Splunk Distribution of the OpenTelemetry Collector as an AWS EKS Add-on π
Amazon Elastic Kubernetes Service (EKS) is a managed container service to run and scale Kubernetes applications in the Amazon Web services (AWS) cloud. Splunk Observability Cloud provides an EKS Add-on available in the AWS marketplace that allows you to seamlessly deploy the Splunk Distribution of the OpenTelemetry Collector to Amazon EKS clusters to track EKS performance by namespace, cluster, pod or organizational concepts such as team or application.
For more information, read the official AWS documentation at Amazon EKS add-ons .
Note
This Add-on is different from the Add-ons for the Splunk Platform. Refer to Splunk Supported Add-ons for more information.
Benefits π
The Splunk Distribution of the OpenTelemetry Collector Amazon EKS Add-on:
Provides simplified installation, configuration and management of Amazon EKS clusters.
Includes the latest security patches, bug fixes, and are validated by AWS to work with Amazon EKS.
Limitations π
While the Add-on deployment approach offers numerous advantages, be aware of these limitations:
The EKS Add-on integration doesnβt support Helm hooks and Helm subcharts. Consequently, certain features that rely on these capabilities are unavailable, such as:
The Collector Secret Validation feature is unavailable as it uses a Helm hook.
Operator-based Auto-Instrumentation is unsupported since it relies on subcharts for deploying necessary components.
With the EKS Add-on, you can only deploy one instance of the Splunk Distribution of the OTel Collector per EKS cluster. Take into account this limitation when planning for scale and redundancy.
Install the EKS Add-on with secure token handling π
To install the EKS Add-on Splunk Distribution of the OpenTelemetry Collector follow these steps:
Step 1: Subscribe to the EKS Add-on in the AWS Marketplace π
In your AWS Marketplace, ensure that:
You have sufficient permissions in your AWS account to enable this Add-on.
Complete the subscription process in the AWS console. Go to the AWS Marketplace Page to add the EKS Add-on Splunk Distribution of the OpenTelemetry Collector to your AWS account.
Step 2: Prerequisites π
Make sure you comply with the following requisites:
Credentials π
Make sure you have credentials for Splunk Observability Cloud or Splunk Platform.
Destination requirements π
For splunkObservability:
splunkObservability.accessToken. Your Splunk Observability org access token. See Create and manage organization access tokens using Splunk Observability Cloud.splunkObservability.realm. Splunk realm to send telemetry data to. The default isus0. See more in our developer portal realms docs .
For splunkPlatform (Splunk Enterprise or Splunk Cloud):
Splunk Enterprise 8.0 or higher.
At least one Splunk platform index to collect log data.
An HTTP Event Collector (HEC) token and endpoint. See Set up and use HTTP Event Collector in Splunk Web and Scale HTTP Event Collector .
Step 3: Add the Add-on to your EKS clusters π
Follow the steps outlined in the Amazon EKS User Guide to add an Add-on using eksctl, the AWS Management Console, or the AWS CLI.
Find the Amazon EKS User Guide at Managing Amazon EKS add-ons .
Step 4: Configure the Add-on with improved security π
To configure the Splunk Distribution of the OpenTelemetry Collector EKS Add-on, prepare a YAML file tailored to your Splunk set-up, replacing placeholder values with your specific configuration details.
Caution
For security reasons, avoid including tokens or any sensitive data in the configuration file, as EKS Add-on configurations are exposed within the EKS web console.
For splunkObservability:
splunkObservability:
realm: <REALM>
clusterName: <EKS_CLUSTER_NAME>
cloudProvider: aws
distribution: eks
secret:
create: false
name: splunk-otel-collector
validateSecret: false
For splunkPlatform:
splunkPlatform:
endpoint: http://localhost:8088/services/collector
clusterName: <EKS_CLUSTER_NAME>
cloudProvider: aws
distribution: eks
secret:
create: false
name: splunk-otel-collector
validateSecret: false
Note
For more specific configuration information, see Install the Collector for Kubernetes using Helm.
Step 5: Add your secret and deploy π
Deploy the secret into the Splunk monitoring namespace by applying a YAML file, or by using the kubectl command.
YAML file π
To deploy the secret, use a distinct Kubernetes secret YAML file with sensitive tokens, separate from the Add-on configuration YAML.
Use the command:
kubectl apply -f splunk-otel-collector-secret.yaml
Hereβs a template for the secret YAML file:
apiVersion: v1
kind: Secret
metadata:
name: splunk-otel-collector
namespace: splunk-monitoring
type: Opaque
data:
splunk_observability_access_token: <YOUR_ACCESS_TOKEN> # Replace with your actual access token
splunk_platform_hec_token: <YOUR_HEC_TOKEN> # Add this line only if using with splunkPlatform
kubectl command π
To create secrets, use kubectl command:
For splunkObservability:
kubectl create secret generic splunk-otel-collector \
--from-literal=splunk_observability_access_token=<YOUR_ACCESS_TOKEN> \
-n splunk-monitoring
Replace <YOUR_ACCESS_TOKEN> with your actual Splunk Observability Cloud access token.
For splunkPlatform:
kubectl create secret generic splunk-otel-collector \
--from-literal=splunk_platform_hec_token=<YOUR_HEC_TOKEN> \
-n splunk-monitoring
Replace <YOUR_HEC_TOKEN> with your actual Splunk Platform HEC token.
Step 6: Wait for the Collector π
After adding the secret, allow some time for the Collector to detect your secret and start running successfully.
Install the EKS Add-on without secure token handling π
Alternatively, you can install the EKS Add-on with lower levels of security, without deploying a secret.
Caution
For security reasons, avoid including tokens or any sensitive data in the configuration file, as EKS Add-on configurations are exposed within the EKS web console.
Prepare a YAML file tailored to your Splunk set-up as follows.
For splunkObservability:
splunkObservability:
accessToken: <YOUR_ACCESS_TOKEN>
realm: <REALM>
clusterName: <EKS_CLUSTER_NAME>
cloudProvider: aws
distribution: eks
Replace <YOUR_ACCESS_TOKEN> and <REALM> with your actual Splunk Observability Cloud access token within the corresponding realm, and replace <EKS_CLUSTER_NAME> with your actual EKS clusterβs name.
For splunkPlatform:
splunkPlatform:
endpoint: http://localhost:8088/services/collector
token: <YOUR_HEC_TOKEN>
clusterName: <EKS_CLUSTER_NAME>
cloudProvider: aws
distribution: eks
Replace <YOUR_HEC_TOKEN> with your actual Splunk Platform HEC token, and replace <EKS_CLUSTER_NAME> with your actual EKS clusterβs name.
Note
For more specific configuration information, see Install the Collector for Kubernetes using Helm.