kube-icinga automatically deploys icinga objects out of your kubernetes resources. It has built-in autodiscovery and will work out of the box. However you can change various default configurations and deploy custom icinga objects or disable/enable kubernetes objects to monitor.

Multiple watchers are bootstraped and listen for any kubernetes changes. Those changes will reflect immediately on icinga.

• Kubernetes namespaces will result in icinga service groups and host groups
• Nodes will result in host objects
• Ingresses will result in dummy icinga host objects [1] (hostname is taken from metadata.name) whereas ingress paths will get deployed as icinga services related to the ingress host object
• Services (ClusterIP, NodePort [2], LoadBalanacer) will also result in icinga host objects and service ports are icinga services.
• Persistent volumes will result in services attached to a dummy host

Note: [1] You may change this behaviour by attaching the services (ingress paths) to all kubernetes worker nodes by setting kubernetes.ingresses.attachToNodes to true. (This will result in many more services and checks depending on the size of your cluster!) Note: [2] NodePort services will always be attached to each kubernetes worker node. See NodePort services for more information.

Since there is no such thing as hosts in the world of moving and containers. The host object (kubernetes metadata.name) on icinga may just be a dummy and will not get checked if the service can not be attached to kubernetes nodes.

You may wonder where your pods are in this setup. Well it does not make any sense to monitor single pods. Pods are mortal and (always) moving. The important thing is to monitor your services as an entity.

• Description
• How does it work?
• Requirements
• Setup icinga2 api user
• Deployment
• Advanced topics
  • ClusterIP services
  • Using icinga2 apply rules
  • Overwite specific icinga object definition
• Configuration

• A running kubernetes cluster
• Icinga2 server with enabled API module

kube-icina requires an icinga api user which first must be created.

/etc/icinga2/conf.d/api-users.conf:

object ApiUser "kube-icinga" {
  password = "kube-icinga"
  permissions = ["*"]
}

The recommended (and logical) way to deploy kube-icinga is deplyoing kube-icinga on kubernetes itself using the gyselroth/kube-icinga docker image.

The kubernetes deployment can simply be added like this:

kubectl -f https://raw.githubusercontent.com/gyselroth/kube-icinga/master/kube-icinga.yaml

(Change the secret password and ICINGA_ADDRESS value accordingly)

Ingresses, NodePort and Load Balancer services will expose your kubernetes services to the public but not ClusterIP services. ClusterIP services (Which is the default) are only internal kubernetes services and not available from outside the cluster. If your icinga2 setup lives outside the cluster you only have to options, either disable deployment for those objects or setup an icinga satelite container which will live in kubernetes. Of course you may also deploy an entire icinga2 setup on kubernetes if you do not have an existing one.

You certainly can use icinga2 apply rules. You may disable auto service deployments via applyServices for ingresses and services and define your own services via apply rules. Of course you can also setup a mixed deployment. Automatically let kube-icinga deploy services and apply additional services via apply rules.

Note: Since icinga apply rules are not triggered if an object gets updated kube-icinga will delete and recreate those objects.

All icinga host object are created with all kubernetes data available packed in the variable vars.kubernetes. Therefore you can apply rules with this data, for example this will create an icinga service for all objects with a kubernetes label foo=bar.

It is possible to set custom options for the icinga objects during creation. You might set custom values via kubernetes.ingresses.hostTemplates or kubernetes.ingresses.serviceTemplate`. The same can also be done for services. For example it might be crucial to set a custom zone for ClusterIP services since they are only reachable within the cluster and shall be monitored by an icinga satelite node. Any valid setting for a specific icinga object can be set.

Note This will set the custom options for all objects from the same type (services.ClusterIP in the follwing example), this may not what you want. Using kubernetes annotations you may configure custom incinga attributes directly in the kubernetes resource definition.

{
  "kubernetes": {
    "services": {
      "ClusterIP":
        "discover": true,
        "serviceDefiniton": {
          "zone": "my_custom_icinga_zone"
          "vars.a_custom_icinga_variable": ["foo", "bar"]
        },
      }
    }
  }
}

kube-icinga is able to parse kubernetes annotations and merge those with its default settings. You may use the following annotations:

| Name | Description | | kube-icinga/check_command | Use a custom icinga check command. | | kube-icinga/template | Use a custom icinga template. | | kube-icinga/definition | JSON encoded icinga definiton which may contain advanced icinga options and gets merged with the defaults. |

kind: PersistentVolume
apiVersion: v1
metadata:
  name: generic-nimble-24afe01f-2300-11e9-94e3-0050568fe3c2,
  selfLink":"/api/v1/persistentvolumes/generic-nimble-24afe01f-2300-11e9-94e3-0050568fe3c2
  uid":"2a66425e-2300-11e9-94e3-0050568fe3c2
  resourceVersion: 65603642
  creationTimestamp: 2019-01-28T13:25:22Z
  annotations:
    kube-icinga/check_command: "check_nimble_lun"
    hpe.com/docker-volume-name": "generic-nimble-24afe01f-2300-11e9-94e3-0050568fe3c2"
    pv.kubernetes.io/provisioned-by: "hpe.com/nimble"
    volume.beta.kubernetes.io/storage-class: "generic-nimble"

kube-icinga itself can be configured via environment variables however you may also deploy and change the config.json file instead of environment variables.

List of configurable values: