Grafana Cloud

Send Kubernetes OTel traces using Grafana Agent

You can deploy the Grafana Agent in a Kubernetes cluster as a deployment, and configure it to receive OpenTelemetry traces for your workloads. These traces are then buffered, and sent to Grafana Cloud for storage and querying from your hosted Grafana instance.

You can instrument your Kubernetes workloads and apps to emit spans by using client libraries from OpenTelemetry.

This content only covers receiving traces, not metrics, logs, or cluster events. With the addition of OpenTelemetry components to the Agent, more features and configurations for OTel are available. To learn more, refer to:

Before you begin

To complete the steps, have the following available:

  • A Kubernetes cluster with role-based access control (RBAC) enabled
  • A Grafana Cloud account. To create an account, navigate to Grafana Cloud, and click Create free account.
  • The kubectl command-line tool installed on your local machine, configured to connect to your cluster. Refer to kubectl installation.
  • An application that has the OpenTelemetry libraries instrumented and is deployed to the Kubernetes cluster ready to send traces

Configure Grafana Agent

Paste the following script into your terminal, and run it to deploy a configuration map for Grafana Agent into your currently selected kubectl cluster:

cat <<'EOF' |

kind: ConfigMap
  name: grafana-agent-traces
apiVersion: v1
  agent.yaml: |
          - batch:
                send_batch_size: 1000
                timeout: 5s
            name: default
                        grpc: null
                        thrift_binary: null
                        thrift_compact: null
                        thrift_http: null
                        strategy_file: /etc/agent/strategies.json
                            insecure: true
                opencensus: null
                        grpc: null
                        http: null
                zipkin: null
              - basic_auth:
                    password: YOUR_TEMPO_PASSWORD
                    username: YOUR_TEMPO_USER
                endpoint: YOUR_TEMPO_ENDPOINT
                    enabled: false
              - bearer_token_file: /var/run/secrets/
                job_name: kubernetes-pods
                  - role: pod
                  - action: replace
                      - __meta_kubernetes_namespace
                    target_label: namespace
                  - action: replace
                      - __meta_kubernetes_pod_name
                    target_label: pod
                  - action: replace
                      - __meta_kubernetes_pod_container_name
                    target_label: container
                    ca_file: /var/run/secrets/
                    insecure_skip_verify: false
  strategies.json: '{"default_strategy": {"param": 0.001, "type": "probabilistic"}}'

(export NAMESPACE=default && kubectl apply -n $NAMESPACE -f -)

Be sure to:

  • Replace NAMESPACE=default with the namespace into which you would like to install the Agent.
  • Complete the Grafana Cloud parameters in the remote_write stanza.

You can find the Tempo credentials in your Grafana Cloud Portal. Your Tempo push endpoint should look similar to this:

The deployed ConfigMap sets up the Agent to accept traces from the OpenTelemetry receiver, and sets a default set of labels using relabel_configs. For more about the relabeling steps, refer to:

Deploy Grafana Agent

Install the Grafana Agent using the previous deployed ConfigMap, and deploy the required resources into your cluster.

Run the following command from your shell to install the Grafana Agent into the default Namespace of your Kubernetes cluster:

MANIFEST_URL= NAMESPACE=default /bin/sh -c "$(curl -fsSL" | kubectl apply -f -

This installs a one-replica Grafana Agent Deployment into your cluster, and configures RBAC permissions for the Agent. If you want to deploy the Agent into a different Namespace, change the NAMESPACE=default variable, ensuring that this Namespace already exists. This also applies the Agent ClusterRole and ClusterRoleBinding and a Kubernetes Service with the appropriate ports connected.

grafana-agent-traces Service

The deployed cluster Service is named grafana-agent-traces, exposing otlp over grpc on port 4317 or http on port 4318. Refer to the snippet below for reference.

apiVersion: v1
kind: Service
    name: grafana-agent-traces
  name: grafana-agent-traces
  namespace: default
  - name: grafana-agent-traces-otlp-grpc
    port: 4317
    protocol: TCP
    targetPort: 4317
  - name: grafana-agent-traces-otlp-http
    port: 4318
    protocol: TCP
    targetPort: 4318
    name: grafana-agent-traces

Workloads deployed to the Kubernetes cluster can now send OTel traces to grafana-agent-traces.$NAMESPACE.svc.cluster.local:4317 or with the reduced grafana-agent-traces:4318 for workloads running within the same namespace.

Check grafana-agent logs

The Grafana Agent logs are available at /var/log/grafana-agent.err.log.

If the deployment succeeded, the following trace component line will be output.

ts=2023-04-01T21:23:10.949549748Z caller=zapadapter.go:78 level=info component=traces traces_config=grafana kind=receiver name=otlp pipeline=traces msg="Receiver started."

Search traces

After traces are delivered to the Grafana Cloud backend via the Agent Deployment, you can:

For example, below is a simple TraceQL snippet that selects all traces in the default namespace.