Splunk Connect for Kubernetes on EKS!

Our friends at AWS made their highly-anticipated Elastic Container Service for Kubernetes (EKS) available earlier this month, making this the perfect time for Splunkers, Splunk customers and IT practitioners alike to get familiar with the phenomena that is Kubernetes. Why are we so excited about this? Because it means we can start taking advantage of a fully-managed service that makes it easy to deploy, manage and scale containerized applications using Kubernetes on AWS.

EKS makes it simple to jump into exploring a highly-available, production-ready implementation of the Kubernetes API without having to learn or manage the Kubernetes Control Plane ourselves. (Don’t worry, Kelsey – I promise to walk through “Kubernetes the Hard Way” in future labs!). ;) 

This is also a chance to check out how Splunk can help collect your Kubernetes logs, metrics and metadata—all in one place—with Splunk Connect for Kubernetes!

Splunk Connect for Kubernetes is a collection of Helm charts that will deploy a Splunk-supported deployment of Fluentd* to your Kubernetes cluster, complete with a Splunk-built Fluentd HEC plugin to ship logs and metadata, and a metrics deployment that will capture your cluster metrics into Splunk’s Metric Store for use with our new analysis workspace.

In this walkthrough, EKS will provide the elements in the “Kubernetes Master” box pictured below, while we'll run the “Kubernetes Minions” (aka Worker Nodes or simply “Nodes”).

To follow along with us, you'll need the following:

  • The AWS Quickstart Manual

  • A valid AWS account to deploy EKS with (OR an already functioning Kubernetes cluster so you can skip right to deploying Splunk Connect for Kubernetes in your flavor of Kubernetes)

  • 3 Splunk Indexes (one for logs, one for meta, one for metrics; feel free to combine the logs and meta into one index if you want)

  • A valid HEC token

  • Splunk Connect for Kubernetes

After this walkthrough, we'll end up with a Kubernetes environment that looks like this: 

That's a beauty of an ITSI glass table candidate, if I’ve ever seen one… :) Stay tuned for more in a future lab!

Getting Started

I have prepared screencasts of my journey through the EKS setup guide to help guide you on your way!

In this first lab, we cover creating an EKS cluster, connecting with kubectl and deploying a sample app—Guestbook.



Now that you have a brand new EKS cluster, part 2 of the lab guides you through shipping logs, metadata, and metrics to Splunk Enterprise!

In this video we cover:

  • Ensuring our Splunk Indexes are created – In my screencast, I’ve already set up the indexes for logs, optional separate metadata index, and metrics, but you can read a step-by-step guide in the Splunk documentation.

  • Validate HEC Token(s) are created

  • Create a namespace for Splunk Connect for Kubernetes

    kubectl create ns splunk-connect-k8s                                         
  • Create a Service Account & Role Binding for Tiller

  • Deploy Tiller

    helm init --service-account tiller --tiller-namespace splunk-connect-k8s
  • Create values.yaml

  • Install Splunk Connect for Kubernetes

    helm install --name   --tiller-namespace splunk-connect-k8s --namespace splunk-connect-k8s -f values.yaml



Wrap Up

You are now the Captain of your very own, Splunk-instrumented, EKS cluster!

This is just the beginning of our voyage into the vast topic of containers and container orchestration, but with Splunk as your first mate, it should be smooth sailing from here on out!

We want to hear from you!

Are you looking to monitor Kubernetes clusters or other container environments? Looking to run Splunk in a containerized environment?

Join us on:

*You must have a valid support contract

Matthew Modestino

Posted by