Retrieving Kubernetes pods for an application
You can retrieve Kubernetes pods that are associated with a specific application that uses the Instana REST API.
Context
In Kubernetes environments, monitoring and managing the health and performance of your applications at a granular level is crucial. One key aspect is to understand the state of the pods that make up your application, particularly the container images that are running within these pods. By retrieving the list of Kubernetes pods for a specific application, you can gain insights into the underlying container images and assess their security status.
Key business benefits
-
Security audits and vulnerability management:
- CVE tracking: Container images are often subject to security vulnerabilities, which are known as CVEs (Common Vulnerabilities and Exposures). By identifying the images associated with each pod, you can quickly cross-reference the images with known CVEs and assess the risk that is posed by these vulnerabilities.
- Proactive security measures: If a critical vulnerability is discovered in an image, you can take immediate action to patch or replace the affected image, reducing the attack surface and protecting your application from potential exploits.
-
Compliance and regulatory requirements:
- Compliance adherence: Many industries have strict compliance requirements that mandate regular security assessments, including vulnerability scanning of container images. By retrieving and analyzing pod images, organizations can help ensure that they meet these requirements and avoid potential penalties.
- Audit trail: Maintaining an audit trail of the images used within your pods, along with their associated CVEs, helps in demonstrating compliance during audits and regulatory reviews.
-
Operational efficiency:
- Troubleshooting and root cause analysis: If an application is experiencing issues, knowing the specific images that are running within its pods can help in diagnosing the problem more effectively. For example, you can determine if the issue is related to a particular image version or configuration.
- Streamlined patching: By having a clear view of the images in use, IT and DevOps teams can prioritize and streamline the patching process, helping ensure that all pods are running the most secure and up-to-date versions of images.
-
Business Continuity:
- Risk mitigation: Addressing vulnerabilities promptly helps ensure that your application remains secure and operational, minimizing the risk of downtime due to security incidents.
- Customer trust: Demonstrating a proactive approach to managing CVEs and securing container images enhances customer trust and reinforces your organization's commitment to protecting their data.
This tutorial guides you through the process of retrieving Kubernetes pods for a specific application, helping you access the images that are associated with these pods and take the necessary actions, particularly from a security and compliance standpoint.
Prerequisites
To retrieve Kubernetes pods, you need an Instana API token with the appropriate permissions.
Review the following definitions:
- Application ID: The unique identifier of the application for which you want to retrieve Kubernetes pods.
- Host: The base URL of your Instana instance, which is structured as
{tenant}-{unit}.instana.io
.
API endpoints
Refer to the following API endpoint:
GET /api/application-monitoring/applications/{applicationId}/kubernetes-pods
Tutorial
In the following example, all Kubernetes pods that are associated with an application (identified by its applicationId
) are retrieved.
Step 1: Constructing the API request
To retrieve the Kubernetes pods for a specific application, you need to send a GET
request to the following endpoint: https://{tenant}-{unit}.instana.io/api/application-monitoring/applications/{applicationId}/kubernetes-pods
Step 2: Getting the application ID
You can obtain the applicationId
by first listing all applications:
curl -X GET "https://{tenant}-{unit}.instana.io/api/application-monitoring/applications" \
-H "Authorization: apiToken {api_token}" \
-H "Accept: application/json"
Identify the applicationId from the response that corresponds to the application you are interested in.
Step 3: Making the request to retrieve Kubernetes pods
After you have the applicationId
, you can use it to retrieve the Kubernetes pods:
curl -X GET "https://{tenant}-{unit}.instana.io/api/application-monitoring/applications/{applicationId}/kubernetes-pods" \
-H "Authorization: apiToken {api_token}" \
-H "Accept: application/json"
Replace {tenant}, {unit}, {api_token}, and {applicationId} with your actual Instana tenant, unit, API token, and the ID of the application, respectively.
Step 4: Parsing the Response
The response is a JSON object that contains details about the Kubernetes pods that are associated with the specified application. The following JSON is an example of what the response might look like:
{
"kubernetesPods": [
{
"podName": "example-pod-1",
"namespace": "example-namespace",
"status": "Running",
"nodeName": "example-node"
},
{
"podName": "example-pod-2",
"namespace": "example-namespace",
"status": "Running",
"nodeName": "example-node"
}
]
}
You can then process the JSON response in your preferred programming language. For example, if you are using Python, you can extract and print the pod names as shown in the following code block:
import requests
def get_kubernetes_pods(tenant, unit, api_token, application_id):
url = f"https://{tenant}-{unit}.instana.io/api/application-monitoring/applications/{application_id}/kubernetes-pods"
headers = {
"Authorization": f"apiToken {api_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
pods = response.json().get('kubernetesPods', [])
for pod in pods:
print(f"Pod Name: {pod['podName']}, Status: {pod['status']}")
# Example usage
tenant = "your-tenant"
unit = "your-unit"
api_token = "your-api-token"
application_id = "your-application-id"
get_kubernetes_pods(tenant, unit, api_token, application_id)
This Python script sends a request to the Instana API, parses the response, and prints the names and statuses of the Kubernetes pods.
This markdown format renders the JSON response and Python code example properly when viewed in a markdown viewer or editor.
Step 5: Handling the response
After the response is parsed, you can further process the Kubernetes pods data. The following list shows how you might want to handle the response:
- Log the Pod Details: You can log the pod names, statuses, and other details to your monitoring system.
- Alert on Pod Status: Set up conditions to alert if any pod status is not "Running".
- Store Pod Information: Save the pod information to a database for further analysis or reporting.
- Visualize Pod Data: Use the data to create visualizations that help monitor the health and performance of your Kubernetes pods.
For example, you can modify the Python script from Step 4 to check the status of each pod and alert if any pod is not running:
import requests
def check_kubernetes_pods(tenant, unit, api_token, application_id):
url = f"https://{tenant}-{unit}.instana.io/api/application-monitoring/applications/{application_id}/kubernetes-pods"
headers = {
"Authorization": f"apiToken {api_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
pods = response.json().get('kubernetesPods', [])
for pod in pods:
pod_name = pod['podName']
status = pod['status']
if status != "Running":
print(f"Alert: Pod {pod_name} is in {status} state!")
# Example usage
tenant = "your-tenant"
unit = "your-unit"
api_token = "your-api-token"
application_id = "your-application-id"
check_kubernetes_pods(tenant, unit, api_token, application_id)
This script checks each pod's status and prints an alert if the pod is not running. You can adapt this logic to integrate with your alerting or monitoring system.