Customizing Agent - Kubernetes Monitoring

The Atatus Kubernetes Agent automatically discovers all namespaces and workloads upon installation. This guide outlines the various configuration options available to help you manage data collection, filter logs, and control pod scheduling across your cluster.

All configurations must be added to your atatus_values.yaml file.

Configuration Options

Use the parameters below to customize the agent's behavior:

Option	Description
license_key	Your Atatus Infrastructure license key.
logs_enabled	Set to `true` to enable log monitoring.
cluster_name	A descriptive name to identify your Kubernetes cluster in the Atatus dashboard.
log_level	The internal logging level for the Atatus agent (`info`, `debug`, `warning`, `error`).
container_include	Only monitor containers matching the given filter. Applies to both logs and metrics. See Filter Prefixes for the supported filter formats.
container_exclude	Exclude containers matching the given filter from monitoring. Applies to both logs and metrics.
container_include_metrics	Only collect metrics from containers matching the given filter. Log collection is unaffected.
container_exclude_metrics	Exclude containers matching the given filter from metric collection. Log collection is unaffected.
container_include_logs	Only collect logs from containers matching the given filter. Metric collection is unaffected.
container_exclude_logs	Exclude containers matching the given filter from log collection. Metric collection is unaffected.
container_include_log_lines	List of regular expressions. Only log lines matching at least one pattern are collected.
container_exclude_log_lines	List of regular expressions. Log lines matching any pattern are dropped.
daemonset	Configures parameters for the agent's DaemonSet deployment.
tolerations	Kubernetes tolerations allowing pods to be scheduled on nodes with matching taints.

General Configuration Example

Here is a comprehensive example demonstrating how to construct your atatus_values.yaml file:

copy

# atatus_values.yaml
atatus:
  license_key: "lic_infra_*************"
  logs_enabled: true
  cluster_name: "my-production-cluster"
  log_level: "info"

  # Include/Exclude by namespace
  container_include: kube:preprod kube:staging
  container_exclude: kube:prod

  # Include/Exclude metrics by container name
  container_include_metrics: name:my-app
  container_exclude_metrics: name:sidecar-proxy

  # Include/Exclude logs by image
  container_include_logs: image:my-app-image
  container_exclude_logs: image:fluentd

  # Log line filtering
  container_include_log_lines:
    - '(?i)error'
  container_exclude_log_lines:
    - '(?i)healthcheck'

daemonset:
  enabled: true
  tolerations:
    - operator: "Exists"

Filter Prefixes

All container_include* and container_exclude* options (except _log_lines) require a prefix that tells the agent what to match against. The prefix is followed by the value to match, with no space after the colon. The value can be an exact string or a regular expression.

Note: In a Kubernetes context, "container" in these option names refers to pods, not individual containers within a pod.

Prefix	What it matches	Example	Meaning
`kube:`	Kubernetes namespace	`kube:production`	Match all pods in the `production` namespace
`name:`	Pod name	`name:my-app`	Match pods named `my-app`
`image:`	Container image name	`image:nginx`	Match pods running the `nginx` image

The value after the prefix also supports regular expressions:

copy

# Match all namespaces starting with "dev-"
container_include: kube:^dev-.*

# Match all pods whose name starts with "api"
container_include: name:^api.*

# Match all images starting with "python"
container_include: image:^python.*

To filter by multiple values, separate them with spaces:

copy

container_include: kube:preprod kube:staging

This monitors pods in the preprod and staging namespaces, and excludes everything else.

Container Include & Exclude Filtering

Use container_include and container_exclude to control which containers are monitored for both logs and metrics. You can filter by namespace, container name, or image.

Filter by namespace — monitor only the preprod and staging namespaces, and exclude the prod namespace:

copy

  container_include: kube:preprod kube:staging
  container_exclude: kube:prod

Filter by container name — monitor only the container named my-app, and exclude the sidecar-proxy container:

copy

  container_include: name:my-app
  container_exclude: name:sidecar-proxy

Filter by image — monitor only containers running the nginx image, and exclude those running fluentd:

copy

  container_include: image:nginx
  container_exclude: image:fluentd

Container Metrics Filtering

Use container_include_metrics and container_exclude_metrics to control which containers are monitored for metrics only. Log collection is unaffected.

Filter by container name — collect metrics only from my-app, and exclude the sidecar-proxy container:

copy

  container_include_metrics: name:my-app
  container_exclude_metrics: name:sidecar-proxy

Filter by namespace — collect metrics only from the production namespace, and exclude the testing namespace:

copy

  container_include_metrics: kube:production
  container_exclude_metrics: kube:testing

Container Logs Filtering

Use container_include_logs and container_exclude_logs to control which containers are monitored for logs only. Metric collection is unaffected.

Filter by container name — collect logs only from my-app, and exclude the log-router container:

copy

  container_include_logs: name:my-app
  container_exclude_logs: name:log-router

Filter by image — collect logs only from containers running my-app-image, and exclude those running fluentd:

copy

  container_include_logs: image:my-app-image
  container_exclude_logs: image:fluentd

Log Line Filtering

You can reduce log volume by filtering individual log lines at the agent level using regular expressions. Unlike the container-level filters above, these options match against the content of each log line, not the container name or namespace.

The (?i) prefix in a regular expression enables case-insensitive matching.

Collect only log lines containing the word "error" (case-insensitive):

copy

  container_include_log_lines:
    - '(?i)error'

Drop log lines containing the word "healthcheck" (case-insensitive):

copy

  container_exclude_log_lines:
    - '(?i)healthcheck'

Scheduling the Agent on Tainted Nodes

Kubernetes uses taints to restrict which pods can run on specific nodes (e.g., GPU or system nodes). To allow the Atatus Infrastructure Agent to run on tainted nodes, configure tolerations under the daemonset section in your atatus_values.yaml file.

To run the agent on every active node across your cluster, configure a wildcard toleration using the Exists operator:

copy

daemonset:
  enabled: true
  tolerations:
    - operator: "Exists"

Targeting Specific Node Pools

To target specific node pools instead of bypassing all taints, define selective tolerations.

copy

daemonset:
  enabled: true
  tolerations:
    # System node pools
    - key: "CriticalAddonsOnly"
      operator: "Exists"

    # GPU nodes
    - key: "sku"
      operator: "Equal"
      value: "gpu"
      effect: "NoSchedule"

    # Spot or preemptible nodes
    - key: "node.kubernetes.io/instance-type"
      operator: "Equal"
      value: "spot"
      effect: "NoSchedule"

    # Windows nodes (if applicable)
    - key: "node.kubernetes.io/os"
      operator: "Equal"
      value: "windows"
      effect: "NoSchedule"