You are here

Kubernetes Namespace Monitoring

Requires Opsview Cloud or Opsview Monitor 6.3

This Host Template is part of the Kubernetes Namespace Monitoring Opspack

check_circle
Opsview Supported

Host Template: Application - Kubernetes - Namespace

Monitor your Kubernetes namespace with collective metrics for nodes and pods.

This Host Template includes the following Service Checks:

Service Check Name Description Default Thresholds (Warning, Critical) UOM
Kubernetes - Namespace - Pods Summary of the status of the pods within this namespace. pods_not_running=0,0pods_total=1:, N/A
Kubernetes - Namespace - Active Summary of whether the namespace is active or not. namespace_critical=0,0 N/A

Usage Instructions

This host template requires the Opsview READ-ONLY service account to be added to your cluster.

To access live usage metrics, you will need to install metrics-server on your cluster.

Step 1: Add this Host Template

Add the Application - Kubernetes - Namespace Host Template to your Opsview Monitor host. If the resource you're monitoring has no hostname or public IP, then open the Advanced settings pane and change Host Check Command to Always assumed to be UP.

For more information, refer to Opsview Knowledge Center - Adding Host Templates to Hosts.

Step 2: Add and configure variables required for this Host Template

The Service Checks in this Host Template use the following variables, and they will be added to your Opsview Monitor instance when you import the Opspack:

Authentication variables

This Host Template supports client authentication using bearer tokens and X509 client certificates.

Authentication using bearer tokens

If authenticating using bearer tokens, specify the Kubernetes API Bearer Token argument in the KUBERNETES_CLUSTER_DETAILS variable. Optionally, to enable server certificate validation, provide the CA Certificate Path argument in the KUBERNETES_CERTIFICATES variable.

Authentication using X509 client certificates

If authenticating using client certificates, specify the Client Certificate Path and Client Key Path arguments in the KUBERNETES_CERTIFICATES variable. When authenticating using client certificates, server certificate validation is required. To enable this, provide the CA Certificate Path argument in the KUBERNETES_CERTIFICATES variable.

KUBERNETES_CLUSTER_DETAILS

The Value is not used and therefore can be set to anything. Override the arguments with your Cluster Details.Run kubectl config view from your master node shell to see the API server address.The bearer token is created when creating the Opsview read-only service account, see the 'Installing Metrics Server' section for more information.

Parameter Position in Variable Name Description
--api-server-address Arg1 Kubernetes API Server Address Server address and port number of your Kubernetes API server.This will consist of https://your.server.address.number:port-number
--bearer-token Arg2 Kubernetes API Bearer Token Bearer token of your READ-ONLY service account.

KUBERNETES_NAMESPACE

The Value is not used and therefore can be set to anything. Override the argument with the name of your Namespace.Run kubectl describe namespace from your cluster master to see available namespaces.

Parameter Position in Variable Name Description
--namespace Arg1 Kubernetes Namespace The namespace you want to monitor inside your Kubernetes cluster.

For more information, refer to Opsview Knowledge Center - Adding Variables to Hosts.

For mode-specific help, run the plugin with the -h -m <mode> flags. This will list the required and optional Variable Arguments for that mode. The appropriate mode for each Service Check is listed here:

Service Check Name Mode
Kubernetes - Namespace - Pods K8.Namespace.Pods
Kubernetes - Namespace - Active K8.Namespace.Active

SSL Certificates

Additionally, if ssl verification is required, you can use the following variable to pass in your SSL certificates for use when connecting to the service provider to gather metrics:

KUBERNETES_CERTIFICATES

The Value is not used and therefore can be set to anything. Override the arguments with your certificate details. If you are using these certificates on a system that uses multiple clusters you can import your files by running as the opsview user /opt/opsview/orchestrator/bin/orchestratorimportscripts etc-certs /path/to/cert followed by an Apply Changes, which will set them up with the correct permissions in /opt/opsview/monitoringscripts/etc/certs on all Opsview collectors.

Parameter Position in Variable Name Description
--ca-path Arg1 CA Certificate Path Path to the CA Certificate. Optional, only required if server verification is needed.
--client-cert Arg2 Client Certificate Path Path to the Client Certificate. Optional, only required when using client certificates for authentication.
--client-key Arg3 Client Key Path Path to the Client Key. Optional, only required when using client certificates for authentication.

Step 3: Apply changes and the system will now be monitored

Kubernetes Namespace Service Checks