This is documentation for the next version of Agent. For the latest stable release, go to the latest version.
loki.source.kubernetes_events
loki.source.kubernetes_events tails events from the Kubernetes API and
converts them into log lines to forward to other loki components.
Multiple loki.source.kubernetes_events components can be specified by giving them
different labels.
Usage
loki.source.kubernetes_events "LABEL" {
forward_to = RECEIVER_LIST
}Arguments
The component starts a new reader for each of the given targets and fans out
log entries to the list of receivers passed in forward_to.
loki.source.kubernetes_events supports the following arguments:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
job_name | string | Value to use for job label for generated logs. | "loki.source.kubernetes_events" | no |
log_format | string | Format of the log. | "logfmt" | no |
namespaces | list(string) | Namespaces to watch for Events in. | [] | no |
forward_to | list(LogsReceiver) | List of receivers to send log entries to. | yes |
By default, loki.source.kubernetes_events will watch for events in all
namespaces. A list of explicit namespaces to watch can be provided in the
namespaces argument.
By default, the generated log lines will be in the logfmt format. Use the
log_format argument to change it to json. These formats are also names of
LogQL parsers, which can be used for processing the logs.
NOTE: When watching all namespaces, Grafana Agent Flow must have permissions to watch events at the cluster scope (such as using a ClusterRoleBinding). If an explicit list of namespaces is provided, Grafana Agent Flow only needs permissions to watch events for those namespaces.
Log lines generated by loki.source.kubernetes_events have the following
labels:
namespace: Namespace of the Kubernetes object involved in the event.job: Value specified by thejob_nameargument.instance: Value matching the component ID.
If job_name argument is the empty string, the component will fail to load. To
remove the job label, forward the output of loki.source.kubernetes_events to
a loki.relabel component.
For compatibility with the eventhandler integration from static mode,
job_name can be set to "integrations/kubernetes/eventhandler".
Blocks
The following blocks are supported inside the definition of
loki.source.kubernetes_events:
| Hierarchy | Block | Description | Required |
|---|---|---|---|
| client | client | Configures Kubernetes client used to tail logs. | no |
| client > basic_auth | basic_auth | Configure basic_auth for authenticating to the endpoint. | no |
| client > authorization | authorization | Configure generic authorization to the endpoint. | no |
| client > oauth2 | oauth2 | Configure OAuth2 for authenticating to the endpoint. | no |
| client > oauth2 > tls_config | tls_config | Configure TLS settings for connecting to the endpoint. | no |
| client > tls_config | tls_config | Configure TLS settings for connecting to the endpoint. | no |
The > symbol indicates deeper levels of nesting. For example, client > basic_auth refers to a basic_auth block defined
inside a client block.
client block
The client block configures the Kubernetes client used to tail logs from
containers. If the client block isn’t provided, the default in-cluster
configuration with the service account of the running Grafana Agent pod is
used.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
api_server | string | URL of the Kubernetes API server. | no | |
kubeconfig_file | string | Path of the kubeconfig file to use for connecting to Kubernetes. | no | |
bearer_token | secret | Bearer token to authenticate with. | no | |
bearer_token_file | string | File containing a bearer token to authenticate with. | no | |
proxy_url | string | HTTP proxy to proxy requests through. | no | |
follow_redirects | bool | Whether redirects returned by the server should be followed. | true | no |
enable_http2 | bool | Whether HTTP2 is supported for requests. | true | no |
At most one of the following can be provided:
basic_auth block
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
password_file | string | File containing the basic auth password. | no | |
password | secret | Basic auth password. | no | |
username | string | Basic auth username. | no |
password and password_file are mutually exclusive, and only one can be provided inside a basic_auth block.
authorization block
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
credentials_file | string | File containing the secret value. | no | |
credentials | secret | Secret value. | no | |
type | string | Authorization type, for example, “Bearer”. | no |
credential and credentials_file are mutually exclusive, and only one can be provided inside an authorization block.
oauth2 block
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
client_id | string | OAuth2 client ID. | no | |
client_secret_file | string | File containing the OAuth2 client secret. | no | |
client_secret | secret | OAuth2 client secret. | no | |
endpoint_params | map(string) | Optional parameters to append to the token URL. | no | |
proxy_url | string | Optional proxy URL for OAuth2 requests. | no | |
scopes | list(string) | List of scopes to authenticate with. | no | |
token_url | string | URL to fetch the token from. | no |
client_secret and client_secret_file are mutually exclusive, and only one can be provided inside an oauth2 block.
The oauth2 block may also contain a separate tls_config sub-block.
tls_config block
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
ca_pem | string | CA PEM-encoded text to validate the server with. | no | |
ca_file | string | CA certificate to validate the server with. | no | |
cert_pem | string | Certificate PEM-encoded text for client authentication. | no | |
cert_file | string | Certificate file for client authentication. | no | |
insecure_skip_verify | bool | Disables validation of the server certificate. | no | |
key_file | string | Key file for client authentication. | no | |
key_pem | secret | Key PEM-encoded text for client authentication. | no | |
min_version | string | Minimum acceptable TLS version. | no | |
server_name | string | ServerName extension to indicate the name of the server. | no |
The following pairs of arguments are mutually exclusive and can’t both be set simultaneously:
ca_pemandca_filecert_pemandcert_filekey_pemandkey_file
When configuring client authentication, both the client certificate (using
cert_pem or cert_file) and the client key (using key_pem or key_file)
must be provided.
When min_version is not provided, the minimum acceptable TLS version is
inherited from Go’s default minimum version, TLS 1.2. If min_version is
provided, it must be set to one of the following strings:
"TLS10"(TLS 1.0)"TLS11"(TLS 1.1)"TLS12"(TLS 1.2)"TLS13"(TLS 1.3)
Exported fields
loki.source.kubernetes_events does not export any fields.
Component health
loki.source.kubernetes_events is only reported as unhealthy if given an invalid
configuration.
Debug information
loki.source.kubernetes_events exposes the most recently read timestamp for
events in each watched namespace.
Debug metrics
loki.source.kubernetes_events does not expose any component-specific debug metrics.
Example
This example collects watches events in the kube-system namespace and
forwards them to a loki.write component so they are written to Loki.
loki.source.kubernetes_events "example" {
// Only watch for events in the kube-system namespace.
namespaces = ["kube-system"]
forward_to = [loki.write.local.receiver]
}
loki.write "local" {
endpoint {
url = env("LOKI_URL")
}
}