How to use kwatch to detect crashes in Kubernetes clusters

How to use kwatch to detect crashes in Kubernetes clusters

kwatch is an open-source tool that detects crashes in Kubernetes Pods in real-time and sends the notifications to supported backends. In this post, we'll show you how to deploy and configure kwatch to send Kubernetes Pod crash notifications to PagerDuty.

In this post, you will learn how to set up and deploy kwatch in your Kubernetes cluster to monitor and receive real-time crash alerts through PagerDuty.
kwatch helps you monitor all changes in your Kubernetes cluster. It detects crashes in real-time and publishes notifications to your favorite channels (Slack, Discord, PagerDuty, Telegram, Microsfot Teams and others) instantly.
To go through this tutorial, you'll need a free PagerDuty account and access to a Kubernetes cluster. To try this out, you can use minikube, kind or any other Kubernetes cluster.

Configure PagerDuty

We'll configure a new PagerDuty service through Events API. kwatch will use the events API endpoint and the integration key to send events to PagerDuty.
Follow these steps to configure the PagerDuty service:
  1. After you've logged into your PagerDuty account, click the Service menu and then click the New Service button.
Creating a new PagerDuty service
Creating a new PagerDuty service
PagerDuty dashboard
  1. Name your service test, add a brief description, and click Next.
Creating a new PagerDuty service
Creating a new PagerDuty service
New service
  1. On the next screen, leave the Generate a new Escalation Policy selected and click Next.
Generate a new Escalation Policy
Generate a new Escalation Policy
Using the escalation policy, you can connect services to individual users and/or schedules so correct people get notified in case of an escalation.
  1. On the Alert Grouping page, we can leave the Intelligent option selected and click Next. The alert grouping allows you to combine similar alerts into a single incident to reduce notifications.
  2. On the Integrations page, we'll select the Events API V2 integration by clicking on the check box.
Events API V2 integration
Events API V2 integration
Events API V2 integration
  1. Click Create Service to create the service.
Once the service has been created you'll be presented with the page that shows the integration key and the integration URLs as shown in the image below.
Events API V2 overview
Events API V2 overview
Events API V2 overview
We'll use the integration key to configure kwatch.

Configure kwatch

To configure kwatch we'll download a template ConfigMap and then configure it to use the PagerDuty integration key.
Let's start by obtaining the configuration template first:
curl -L https://raw.githubusercontent.com/abahmed/kwatch/v0.3.0/deploy/config.yaml -o config.yaml
We can now open the config.yaml and configure the PagerDuty key (remove the remaining fields). The config.yaml should look like this:
apiVersion: v1
kind: Namespace
metadata:
  name: kwatch
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: kwatch
  namespace: kwatch
data:
  config.yaml: |
    alert:
      pagerduty:
        integrationKey: <INTEGRATION_KEY>
Make sure to replace the <INTEGRATION_KEY> with the actual integration key value from PagerDuty.
Assuming you have your Kubernetes cluster up and running, you can apply the above config file:
kubectl apply -f config.yaml

Deploy kwatch

With the configuration in place, we can now deploy kwatch.
kubectl apply -f https://raw.githubusercontent.com/abahmed/kwatch/v0.3.0/deploy/deploy.yaml
You will now start receiving PagerDuty alerts whenever there is a pod crash in your Kubernetes cluster!
Let's try this out by creating a simple deployment (httpbin):
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/httpbin/httpbin.yaml
Once the Pod is up and running, we can edit the deployment and change the image name to a non-existent image – this is just to force the Pod to crash by failing to pull the (non-existent) image.
We can run kubectl edit deploy httpbin and change the docker.io/kennethreitz/httpbin image name to BLAHdocker.io/kennethreitz/httpbin.
As expected, the Pod will fail, and if you look on your PagerDuty dashboard, you'll notice an open incident that contains the details about the failure.
PagerDuty dashboard with an alert
PagerDuty dashboard with an alert
PagerDuty dashboard with an alert

Conclusion

In this blog post, we've introduced a way to use kwatch and PagerDuty to trigger alerts whenever a Pod fails.
We've used the most straightforward configuration to watch all namespaces in the Kubernetes cluster. We could also provide specific namespaces we want to monitor using the' namespaces' field.
In addition to PagerDuty, kwatch also offers integration with Slack, Telegram, Microsoft Teams, Rocket Chat, and Mattermost.

Related Posts

What is circuit breaking?
Service Mesh

What is circuit breaking?

A circuit breaker is an automatically operated electrical switch designed to protect an electrical circuit from damage caused by excess current from an overload or short circuit. How does that apply to your services and Istio service mesh?

Peter Jausovec

Peter Jausovec

Debugging Kubernetes applications using Istio
Service Mesh

Debugging Kubernetes applications using Istio

This article explains how you can use Istio in combination with ngrok to debug a service running locally on your machine while the production version of the service is running in the cluster

Peter Jausovec

Peter Jausovec

What are sticky sessions and how to configure them with Istio?
Service Mesh

What are sticky sessions and how to configure them with Istio?

The idea behind sticky sessions is to route the requests for a particular session to the same endpoint that served the first request. That way to can associate a service instance with the caller, based on HTTP headers or cookies. You might want to use sticky sessions if your service is doing an expensive operation on first request, but later caching the value. That way, if the same user makes the request, the expensive operation will not be performed and value from the cache will be used.

Peter Jausovec

Peter Jausovec

Build and push your Docker images using Github Actions
Docker

Build and push your Docker images using Github Actions

This article explains how to build a simple CI using Github Actions. It involves triggering the workflow only on version file changes, parsing the image names and then building, tagging and pushing the images to the Docker registry.

Peter Jausovec

Peter Jausovec

Kubernetes CLI (kubectl) tips you didn't know about
Kubernetes

Kubernetes CLI (kubectl) tips you didn't know about

A collection of more than 20 useful and practical Kubernetes CLI tips from the Kubernetes community.

Peter Jausovec

Peter Jausovec

Kubernetes Network Policy
Kubernetes

Kubernetes Network Policy

Using the NetworkPolicy resource, you can control the traffic flow for your applications in the cluster, at the IP address level or port level (OSI layer 3 or 4).

Peter Jausovec

Peter Jausovec

;