---
title: Telegraf Documentation
description: Telegraf plugin for collecting metrics from Kubernetes
url: https://docs.influxdata.com/telegraf/v1/input-plugins/kubernetes/
estimated_tokens: 2683
product: Telegraf
version: v1
---

-   Telegraf v1.1.0+

# Kubernetes Input Plugin

This plugin gathers metrics about running pods and containers of a [Kubernetes](https://kubernetes.io/) instance via the Kubelet API.

This plugin has to run as part of a `daemonset` within a Kubernetes installation. Telegraf must run on every node within the cluster.

You should configure this plugin to talk to its locally running kubelet.

This plugin produces high cardinality data, which when not controlled for will cause high load on your database. Please make sure to [filter](/telegraf/v1/configuration/#metric-filtering) the produced metrics or configure your database to avoid cardinality issues!

**Introduced in:** Telegraf v1.1.0 **Tags:** containers **OS support:** all

## Global configuration options

Plugins support additional global and plugin configuration settings for tasks such as modifying metrics, tags, and fields, creating aliases, and configuring plugin ordering. See [CONFIGURATION.md](/telegraf/v1/configuration/#plugins) for more details.

## Configuration

```toml
# Read metrics from the kubernetes kubelet api
[[inputs.kubernetes]]
  ## URL for the kubelet, if empty read metrics from all nodes in the cluster
  url = "http://127.0.0.1:10255"

  ## Use bearer token for authorization.
  # bearer_token = "/var/run/secrets/kubernetes.io/serviceaccount/token"

  ## Kubernetes Node Metric Name
  ## The default Kubernetes node metric name (kubernetes_node) is the same
  ## for the kubernetes and kube_inventory plugins. To avoid conflicts, set this
  ## option to a different value.
  # node_metric_name = "kubernetes_node"

  ## Pod labels to be added as tags.  An empty array for both include and
  ## exclude will include all labels.
  # label_include = []
  # label_exclude = ["*"]

  ## Set response_timeout (default 5 seconds)
  # response_timeout = "5s"

  ## Optional TLS Config
  # tls_ca = /path/to/cafile
  # tls_cert = /path/to/certfile
  # tls_key = /path/to/keyfile
  ## Use TLS but skip chain & host verification
  # insecure_skip_verify = false
```

### Host IP

To find the ip address of the host you are running on you can issue a command like the following:

```sh
curl -s $API_URL/api/v1/namespaces/$POD_NAMESPACE/pods/$HOSTNAME \
  --header "Authorization: Bearer $TOKEN" \
  --insecure | jq -r '.status.hostIP'
```

This example uses the downward API to pass in the `$POD_NAMESPACE` and `$HOSTNAME` is the hostname of the pod which is set by the kubernetes API. See the [Kubernetes documentation](https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#without-kubectl-proxy) for a full example of generating a bearer token to explore the Kubernetes API.

### Daemon-set

For recommendations on running Telegraf as a daemon-set see the [Monitoring Kubernetes Architecture blog post](https://www.influxdata.com/blog/monitoring-kubernetes-architecture/) or check the following Helm charts:

-   [Telegraf](https://github.com/helm/charts/tree/master/stable/telegraf)
-   [InfluxDB](https://github.com/helm/charts/tree/master/stable/influxdb)
-   [Chronograf](https://github.com/helm/charts/tree/master/stable/chronograf)
-   [Kapacitor](https://github.com/helm/charts/tree/master/stable/kapacitor)

### RBAC Permissions

When `url` is left empty (cluster mode), the plugin uses the Kubernetes API to discover all nodes in the cluster, then connects to each node’s Kubelet on port 10250. This requires a `ClusterRole` with the following permissions:

-   **apiGroups**: `""` (core)
-   **resources**: `"nodes"`
-   **verbs**: `"list"`, `"get"`

Refer to the [Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) for creating the appropriate ClusterRole and ClusterRoleBinding.

When `url` is explicitly set (e.g., `url = "http://127.0.0.1:10255"`), the plugin only talks to the local Kubelet API and does **not** use the Kubernetes API server, so no Kubernetes RBAC permissions are required.

## Metrics

-   kubernetes\_node
    
    -   tags:
        -   node\_name
    -   fields:
        -   cpu\_usage\_nanocores
        -   cpu\_usage\_core\_nanoseconds
        -   memory\_available\_bytes
        -   memory\_usage\_bytes
        -   memory\_working\_set\_bytes
        -   memory\_rss\_bytes
        -   memory\_page\_faults
        -   memory\_major\_page\_faults
        -   network\_rx\_bytes
        -   network\_rx\_errors
        -   network\_tx\_bytes
        -   network\_tx\_errors
        -   fs\_available\_bytes
        -   fs\_capacity\_bytes
        -   fs\_used\_bytes
        -   runtime\_image\_fs\_available\_bytes
        -   runtime\_image\_fs\_capacity\_bytes
        -   runtime\_image\_fs\_used\_bytes
-   kubernetes\_pod\_container
    
    -   tags:
        -   container\_name
        -   namespace
        -   node\_name
        -   pod\_name
    -   fields:
        -   cpu\_usage\_nanocores
        -   cpu\_usage\_core\_nanoseconds
        -   memory\_usage\_bytes
        -   memory\_working\_set\_bytes
        -   memory\_rss\_bytes
        -   memory\_page\_faults
        -   memory\_major\_page\_faults
        -   rootfs\_available\_bytes
        -   rootfs\_capacity\_bytes
        -   rootfs\_used\_bytes
        -   logsfs\_available\_bytes
        -   logsfs\_capacity\_bytes
        -   logsfs\_used\_bytes
-   kubernetes\_pod\_volume
    
    -   tags:
        -   volume\_name
        -   namespace
        -   node\_name
        -   pod\_name
    -   fields:
        -   available\_bytes
        -   capacity\_bytes
        -   used\_bytes
-   kubernetes\_pod\_network
    
    -   tags:
        -   namespace
        -   node\_name
        -   pod\_name
    -   fields:
        -   rx\_bytes
        -   rx\_errors
        -   tx\_bytes
        -   tx\_errors

## Example Output

```text
kubernetes_node
kubernetes_pod_container,container_name=deis-controller,namespace=deis,node_name=ip-10-0-0-0.ec2.internal,pod_name=deis-controller-3058870187-xazsr cpu_usage_core_nanoseconds=2432835i,cpu_usage_nanocores=0i,logsfs_available_bytes=121128271872i,logsfs_capacity_bytes=153567944704i,logsfs_used_bytes=20787200i,memory_major_page_faults=0i,memory_page_faults=175i,memory_rss_bytes=0i,memory_usage_bytes=0i,memory_working_set_bytes=0i,rootfs_available_bytes=121128271872i,rootfs_capacity_bytes=153567944704i,rootfs_used_bytes=1110016i 1476477530000000000
kubernetes_pod_network,namespace=deis,node_name=ip-10-0-0-0.ec2.internal,pod_name=deis-controller-3058870187-xazsr rx_bytes=120671099i,rx_errors=0i,tx_bytes=102451983i,tx_errors=0i 1476477530000000000
kubernetes_pod_volume,volume_name=default-token-f7wts,namespace=default,node_name=ip-172-17-0-1.internal,pod_name=storage-7 available_bytes=8415240192i,capacity_bytes=8415252480i,used_bytes=12288i 1546910783000000000
kubernetes_system_container
```

#### Related

-   [Configure plugins](/telegraf/v1/configure_plugins/)
-   [Kubernetes Plugin Source](https://github.com/influxdata/telegraf/tree/v1.38.4/plugins/inputs/kubernetes/README.md)