Splunk Distribution of the OpenTelemetry Collector as an AWS EKS Add-on
Kubernetes via the EKS Add-on installation
Amazon Elastic Kubernetes Service (EKS) is a managed container service to run and scale Kubernetes applications in the Amazon Web services (AWS) cloud. Splunk Observability Cloud provides an EKS Add-on available in the AWS marketplace that allows you to seamlessly deploy the Splunk Distribution of the OpenTelemetry Collector to Amazon EKS clusters to track EKS performance by namespace, cluster, pod or organizational concepts such as team or application.
For more information, read the official AWS documentation at Amazon EKS add-ons .
Benefits
The Splunk Distribution of the OpenTelemetry Collector Amazon EKS Add-on:
-
Provides simplified installation, configuration and management of Amazon EKS clusters.
-
Includes the latest security patches, bug fixes, and are validated by AWS to work with Amazon EKS.
Limitations
While the Add-on deployment approach offers numerous advantages, be aware of these limitations:
-
The EKS Add-on integration doesn’t support Helm hooks and Helm subcharts. Consequently, certain features that rely on these capabilities are unavailable, such as:
-
The Collector Secret Validation feature is unavailable as it uses a Helm hook.
-
Operator-based Auto-Instrumentation is unsupported since it relies on subcharts for deploying necessary components.
-
-
With the EKS Add-on, you can only deploy one instance of the Splunk Distribution of the OTel Collector per EKS cluster. Take into account this limitation when planning for scale and redundancy.
Install the EKS Add-on with secure token handling
To install the EKS Add-on Splunk Distribution of the OpenTelemetry Collector follow these steps:
Step 1: Subscribe to the EKS Add-on in the AWS Marketplace
In your AWS Marketplace, ensure that:
-
You have sufficient permissions in your AWS account to enable this Add-on.
-
Complete the subscription process in the AWS console. Go to the AWS Marketplace Page to add the EKS Add-on Splunk Distribution of the OpenTelemetry Collector to your AWS account.
Step 2: Prerequisites
Make sure you comply with the following requisites:
Credentials
Make sure you have credentials for Splunk Observability Cloud or Splunk Platform.
Destination requirements
For splunkObservability:
-
splunkObservability.accessToken. Your Splunk Observability org access token. See Create and manage organization access tokens using Splunk Observability Cloud. -
splunkObservability.realm. Splunk realm to send telemetry data to. The default isus0. See more in our developer portal realms docs .
For splunkPlatform (Splunk Enterprise or Splunk Cloud):
-
Splunk Enterprise 8.0 or higher.
-
At least one Splunk platform index to collect log data.
-
An HTTP Event Collector (HEC) token and endpoint. See Set up and use HTTP Event Collector in Splunk Web and Scale HTTP Event Collector .
Step 3: Add the Add-on to your EKS clusters
Follow the steps outlined in the Amazon EKS User Guide to add an Add-on using eksctl, the AWS Management Console, or the AWS CLI.
Find the Amazon EKS User Guide at Managing Amazon EKS add-ons .
Step 4: Configure the Add-on with improved security
To configure the Splunk Distribution of the OpenTelemetry Collector EKS Add-on, prepare a YAML file tailored to your Splunk set-up, replacing placeholder values with your specific configuration details.
For splunkObservability:
splunkObservability:
realm: <REALM>
clusterName: <EKS_CLUSTER_NAME>
cloudProvider: aws
distribution: eks
secret:
create: false
name: splunk-otel-collector
validateSecret: falseFor splunkPlatform:
splunkPlatform:
endpoint: http://localhost:8088/services/collector
clusterName: <EKS_CLUSTER_NAME>
cloudProvider: aws
distribution: eks
secret:
create: false
name: splunk-otel-collector
validateSecret: falseStep 5: Add your secret and deploy
Deploy the secret into the Splunk monitoring namespace by applying a YAML file, or by using the kubectl command.
YAML file
To deploy the secret, use a distinct Kubernetes secret YAML file with sensitive tokens, separate from the Add-on configuration YAML.
Use the command:
kubectl apply -f splunk-otel-collector-secret.yamlHere’s a template for the secret YAML file:
apiVersion: v1
kind: Secret
metadata:
name: splunk-otel-collector
namespace: splunk-monitoring
type: Opaque
data:
splunk_observability_access_token: <YOUR_ACCESS_TOKEN> # Replace with your actual access token
splunk_platform_hec_token: <YOUR_HEC_TOKEN> # Add this line only if using with splunkPlatformkubectl command
To create secrets, use kubectl command:
For splunkObservability:
kubectl create secret generic splunk-otel-collector \
--from-literal=splunk_observability_access_token=<YOUR_ACCESS_TOKEN> \
-n splunk-monitoringReplace <YOUR_ACCESS_TOKEN> with your actual Splunk Observability Cloud access token.
For splunkPlatform:
kubectl create secret generic splunk-otel-collector \
--from-literal=splunk_platform_hec_token=<YOUR_HEC_TOKEN> \
-n splunk-monitoringReplace <YOUR_HEC_TOKEN> with your actual Splunk Platform HEC token.
Step 6: Wait for the Collector
After adding the secret, allow some time for the Collector to detect your secret and start running successfully.
Install the EKS Add-on without secure token handling
Alternatively, you can install the EKS Add-on with lower levels of security, without deploying a secret.
Prepare a YAML file tailored to your Splunk set-up as follows.
For splunkObservability:
splunkObservability:
accessToken: <YOUR_ACCESS_TOKEN>
realm: <REALM>
clusterName: <EKS_CLUSTER_NAME>
cloudProvider: aws
distribution: eksReplace <YOUR_ACCESS_TOKEN> and <REALM> with your actual Splunk Observability Cloud access token within the corresponding realm, and replace <EKS_CLUSTER_NAME> with your actual EKS cluster’s name.
For splunkPlatform:
splunkPlatform:
endpoint: http://localhost:8088/services/collector
token: <YOUR_HEC_TOKEN>
clusterName: <EKS_CLUSTER_NAME>
cloudProvider: aws
distribution: eksReplace <YOUR_HEC_TOKEN> with your actual Splunk Platform HEC token, and replace <EKS_CLUSTER_NAME> with your actual EKS cluster’s name.