Introduction

This article helps you get the Astra Traffic Collector (ATC) running in your Kubernetes environment. The ATC is a containerized service that utilizes the OpenTelemetry (OTel) collector to capture and forward network traffic traces to our backend for analysis. This setup is compatible with major Kubernetes distributions, including Amazon EKS, Google GKE, and Azure AKS.

Prerequisites

Before you begin the installation, please ensure you have the following ready:

• kubectl installed and configured to communicate with your cluster.

• Helm (v3 or higher) installed on your machine.

• Astra Traffic Collector integration created in your Astra Dashboard to obtain your Collector ID, Client ID, and Client Secret.

Instructions

Step 1 — Create a Working Directory

Open your terminal and create a dedicated space for the configuration files:

mkdir -p /opt/astra-traffic-collector && cd /opt/astra-traffic-collector

Step 2 — Create the Namespace

Isolate the collector by creating a specific namespace. Create astra-collector namespace for traffic collector installation by running

kubectl create ns astra-collector

Step 3 — Add the Astra Helm Repository

Add astra traffic collector helm repository. Run the following commands to add and update the repository

helm repo add getastra https://raw.githubusercontent.com/getastra/obs-deployments/gh-pages/
helm repo update

Step 4 — Create values.yaml

Create a file named values.yaml and populate it with your unique credentials from the dashboard.

• collectorId: Your integration ID.

• clientId: Your unique client ID.

• clientSecret: Your unique client secret.

• tokenUrl:https://auth.getastra.com/realms/astra_api_scanner/protocol/openid-connect/token.

This file contains your ATC configuration and authentication credentials.

secret:
      name: astra-collector-secrets
      collectorId: 12345678-1234-4abc-9def-987654321000
      clientId: 12345678-1234-4abc-9def-987654321000
      clientSecret: 12345678-1234-4abc-9def-987654321000
      tokenUrl: https://auth.getastra.com/realms/astra_api_scanner/protocol/openid-connect/token
      remoteAddrIdentifierHeader: x-forwarded-for

volumes:
  - configMap:
      defaultMode: 444
      name: astra-collector-custom-config
    name: custom-config
  
volumeMounts:
  - name: collector-message
    mountPath: /var/lib/otelcol/file_storage
  - name: custom-config
    mountPath: /etc/otelcol-contrib/config_custom.yaml
    subPath: config_custom.yaml

Step 5 — Create config_custom.yaml

Create a file named config_custom.yaml to define your trace filtering and transformation rules. This file allows you to exclude specific requests (like OPTIONS) or redact sensitive data such as credit card numbers before they leave your cluster.

processors:

  # https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/filterprocessor
  filter/custom:
      error_mode: ignore
      traces:
        span:
          ## allowing traces based on hostname regex pattern. Following will drop all traces originated from host other than: localhost*
          #- IsMatch(attributes["url.host"], "localhost*") == false
          ## excluding traces based on hostname regex pattern. Following will drop all traces originated from host: localhost*
          #- IsMatch(attributes["url.host"], "localhost*")
          ## excluding traces based on template regex pattern. Following will drop all traces having url_template: _wdt*
          #- IsMatch(attributes["url.template"], "_wdt*")
           - ConvertCase(attributes["http.method"], "upper") == "OPTIONS"
  
  # https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/transformprocessor
  transform/custom:
    error_mode: ignore
    trace_statements:
      - context: span
        statements:
          ## Templatize url path regex pattern by keyword: "slug". Following will templatize the url Path: /api/v1/products/details/prod-12r4ty   ->  /api/v1/products/details/{{product_id}}
          #- replace_pattern(attributes["url.template"], "prod-*", "{{product_id}}")
          ## Redact MasterCard credit card number
          - replace_all_patterns(attributes, "value", "^5[1-5][0-9]{14}$", "{{CreditCard}}")

service:
    pipelines:
      traces:
        exporters: [debug, otlp]

Step 6 — Create ConfigMap from config_custom.yaml

Upload your custom configuration to the cluster

kubectl create configmap astra-collector-custom-config --from-file=./config_custom.yaml -n astra-collector

Step 7 — Install the Helm Chart

Deploy the collector using the following command

helm upgrade --install traffic-collector getastra/traffic-collector-chart --namespace astra-collector --debug --values values.yaml

Expected Outcome

Verify your deployment by running:

kubectl get pods -n astra-collector

You should see a running pod named astra-traffic-collector-0. Once confirmed, you can verify successful trace ingestion by checking the logs of the traffic collector.

Related tasks

https://help.getastra.com/collections/2231860571-traffic_connectors?lang=en

Troubleshooting & Common Issues

• Unable to Send Traces: If your logs show authentication errors (e.g., rpc error: code = Unauthenticated), double-check that the clientId and clientSecret in your values.yaml are correct and redeploy.

• No Inventory Updates: If the pod is running but you see no data, ensure your application's hostname is correctly listed under the Scope URI or Extra Hosts in the Astra Dashboard.

• Checking Logs: To view real-time traces and identify errors, use: kubectl logs astra-traffic-collector-0 -n astra-collector --tail=0 -f.

• Upgrading: To update to the latest version of the collector, run helm repo update followed by the same helm upgrade command used during installation.