filesystem, if using |
|
no |
|
The path to the TLS client key on the podβs filesystem, if using |
|
no |
|
Path to a CA certificate to use when verifying the API server TLS certificate. Generally this is provided by K8s alongside the service account token, which will be picked up automatically, so this should rarely be necessary to specify. |
The nested whitelistedEvents configuration object has the following fields:
Option |
Required |
Type |
|---|---|---|
|
no |
|
|
no |
|
Example YAML configuration:
receivers:
smartagent/kubernetes-events:
type: kubernetes-events
whitelistedEvents:
- reason: Created
involvedObjectKind: Pod
- reason: SuccessfulCreate
involvedObjectKind: ReplicaSet
Get help π
If you are not able to see your data in Splunk Observability Cloud, try these tips:
Submit a case in the Splunk Support Portal
Available to Splunk Observability Cloud customers
-
Available to Splunk Observability Cloud customers
Ask a question and get answers through community support at Splunk Answers
Available to Splunk Observability Cloud customers and free trial users
Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide
Available to Splunk Observability Cloud customers and free trial users
To learn how to join, see Get Started with Splunk Community - Chat groups
To learn about even more support options, see Splunk Customer Success.