Edge Delta Kubernetes Traffic Input
3 minute read
Overview
You can use the Kubernetes Traffic Input node to enable kubernetes metrics ingestion via eBPF and to specify which Kubernetes namespaces the agent should generate metrics from.
Metrics have the following prerequisites:
- To ingest Kube State Metrics, KSM must be deployed in the same cluster as the Edge Delta agent.
- To ingest node-exporter metrics, node-exporter must be deployed in the same cluster as the Edge Delta agent.
- All metric processing nodes, such as logs to metrics nodes, must be connected to the Metrics Output node.
The Edge Delta agent uses eBPF to collect network metrics. Therefore, the following Kubernetes environment configuration is required for Kubernetes network metrics and eBPF to work:
- Linux kernel version 5.8 or later.
- Linux kernel built with the
CONFIG_DEBUG_INFO_BTF=yflag.
To check for the flag, SSH into the node and examine the config, for example in minikube:
minikube sh
cat /proc/config.gz | gunzip | grep CONFIG_DEBUG_INFO_BTF
The output should show CONFIG_DEBUG_INFO_BTF=y.
In the case of minikube, the agent can run on minikube with the Docker driver. Docker must be at least v24.0.0 and it is started as follows:
minikube start --driver Docker
Metrics
ed_k8s_traffic_latency.avged_k8s_traffic_latency.p95ed_k8s_traffic_communication.counted_k8s_traffic_in.sumed_k8s_traffic_out.sum
Example Configuration
nodes:
- name: my_k8s_traffic_input
type: k8s_traffic_input
include:
- "k8s.namespace.name=.*"
exclude:
- "k8s.namespace.name=kube-system"
buffer_size: 32KiB
Example Output Logs
{
"_timestamp": 1681481446835,
"_type": "metric",
"_name": "ed_k8s_traffic_latency.value",
"_value": 60.5,
"_stat_type": "value",
"client_pod": "unknown",
"client_namespace": "unknown",
"client_controller": "unknown",
"server_pod": "test-pod-0",
"server_namespace": "default",
"server_controller": "StatefulSet/test-pod",
"method": "GET",
"URI": "/",
"response_code": "200",
"_ed": {
"src_type": "K8sTraffic",
"tag": "site-env"
"config_id": "12345678-abcd-abcd-abcd-0123456789ab",
"host": "site-agent",
"ip": "10.0.0.0",
"__group_name": "site-env|stat|site-agent|K8sTraffic|-",
"__logical_source": "K8sTraffic,-",
"__short_src_name": "-",
"__src_name": "site-env|stat|site-agent|K8sTraffic|-",
}
}
Required Parameters
name
A descriptive name for the node. This is the name that will appear in Visual Pipelines and you can reference this node in the yaml using the name. It must be unique across all nodes. It is a yaml list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.
nodes:
- name: <node name>
type: <node type>
type: k8s_traffic_input
The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.
nodes:
- name: <node name>
type: <node type>
Optional Parameters
exclude and include
The include and exclude parameter are used to filter on Kubernetes pods. They are specified with Golang regex or full text. If exclude is specified it drops logs that match its Golang regex rules. Comma separated values indicate AND rules, while separate rules indicate OR matching.
- If neither
includenorexcludeare specified, then everything from the input is passed. - If
includeis specified as well asexclude, then logs matching inincludeare passed unless they are dropped byexclude.
nodes:
- name: <node name>
type: k8s_traffic_input
exclude:
- "k8s.namespace.name=kube-system"
buffer_size
The buffer_size parameter specifies the buffer size to be allocated for eBPF. It is specified as a data size. It should be exactly divisible by the page size of the machine agent. The default is 32KiB (32 * 1024 bytes) and it is optional.
nodes:
- name: <node name>
type: k8s_traffic_input
exclude:
- "k8s_namespace=^kube-nginx$"
buffer_size: 32KiB