Run Beyla in Kubernetes using Grafana Alloy Helm’s chart
Grafana Alloy is a vendor-neutral distribution of the OpenTelemetry Collector. Alloy offers native pipelines for OpenTelemetry, Prometheus, and other telemetry signals.
Grafana Alloy bundles Beyla allowing you to instrument your applications at the same time you instrument your infrastructure. It also provides a Helm chart to deploy Alloy in Kubernetes.
In this tutorial, you learn how to deploy Beyla in Kubernetes using Grafana Alloy Helm’s chart.
Prerequisites
- A Kubernetes cluster, you can use kind to create a local cluster
kubectl
installed and configured for your cluster- Helm installed
- A Grafana Cloud account or a compatible Prometheus and/or OpenTelemetry backend to receive the data
1. Prepare the Alloy environment in Kubernetes
You need to install the Helm chart for Grafana Alloy in your Kubernetes cluster.
helm install --namespace alloy alloy grafana/alloy
This command installs the Grafana Alloy Helm chart in the alloy
namespace.
2. Deploy services
You can instrument any HTTP or HTTPS service in your Kubernetes cluster.
Copy the following contents into a file, for example sampleapps.yml
, and deploy it with
the command kubectl apply -f sampleapps.yml
.
3. Configure credentials
Alloy can export metrics and traces to any OpenTelemetry endpoint, as well as exposing metrics as a Prometheus endpoint. However, it’s recommend using the Prometheus and Tempo remote write endpoints in Grafana Cloud. You can get a free Grafana Cloud Account.
From the Grafana Cloud Portal, look for the Prometheus box and click Send Metrics. For the Tempo box, click Send Traces.
Create a secrets.yml
file with your Grafana Cloud credentials for Prometheus and Tempo remote write. Deploy it with the command kubectl apply -f secrets.yml
.
apiVersion: v1
kind: Secret
metadata:
namespace: alloy
name: grafana-credentials
type: Opaque
stringData:
prometheus-rw-user: "prom-user"
prometheus-rw-pwd: "prom-pwd"
tempo-rw-user: "tempo-user"
tempo-rw-pwd: "tempo-pwd"
3. Create a ConfigMap with Alloy configuration
Create a ConfigMap
with the Alloy configuration. Copy the following contents into a file, for example config.alloy
:
Deploy the configuration with the command:
kubectl create configmap --namespace alloy alloy-config "--from-file=config.alloy=./config.alloy"
With this configuration Beyla instruments the services running in the Kubernetes cluster and send traces to Grafana Cloud Tempo and metrics to Prometheus.
The attributes > kubernetes > enable
enables Kubernetes decoration for metrics and traces, which adds the metadata of the Kubernetes entities running the automatically instrumented services.
The argument discovery > services > kubernetes
specifies the selection of services based on Kubernetes metadata. In this example, Beyla instruments all deployments in namespace “default”.
The prometheus.scrape
section configures the Prometheus scrape configuration to collect the metrics from Beyla. The prometheus.remote_write
section configures the remote write to send the metrics to Grafana Cloud Prometheus.
The output
section configures that Beyla component sends traces to otelcol.exporter.otlp
component. The otelcol.exporter.otlp
section configures the OTLP exporter to send the traces to Grafana Cloud Tempo.
For further details on the configuration options, refer to the documentation of the Grafana Alloy Beyla component
4. Deploy Alloy with Helm
Create a values.yaml
with the configuration for the Alloy Helm chart. Copy the following contents into a file, for example values.yaml
.
Deploy the configuration with the command:
helm upgrade --namespace alloy alloy grafana/alloy -f values.yaml
- To run in DaemonSet mode, Beyla requires to have access to all the
processes in the node. Therefore set
hostPID: true
thecontroller
section. - The Beyla container needs to run with privileges as it requires
to perform privileged actions such as loading BPF programs and creating
BPF maps. Therefore set
privileged: true
insecurityContext
section. For running Beyla asunprivileged
container, that’s without theprivileged: true
option, visit the Deploy Beyla unprivileged guide. - The
extraEnv
section sets the environment variables for the Prometheus and Tempo remote write credentials.
5. Test the setup
With the kubectl port-forward
commands from the first step still running,
test both web server instances. For example:
curl http://localhost:8080
curl http://localhost:8080/foo
curl http://localhost:8081
curl http://localhost:8081/foo
Navigate to the instance in Grafana Cloud, and from the Explore section in the left panel, select the data source for the traces, named grafanacloud-<your user name>-traces
.
To search for all the traces, select the Search box in the Query bar, leave the form empty, and click Run query:
This shows the traces for the docs
instance on port 8081. You might see traces from your own services, but you shouldn’t see traces from the website
service, as it Beyla isn’t instrumenting it.
In the trace details, the resource attributes of the traces have metadata of the Kubernetes Pod running the instrumented service: