Sensu Kubernetes Events Check
Table of Contents
- Discussion
- Overview
- Usage examples
- Configuration
- Installation from source
- Additional notes
- Contributing
Discussion
This plugin is in its early stages of development and we welcome your feedback on it and other future Kubernetes plugins. Please visit the Kubernetes SIG on the Sensu Community Forums to provide feedback and submit feature requests.
Overview
The Sensu Kubernetes events check is a Sensu Check that uses the Kubernetes Event API to identify events that should generate corresponding Sensu events.
This check should be thought of as a meta-check. The check itself, unless it encounters issues (e.g. trouble authenticating with Kubernetes for API access), will always return an OK status (exit code 0). However, for each matching event type it does find, it will create separate events using the agent API.
Given the above, when a matching event occurs, the check will need to be able
to connect to the agent API on http://127.0.0.1:3031/events
.
Usage examples
Sensu Kubernetes events check
Usage:
sensu-kubernetes-events [flags]
sensu-kubernetes-events [command]
Available Commands:
help Help about any command
version Print the version number of this plugin
Flags:
-a, --agent-api-url string The URL for the Agent API used to send events (default "http://127.0.0.1:3031/events")
-t, --event-type string Query for fieldSelector type (supports = and !=) (default "!=Normal")
-e, --external Connect to cluster externally (using kubeconfig)
-h, --help help for sensu-kubernetes-events
-c, --kubeconfig string Path to the kubeconfig file (default $HOME/.kube/config)
-l, --label-selectors string Query for labelSelectors (e.g. release=stable,environment=qa)
-n, --namespace string Namespace to which to limit this check (defaults to check's namespace, use "all" for all namespaces)
-k, --object-kind string Object kind to limit query to (Pod, Cluster, etc.)
-s, --status-map string Map Kubernetes event type to Sensu event status (default "{\"normal\": 0, \"warning\": 1, \"default\": 3}")
Use "sensu-kubernetes-events [command] --help" for more information about a command.
Namespaces
By default this check assumes your Sensu namespace matches up with your
Kubernetes namespace and therefore uses that same namespace when querying
the API for events. You can override this with the --namespace
flag.
To have one check run for events from all Kubernetes namespaces, you can
specify --namespace all
.
API authentication
In order to query the API, the check must authenticate. The normal use case
would be for the check to be running in a container in a Kubernetes pod and
would make use of the rest.InClusterConfig()
function to handle API host
discovery and authentication automatically. That is described here.
This is the default behavior.
To use "external" access requires the use of kubeconfig files similar to the
kubectl command. This method is enabled via the --external
flag. Additionally,
the --kubeconfig
option can be used to point to an alternative kubeconfig file.
Object kind
If an object kind is not specified via the --object-kind
argument, events for
all object kinds (cluster, pod, etc.) will be returned.
Event types
The expected use case for this check is to find anomalous events in your
Kubernetes environment(s). For that reason, the default event type is
!=Normal
.
Label selectors
Label selectors can be used to limit the scope of the Kubernetes events
returned and checked against the requested event type. You can specify multiple
selectors by separating them with commas as the value for the
--label-selectors
argument.
Status map
The status map allows you to map the event type (e.g. Normal, Warning) to a Sensu event check result. It is a simple JSON map represented as a string. The event types are case-insensitive. The default, below, shows that Normal maps to OK (0), Warning maps to Warning (1), and Default (anything else) maps to Unknown (3):
{
"Normal": 0,
"Warning": 1,
"Default": 3
}
Configuration
Asset registration
Sensu Assets are the best way to make use of this plugin. If you're not using an asset, please consider doing so! If you're using sensuctl 5.13 with Sensu Backend 5.13 or later, you can use the following command to add the asset:
sensuctl asset add sensu/sensu-kubernetes-events
If you're using an earlier version of sensuctl, you can find the asset on the Bonsai Asset Index.
Check definition
---
type: CheckConfig
api_version: core/v2
metadata:
name: sensu-kubernetes-events
namespace: default
spec:
command: >-
sensu-kubernetes-events
--agent-api-url http://127.0.0.1:3031/events
--event-type "!=Normal"
subscriptions:
- system
runtime_assets:
- sensu/sensu-kubernetes-events
stdin: true
handlers:
- slack
Notes:
- The check definition requires
stdin
be set totrue
. - Any Events created by this check will include the handlers defined for it.
Installation from source
The preferred way of installing and deploying this plugin is to use it as an Asset. If you would like to compile and install the plugin from source or contribute to it, download the latest version or create an executable binary from this source.
From the local path of the sensu-kubernetes-events repository:
go build
Additional notes
Contributing
For more information about contributing to this plugin, see Contributing.