Skip to content

Coralogix Operator

The Coralogix Operator is an open-source Kubernetes Operator that automates configuration and management of Coralogix APIs in a Kubernetes environment.

Overview

The Coralogix Operator is built upon a Kubernetes Operator pattern, enabling you to define the desired state of your Coralogix account using declarative configuration files named custom resource definitions (CRDs). It leverages the Kubernetes reconcile loop to ensure this desired state.

Note: The Coralogix Operator is in alpha, with the current version being unstable.

Management of Functionalities

The Operator manages the following Coralogix functionalities:

A full list of rule configuration samples can be found here.

Leveraging PrometheusRules

For those customers using Prometheus Operator, the Operator can also be used to manage the CRD PrometheusRules. The Operator leverages existing PrometheusRules to manage Coralogix recording and alerting rules, ensuring the smoothest possible integration.

Prerequisites

  • A Kubernetes cluster

Installation

The following steps demonstrate how to get started. Full instructions can be found here.

STEP 1. Add our Helm charts repository to the local repos list. This command will create a repository named coralogix.

helm repo add coralogix https://cgx.jfrog.io/artifactory/coralogix-charts-virtual
helm repo update

STEP 2. Update the Helm values with your API Key and the region associated with your Coralogix domain, as in the example configuration below. To use this API you need to create a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.

PresetActionDescription
AlertsALERTS-MAP:READ
ALERTS:READCONFIG
ALERTS:UPDATECONFIG
LOGS.ALERTS:READCONFIG
LOGS.ALERTS:UPDATECONFIG
SPANS.ALERTS:READCONFIG
SPANS.ALERTS:UPDATECONFIG
METRICS.ALERTS:READCONFIG
METRICS.ALERTS:UPDATECONFIG
ALERTS:SNOOZE
SUPPRESSION-RULES:READCONFIG
SUPPRESSION-RULES:UPDATECONFIG
TEAM-ALERTS-SETTINGS:MANAGE
TEAM-ALERTS-SETTINGS:READCONFIG
View Alerts Map
Read Flow Alert Settings
Manage Flow Alert Settings
View Log-Based Alert Settings
Manage Log-Based Alert Settings
View Traces Alert Settings
Manage Traces Alert Settings
View Metric Alert Settings
Manage Metric Alerts
Snooze/Unsnooze Alerts
Read Suppression-Rules Settings
Manage Suppression-Rules Settings
Change cx_alerts toggle in Team settings
Read cx_alerts toggle in Team settings
OutboundWebhooksOUTBOUND-WEBHOOKS:READCONFIG
OUTBOUND-WEBHOOKS:UPDATECONFIG
OUTBOUND-WEBHOOKS:READSUMMARY
View Outbound Webhooks Configuration
Manage Outbound Webhooks
View Outbound Webhooks list
RecordingRulesMETRICS.RECORDING-RULES:READCONFIG
METRICS.RECORDING-RULES:UPDATECONFIG
View Recording Rules
Manage Recording Rules
ParsingRulesPARSING-RULES:READCONFIG
PARSING-RULES:UPDATECONFIG
View Parsing Rules
Manage Parsing Rules
ApiKeysDATA-INGEST-API-KEYS:MANAGE
DATA-INGEST-API-KEYS:READCONFIG
PERSONAL-CUSTOM-API-KEYS:MANAGE
PERSONAL-CUSTOM-API-KEYS:READCONFIG
TEAM-CUSTOM-API-KEYS:MANAGE
TEAM-CUSTOM-API-KEYS:READCONFIG
Create, Modify and Delete send your data API keys
View send your data API keys
Create, Modify and Delete personal API keys
View personal API keys
Create, Modify and Delete team level API keys
View team level API keys
coralogixOperator:
  region: "EUROPE1"
  prometheusRules:
    enabled: false

secret:
  data:
    apiKey: <cx_api_key>

Note

  • region: Should be formatted as follows - APAC1, APAC2, EUROPE1, EUROPE2, USA1, USA2, STG.

  • prometheusRules: Must be set to false.

STEP 3. Run the following command to install the helm chart on your cluster:

helm install <my-release> coralogix/coralogix-operator

STEP 3. To uninstall the helm chart, run the following:

helm delete <my-release>

Manage Your Coralogix Account Using CRDs

Once the Coralogix Operator is installed and running on your cluster, manage your Coralogix account using CRDs. The following section provides samples of available features.

Alerting Management

The Coralogix Operator provides a feature to manage alerts using the Alert CRD. Here is a sample CRD definition using PromQL.

apiVersion: coralogix.com/v1alpha1
kind: Alert
metadata:
  name: promql-alert-example
spec:
  name: promql alert example
  description: alert from k8s operator
  severity: Critical
  notificationGroups:
    - notifications:
        - notifyOn: TriggeredOnly
          integrationName: WebhookAlerts
          retriggeringPeriodMinutes: 1
        - notifyOn: TriggeredAndResolved
          emailRecipients: [ "[email protected]" ]
          retriggeringPeriodMinutes: 1440
    - groupByFields: [ "coralogix.metadata.sdkId" ]
      notifications:
        - notifyOn: TriggeredOnly
          integrationID: 2235
          retriggeringPeriodMinutes: 1
        - notifyOn: TriggeredAndResolved
          emailRecipients: [ "[email protected]" ]
          retriggeringPeriodMinutes: 1440
  scheduling:
    daysEnabled: ["Wednesday", "Thursday"]
    timeZone: UTC+02
    startTime: 08:30
    endTime: 20:30
  alertType:
    metric:
      promql:
        searchQuery: http_requests_total{status!~\\"4..\\"}
        conditions:
          alertWhen: More
          threshold: 3
          sampleThresholdPercentage: 50
          timeWindow: TwelveHours
          minNonNullValuesPercentage: 10

Save this file as prometheusalert.yaml and then apply the following alert:

 kubectl apply -f prometheusalert.yaml

Once Coralogix Operator syncs the alert, you will be able to view it by navigating to Alerts in your Coralogix UI.

Find more information about the Alert CRD API definition in our Coralogix Operator API documentation.

Recording Rules Management

The Coralogix Operator provides a feature to manage recording rules using the RecordingRuleGroupSet CRD. Here is a sample CRD definition using PromQL.

apiVersion: coralogix.com/v1alpha1
kind: RecordingRuleGroupSet
metadata:
  name: kube-state-metrics
spec:
  groups:
    - name: kube-state-metrics
      intervalSeconds: 60
      rules:
        - expr: kube_pod_info * on(pod, node) group_left(resource) sum by (pod, node, resource)(kube_pod_container_resource_requests{resource="memory"})
          record: workload_pod_resources_memory:kube_pod_container_resource_requests:join

Find more information about the Alert CRD API definition in our Coralogix Operator API documentation.

Parsing Rules Management

The Coralogix Operator provides a feature to manage parsing rules using the RuleGroup CRD. Here is a sample CRD definition using parsing log fields.

apiVersion: coralogix.com/v1alpha1
kind: RuleGroup
metadata:
  name: parsing-rule
spec:
  name: parsing-rule
  description: rule-group from k8s operator
  applications: ["application-name"]
  subsystems: ["subsystems-name"]
  severities: ["Warning", "Info"]
  subgroups:
    - rules:
        - name: HttpRequestParser2
          description: Parse the fields of the HTTP request - will be applied after HttpRequestParser1
          parse:
            sourceField: text
            destinationField: text
            regex: (?P<remote_addr>\\\\d{1,3}.\\\\d{1,3}.\\\\d{1,3}.\\\\d{1,3})\\\\s*-\\\\s*(?P<user>[^ ]+)\\\\s*\\\\[(?P<timestemp>\\\\d{4}-\\\\d{2}\\\\-\\\\d{2}T\\\\d{2}\\\\:\\\\d{2}\\\\:\\\\d{2}\\\\.\\\\d{1,6}Z)\\\\]\\\\s*\\\\\\\\\\\\\\"(?P<method>[A-z]+)\\\\s[\\\\/\\\\\\\\]+(?P<request>[^\\\\s]+)\\\\s*(?P<protocol>[A-z0-9\\\\/\\\\.]+)\\\\\\\\\\\\\\"\\\\s*(?P<status>\\\\d+)\\\\s*(?P<body_bytes_sent>\\\\d+)?\\\\s*?\\\\\\\\\\\\\\"(?P<http_referer>[^\\"]+)\\\\\\"\\\\s*\\\\\\\\\\\\\\"(?P<http_user_agent>[^\\"]+)\\\\\\"\\\\s(?P<request_time>\\\\d{1,6})\\\\s*(?P<response_time>\\\\d{1,6})

Leveraging PrometheusRules

For those customers using Prometheus Operator, the Operator can also be used to manage the CRD PrometheusRules. Samples of available features can be found below.

Recording Rules Management with PrometheusRules

Leverage existing PrometheusRules to manage Coralogix recording rules with the addition of the label app.coralogix.com/track-recording-rules: "true" to PrometheusRules, as in the example below.

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  labels:
    ## Coralogix label to indicate to the Coralogix Operator
    ## Create Recording Rules on Coralogix using this PrometheusRule
    app.coralogix.com/track-recording-rules: "true"
  name: kube-state-metrics
  namespace: observability
spec:
  groups:
    - name: kube-state-metrics
      rules:
        - expr: kube_pod_info * on(pod, node) group_left(resource) sum by (pod, node, resource)(kube_pod_container_resource_requests{resource="memory"})
          labels:
            namespace: observability
          record: workload_pod_resources_memory:kube_pod_container_resource_requests:join

Alerting Management with PrometheusRules

Leverage existing PrometheusRules to manage Coralogix alerts with the addition of the label app.coralogix.com/track-alerting-rules: "true" to PrometheusRules, as in the example below.

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  labels:
    ## Coralogix label to indicate to the Coralogix Operator
    ## Create Recording Rules on Coralogix using this PrometheusRule
    app.coralogix.com/track-alerting-rules: "true"
  name: kube-state-metrics
  namespace: observability
spec:
  groups:
    - name: kube-state-metrics
      rules:
        - alert: PodFrequentlyRestarting
          annotations:
            description: >-
              Pod {{$labels.pod}} in namespace: observability was restarted more
              than 3 times
            summary: Pod is restarting frequently
          expr: >-
            sum(increase(kube_pod_container_status_restarts_total{container=~"kube-state-metrics",
            job="kube-state-metrics", pod=~"kube-state-metrics-.*"}[5m])) by
            (pod, namespace) > 3
          labels:
            namespace: observability
            severity: critical

Additional Resources

GitHubCoralogix Operator GitHub Repository
Coralogix Operator API
------
ExternalKubebuilder
BlobIntroduction to Kubernetes Observability

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].