Integrating Google Kubernetes Engine with Splunk Observability Cloud
You might have learned how to integrate Kubernetes environments with Splunk Observability Cloud, but what about integrating cloud-managed Kubernetes platforms? Let's examine how to do this with Google Kubernetes Engine (GKE).
If you want a primer on using Kubernetes Navigators in Splunk Observability Cloud before reading this article, go here first: Detect and resolve issues in a Kubernetes environment.
Data required
Why integrate GKE with Splunk Observability Cloud?
GKE dashboards provide observability metrics around infrastructure and application health for clusters and workloads from within the Google Cloud Platform (GCP) itself. So why should we integrate GKE with an observability backend?
Typically, not every piece of application infrastructure lives in the same cloud platform. In the middle of an incident when seconds matter, no one wants to navigate between platforms and remember where each discrete observability tool lives.
Instead, having everything in one unified observability platform reduces toil and time to incident resolution. With end-to-end observability all in one place, root cause analysis becomes a lot easier thanks to the ability to correlate issues impacting multiple parts of the stack. Splunk Observability Cloud provides advanced, flexible, and configurable dashboards, charts, and detectors along with support for application, service, and incident management integrations. Plus, the OpenTelemetry-native platform allows you to avoid vendor lock-in.
Observability metrics in GKE
You can monitor your applications running in Google Kubernetes Engine from GCP itself by configuring the Kubernetes Engine Monitoring setting on your cluster to System and workload logging and monitoring. You can click into your deployed workload to see the CPU, memory, and disk utilization.
Examine the observability details around the health of your application, like container errors and restarts.
You can also go into Google Observability Monitoring and further explore GKE cluster performance.
And you can build custom dashboards and charts.
These things are all useful, but again, to unify your observability tools and improve the time to incident resolution, how can you get all of this information into a single backend observability platform?
How to integrate GKE and Splunk Observability Cloud
There are two different ways you can integrate GKE into Splunk Observability Cloud:
- Integrate GKE with additional GCP service integration.
- Integrate GKE via Helm chart. This is a good option if you don't want additional GCP service integration, or if your security team won’t give you a service account.
Follow the instructions below for the integration method that you choose.
Integrate GKE with additional GCP service integration
These steps follow the Connect to Google Cloud Platform documentation.
- Open the GCP UI, select the project you want to monitor, click IAM & Admin, click Service Accounts, and complete the fields to add a new Splunk Service Account.
- After the new service account is created, edit it to create a new service account key.
- Download the key as a JSON.
The GCP Cloud Resource Manager API must be activated so Splunk Infrastructure Monitoring can use it to validate permissions on the service account key. Also, if you want to monitor multiple GCP projects, the above steps need to be repeated for each one.
- Navigate to Splunk Observability Cloud and add the Google Cloud Platform integration.
- Import the newly created service account key.
- A benefit of integrating GCP in this way is that you can sync all supported GCP services automatically. However, for our purposes, we’ll optionally refine the GCP synced services to only include GKE.
- Now you'll see Google Cloud Platform under your actively deployed integrations.
Depending on the polling interval, it might take a few minutes for your GCP metric data to populate within Splunk Observability Cloud.
Integrate GKE via Helm chart
- In the Data Management tab, search for available integrations for Google Kubernetes Engine and select the Google Kubernetes Engine integration to view the guided Kubernetes Monitoring integration instructions.
- Specify Google Cloud Platform as the provider and Google GKE as the distribution.
- Follow the installation instructions.
- In the GKE UI, activate a cloud shell, and then enter the commands shown in the installation instructions within the instance.
- You’ll notice that the
helm-install splunk-otel-collectorcommand failed because of a missinginstrumentation.endpointvalue. This is because the version of helm pre-installed in the Google Cloud Shell is out of date. To resolve the error, upgrade the helm version to one supported for the current Kubernetes version and rerun the commands in the Splunk Observability Cloud installation instructions.
- After this completes successfully, go back to Splunk Observability Cloud and see the integrated telemetry data.
From here, you can explore data like CPU and memory usage/utilization, resource capacity, container restarts, node state, and others right alongside the rest of your application and infrastructure data within Splunk Observability Cloud, even if other parts of the app run on-premises or on another public cloud provider.
Viewing observability metrics in Splunk Observability Cloud
Now that your GKE integration is complete, you can use all of the available Splunk Observability Cloud products and features to monitor your GKE environment.
From Infrastructure Monitoring, you can view your Google Cloud Platform navigators.
Explore the health of your clusters.
Explore a specific cluster.
Monitor pod health and performance.
And view critical usage metrics.
You can also create detectors and alerting rules from within your Navigators and manage them alongside the detectors for the rest of your applications and infrastructure:
Next steps
These resources might help you understand and implement this guidance: