How Does eG Enterprise Monitor a Kubernetes/OpenShift Cluster?
eG Enterprise monitors Kubernetes/OpenShift Cluster in an agentless manner.
eG Enterprise provides monitoring support to Kubernetes/OpenShift on Linux platforms only, and not on Windows.
A single remote agent deployed on a Windows host in the environment uses the Kubernetes API on the master node of the Kubernetes/OpenShift cluster to pull useful metrics on cluster performance.
To enable the eG agent to use the Kubernetes API, you need to:
Configure the eG agent to connect to the master node of the Kubernetes/OpenShift cluster
- Configure the eG agent with an authentication bearer token
Each of these requirements have been discussed in detail below.
Configuring the eG Agent to Connect to the Master Node
To connect to the Kubernetes API, you first need to configure the eG agent with the IP address of the master node of the cluster. If the target cluster consists of more than one master node, then the eG agent should be configured to connect to the load balancer that is managing the cluster. In this case, the load balancer will route the eG agent's connection request to any available master node in the cluster, thus enabling the agent to connect with the API server on that node, run API commands on it, and pull metrics.
You can provide the IP address of the master node/load balancer when adding a Kubernetes/OpenShift cluster for monitoring using the eG administrative interface. Refer to How to Monitor the Kubernetes/OpenShift Cluster Using eG Enterprise? to know how.
Configuring the eG Agent with an Authentication Bearer Token
To access the Kubernetes API, run API commands on it, and pull metrics, the eG agent has to be configured with a valid authentication bearer token. To generate this token, follow the steps below:
- Go to the master node shell in the Kubernetes/OpenShift cluster.
Type the below command to create the "eginnovations" service account
kubectl create -f https://raw.githubusercontent.com/eGInnovationsInc/kubernetes/master/eginnovations.yaml
Type the below command to get the secret name associated with "eginnovations" service account. Usually, the secret name is in the format "eginnovations-token-xxxxx".
kubectl get serviceaccount eginnovations | grep -i tokens
Type the below command and replace the <xxxxx> with the secret name token from step 3 to get the authentication bearer token.
kubectl describe secrets <xxxxx> | grep -I "token:"
Copy the token from step 4 and paste to the AUTHENTICATION TOKEN field in the monitoring information section of the Kubernetes Cluster Preferences page that appears when managing a Kubernetes/OpenShift cluster using the eG admin interface. To know how to manage a cluster using the eG admin interface, refer to How to Monitor the Kubernetes/OpenShift Cluster Using eG Enterprise?