How Does eG Enterprise Monitor a Rancher Cluster?

eG Enterprise monitors the Rancher cluster using the existing Kubernetes/OpenShift Cluster monitoring model in an agentless manner.

Note:

eG Enterprise provides monitoring support to Rancher cluster on Linux platforms only, and not on Windows.

A single remote agent deployed on a Windows/Linux host in the environment uses the Kubernetes API on the master node of the Rancher cluster to pull useful metrics on cluster performance.

To enable the eG agent to use the Kubernetes API, you need to:

  1. Configure the eG agent to connect to the master node of the Rancher cluster

  2. Configure the eG agent with an authentication bearer token

Each of these requirements have been discussed in detail below.

Configuring the eG Agent to Connect to the Master Node

  • To connect to the Kubernetes API, you first need to configure the eG agent with the IP address of the master node of the cluster. If the target cluster consists of more than one master node, then the eG agent should be configured to connect to the load balancer that is managing the cluster. In this case, the load balancer will route the eG agent's connection request to any available master node in the cluster, thus enabling the agent to connect with the API server on that node, run API commands on it, and pull metrics.

    To determine the IP address of the master node/load balancer, do the following:

    1. Go to the master node shell in the Rancher cluster.

    2. Issue the below command to obtain the Rancher cluster information:

      kubectl cluster-info

      Make a note of the IP address displayed against 'Kubernetes control plane is running at', in the output of the above command. This is the IP address of the master node/load balancer.

    Then, you can provide this IP address when adding a Kubernetes/OpenShift cluster for monitoring using the eG administrative interface. Refer to How to Monitor the Kubernetes/OpenShift Cluster Using eG Enterprise? to know how.

    Configuring the eG Agent with an Authentication Bearer Token

    • To access the Kubernetes API, run API commands on it, and pull metrics, the eG agent has to be configured with a valid authentication bearer token. To generate this token, follow the steps below:

    1. Navigate to the Rancher Control Plane UI console.

    2. Download kubeconfig yaml for the Rancher cluster that you are about to monitor (see Figure 1).

      Figure 1 : Downloading the kubeconfig.yaml file

    3. From the downloaded kubeconfig.yaml file, locate the server: section. This section is of the format: http(s)://{IP Address of Rancher cluster}/{api endpoints}. Here, api endpoints is the prefix of the Rancher cluster. This should be specified against the K8S CLUSTER API PREFIX parameter in the test configuration page.

    4. Next, create a special user for monitoring purpose (see Figure 2).

      Figure 2 : Creating a new user

    5. Assign the user with View All Projects and View Nodes role (see Figure 3). Use this user to generate the API key which contains the authentication token.

      Figure 3 : Assigning the required permissions for the newly created user

    6. To generate the API key in the Rancher Cluster Control Plane UI, navigate to the User Avatar > Account & API Keys. Figure 4 then appears.

      Figure 4 : Creating the API Key

    7. Clicking the Create button in Figure 4 will lead you to Figure 5 which reveals the Bearer Token.

      Figure 5 : Identifying the Bearer Token

    8. Copy the Bearer Token from Figure 5 and paste to the AUTHENTICATION TOKEN field in the monitoring information section of the Kubernetes Cluster Preferences page that appears when managing a Kubernetes/OpenShift cluster using the eG admin interface. To know how to manage a cluster using the eG admin interface, refer to How to Monitor the Kubernetes/OpenShift Cluster Using eG Enterprise?