Coralogix Operator
The Coralogix Operator is an open-source Kubernetes Operator that automates configuration and management of Coralogix APIs in a Kubernetes environment.
Overview
The Coralogix Operator is built upon a Kubernetes Operator pattern, enabling you to define the desired state of your Coralogix account using declarative configuration files named custom resource definitions (CRDs). It leverages the Kubernetes reconcile loop to ensure this desired state.
Note: The Coralogix Operator is in alpha, with the current version being unstable.
Management of Functionalities
The Operator manages the following Coralogix functionalities:
A full list of rule configuration samples can be found here.
Leveraging PrometheusRules
For those customers using Prometheus Operator, the Operator can also be used to manage the CRD PrometheusRules. The Operator leverages existing PrometheusRules to manage Coralogix recording and alerting rules, ensuring the smoothest possible integration.
Prerequisites
- A Kubernetes cluster
Installation
The following steps demonstrate how to get started. Full instructions can be found here.
STEP 1. Add our Helm charts repository to the local repos list. This command will create a repository named coralogix
.
STEP 2. Update the Helm values with your API Key and the region associated with your Coralogix domain, as in the example configuration below. To use this API you need to create a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.
Preset | Action | Description |
---|---|---|
Alerts | ALERTS-MAP:READ ALERTS:READCONFIG ALERTS:UPDATECONFIG LOGS.ALERTS:READCONFIG LOGS.ALERTS:UPDATECONFIG SPANS.ALERTS:READCONFIG SPANS.ALERTS:UPDATECONFIG METRICS.ALERTS:READCONFIG METRICS.ALERTS:UPDATECONFIG ALERTS:SNOOZE SUPPRESSION-RULES:READCONFIG SUPPRESSION-RULES:UPDATECONFIG TEAM-ALERTS-SETTINGS:MANAGE TEAM-ALERTS-SETTINGS:READCONFIG | View Alerts Map Read Flow Alert Settings Manage Flow Alert Settings View Log-Based Alert Settings Manage Log-Based Alert Settings View Traces Alert Settings Manage Traces Alert Settings View Metric Alert Settings Manage Metric Alerts Snooze/Unsnooze Alerts Read Suppression-Rules Settings Manage Suppression-Rules Settings Change cx_alerts toggle in Team settings Read cx_alerts toggle in Team settings |
OutboundWebhooks | OUTBOUND-WEBHOOKS:READCONFIG OUTBOUND-WEBHOOKS:UPDATECONFIG OUTBOUND-WEBHOOKS:READSUMMARY | View Outbound Webhooks Configuration Manage Outbound Webhooks View Outbound Webhooks list |
RecordingRules | METRICS.RECORDING-RULES:READCONFIG METRICS.RECORDING-RULES:UPDATECONFIG | View Recording Rules Manage Recording Rules |
ParsingRules | PARSING-RULES:READCONFIG PARSING-RULES:UPDATECONFIG | View Parsing Rules Manage Parsing Rules |
ApiKeys | DATA-INGEST-API-KEYS:MANAGE DATA-INGEST-API-KEYS:READCONFIG PERSONAL-CUSTOM-API-KEYS:MANAGE PERSONAL-CUSTOM-API-KEYS:READCONFIG TEAM-CUSTOM-API-KEYS:MANAGE TEAM-CUSTOM-API-KEYS:READCONFIG | Create, Modify and Delete send your data API keys View send your data API keys Create, Modify and Delete personal API keys View personal API keys Create, Modify and Delete team level API keys View team level API keys |
coralogixOperator:
region: "EUROPE1"
prometheusRules:
enabled: false
secret:
data:
apiKey: <cx_api_key>
Note
region
: Should be formatted as follows - APAC1, APAC2, EUROPE1, EUROPE2, USA1, USA2, STG.prometheusRules
: Must be set to false.
STEP 3. Run the following command to install the helm chart on your cluster:
STEP 3. To uninstall the helm chart, run the following:
Manage Your Coralogix Account Using CRDs
Once the Coralogix Operator is installed and running on your cluster, manage your Coralogix account using CRDs. The following section provides samples of available features.
Alerting Management
The Coralogix Operator provides a feature to manage alerts using the Alert CRD. Here is a sample CRD definition using PromQL.
apiVersion: coralogix.com/v1alpha1
kind: Alert
metadata:
name: promql-alert-example
spec:
name: promql alert example
description: alert from k8s operator
severity: Critical
notificationGroups:
- notifications:
- notifyOn: TriggeredOnly
integrationName: WebhookAlerts
retriggeringPeriodMinutes: 1
- notifyOn: TriggeredAndResolved
emailRecipients: [ "[email protected]" ]
retriggeringPeriodMinutes: 1440
- groupByFields: [ "coralogix.metadata.sdkId" ]
notifications:
- notifyOn: TriggeredOnly
integrationID: 2235
retriggeringPeriodMinutes: 1
- notifyOn: TriggeredAndResolved
emailRecipients: [ "[email protected]" ]
retriggeringPeriodMinutes: 1440
scheduling:
daysEnabled: ["Wednesday", "Thursday"]
timeZone: UTC+02
startTime: 08:30
endTime: 20:30
alertType:
metric:
promql:
searchQuery: http_requests_total{status!~\\"4..\\"}
conditions:
alertWhen: More
threshold: 3
sampleThresholdPercentage: 50
timeWindow: TwelveHours
minNonNullValuesPercentage: 10
Save this file as prometheusalert.yaml
and then apply the following alert:
Once Coralogix Operator syncs the alert, you will be able to view it by navigating to Alerts in your Coralogix UI.
Find more information about the Alert CRD API definition in our Coralogix Operator API documentation.
Recording Rules Management
The Coralogix Operator provides a feature to manage recording rules using the RecordingRuleGroupSet CRD. Here is a sample CRD definition using PromQL.
apiVersion: coralogix.com/v1alpha1
kind: RecordingRuleGroupSet
metadata:
name: kube-state-metrics
spec:
groups:
- name: kube-state-metrics
intervalSeconds: 60
rules:
- expr: kube_pod_info * on(pod, node) group_left(resource) sum by (pod, node, resource)(kube_pod_container_resource_requests{resource="memory"})
record: workload_pod_resources_memory:kube_pod_container_resource_requests:join
Find more information about the Alert CRD API definition in our Coralogix Operator API documentation.
Parsing Rules Management
The Coralogix Operator provides a feature to manage parsing rules using the RuleGroup CRD. Here is a sample CRD definition using parsing log fields.
apiVersion: coralogix.com/v1alpha1
kind: RuleGroup
metadata:
name: parsing-rule
spec:
name: parsing-rule
description: rule-group from k8s operator
applications: ["application-name"]
subsystems: ["subsystems-name"]
severities: ["Warning", "Info"]
subgroups:
- rules:
- name: HttpRequestParser2
description: Parse the fields of the HTTP request - will be applied after HttpRequestParser1
parse:
sourceField: text
destinationField: text
regex: (?P<remote_addr>\\\\d{1,3}.\\\\d{1,3}.\\\\d{1,3}.\\\\d{1,3})\\\\s*-\\\\s*(?P<user>[^ ]+)\\\\s*\\\\[(?P<timestemp>\\\\d{4}-\\\\d{2}\\\\-\\\\d{2}T\\\\d{2}\\\\:\\\\d{2}\\\\:\\\\d{2}\\\\.\\\\d{1,6}Z)\\\\]\\\\s*\\\\\\\\\\\\\\"(?P<method>[A-z]+)\\\\s[\\\\/\\\\\\\\]+(?P<request>[^\\\\s]+)\\\\s*(?P<protocol>[A-z0-9\\\\/\\\\.]+)\\\\\\\\\\\\\\"\\\\s*(?P<status>\\\\d+)\\\\s*(?P<body_bytes_sent>\\\\d+)?\\\\s*?\\\\\\\\\\\\\\"(?P<http_referer>[^\\"]+)\\\\\\"\\\\s*\\\\\\\\\\\\\\"(?P<http_user_agent>[^\\"]+)\\\\\\"\\\\s(?P<request_time>\\\\d{1,6})\\\\s*(?P<response_time>\\\\d{1,6})
Leveraging PrometheusRules
For those customers using Prometheus Operator, the Operator can also be used to manage the CRD PrometheusRules. Samples of available features can be found below.
Recording Rules Management with PrometheusRules
Leverage existing PrometheusRules to manage Coralogix recording rules with the addition of the label app.coralogix.com/track-recording-rules: "true"
to PrometheusRules, as in the example below.
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
## Coralogix label to indicate to the Coralogix Operator
## Create Recording Rules on Coralogix using this PrometheusRule
app.coralogix.com/track-recording-rules: "true"
name: kube-state-metrics
namespace: observability
spec:
groups:
- name: kube-state-metrics
rules:
- expr: kube_pod_info * on(pod, node) group_left(resource) sum by (pod, node, resource)(kube_pod_container_resource_requests{resource="memory"})
labels:
namespace: observability
record: workload_pod_resources_memory:kube_pod_container_resource_requests:join
Alerting Management with PrometheusRules
Leverage existing PrometheusRules to manage Coralogix alerts with the addition of the label app.coralogix.com/track-alerting-rules: "true"
to PrometheusRules, as in the example below.
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
## Coralogix label to indicate to the Coralogix Operator
## Create Recording Rules on Coralogix using this PrometheusRule
app.coralogix.com/track-alerting-rules: "true"
name: kube-state-metrics
namespace: observability
spec:
groups:
- name: kube-state-metrics
rules:
- alert: PodFrequentlyRestarting
annotations:
description: >-
Pod {{$labels.pod}} in namespace: observability was restarted more
than 3 times
summary: Pod is restarting frequently
expr: >-
sum(increase(kube_pod_container_status_restarts_total{container=~"kube-state-metrics",
job="kube-state-metrics", pod=~"kube-state-metrics-.*"}[5m])) by
(pod, namespace) > 3
labels:
namespace: observability
severity: critical
Additional Resources
GitHub | Coralogix Operator GitHub Repository Coralogix Operator API |
--- | --- |
External | Kubebuilder |
Blob | Introduction to Kubernetes Observability |
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].