Deploy
Deploy the Reporter app to Kubernetes via Helm.
The Reporter is a lightweight proof-of-concept entry point into Log10x. It observes the same pre-SIEM event stream your existing forwarder sees and reports cost analytics and pattern metrics back to the Log10x SaaS backend, without touching your existing log forwarder or sitting in the critical log path. For the full execution arm (Filter / Compact sidecar that actively reduces ingestion volume), see the Receiver deploy guide.
The chart deploys a self-contained DaemonSet, a bundled Fluent Bit log tailer alongside the 10x engine sidecar, on every node. Combined per-node footprint is ~250 MiB memory and 150m CPU (under 3% of a typical node). No changes to your applications or to your existing log forwarder.
Step 1: Prerequisites
| Requirement | Description |
|---|---|
| Log10x License | A signed JWT from console.log10x.com (see licenseKey / licenseFile) |
| Helm | Helm CLI installed |
| kubectl | Configured to access your cluster |
| GitHub Token | Optional, only if loading config/symbols from a private Git repo (create one) |
Step 2: Add Helm Repository
helm repo add log10x https://log-10x.github.io/helm-charts
helm repo update
helm search repo log10x/reporter-10x
View all chart values:
Step 3: Configure Deployment Settings
Create a new file called my-reporter.yaml in your working directory. This Helm values file will be used in all subsequent steps. At minimum, set the license JWT:
That's enough to run. The chart's defaults collect logs from all namespaces and ship them to the bundled 10x sidecar. The next steps add config sources, secrets, log-collection filters, and metric outputs.
Inline JWT is fine for evaluation
Passing the JWT inline is convenient for a first install, but the raw token then sits in your Helm release values (visible via helm get values). For production prefer the existing-secret mode shown in Step 5 below. The chart prints a reminder if it sees an inline JWT.
Step 4: Load Configuration
Load the 10x Engine config folder into the cluster using one of the methods below.
If you skip this step, the default configuration bundled with the 10x image is used.
An init container clones your configuration repository before each pod starts. Works with GitHub, GitLab, Bitbucket, or any HTTPS-accessible Git provider.
- Fork the Config Repository
- Create a branch for your configuration changes
- Edit the app configuration to match your metric output
Add to your Helm values:
config:
git:
enabled: true
url: "https://github.com/YOUR-ACCOUNT/config.git"
# branch: "main" # Optional
# symbols: # Uncomment if using a symbol library
# git:
# enabled: true
# url: "https://github.com/YOUR-ACCOUNT/symbols.git"
gitToken: "YOUR-GIT-TOKEN"
For production, store the token in a Kubernetes Secret rather than in the values file.
Mount an existing PersistentVolumeClaim that contains your configuration directory. This approach works in air-gapped environments and requires no external network access.
- Create a PVC containing your configuration files (cloned from the Config Repository)
- Reference it in your Helm values:
Step 5: Configure Secrets
The chart manages the Log10x license JWT via a Kubernetes Secret and mounts it as a file in the engine container (read via TENX_LICENSE_FILE). By default it creates the Secret from the log10xLicenseJwt value above:
log10xLicenseJwt: "YOUR-LICENSE-JWT-HERE"
licenseSecret:
create: true # Create a new Secret from `log10xLicenseJwt` (default)
existingSecret: "" # Or reference an existing Secret instead
secretKey: "license-jwt" # Key name inside the Secret
Using an existing Secret (recommended for production, keeps the JWT out of the values file):
log10xLicenseJwt: "" # Leave empty when using an existing Secret
licenseSecret:
create: false
existingSecret: "my-log10x-secret"
secretKey: "license-jwt"
Create the Secret out-of-band:
kubectl -n logging create secret generic my-log10x-secret \
--from-literal=license-jwt=YOUR-LICENSE-JWT-HERE
Git access token: if Step 4 references a private repo, supply the token the same way:
Airgapped mode: for clusters with no path to the Log10x SaaS (security policy, isolated network), suppress every outbound call to the vendor gateway:
With this set, the chart adds TENX_AIRGAPPED=true to the engine sidecar. The license JWT is verified locally against the embedded public key; no startup validation, no metrics reporting, no user-attribute enrichment. Customer-configured outputs (Splunk, Datadog, Elastic, etc.) are unaffected. demo and limited license types cannot run airgapped. The engine warns and falls back to online if either is configured with airgapped: true.
Step 6: Log Collection
The bundled Fluent Bit tails container logs from every node. By default it collects logs from all namespaces. Restrict or filter what's collected via the values file:
Namespace scoping
# Only collect from these namespaces
includeNamespaces:
- default
- production
- staging
# OR exclude noisy/system namespaces
excludeNamespaces:
- kube-system
- kube-public
- kube-node-lease
Use one or the other. If includeNamespaces is set, ONLY those namespaces are collected; if excludeNamespaces is set, those are skipped. If both are empty, all namespaces are collected.
Pattern filtering (drop noisy log lines before they reach the 10x sidecar)
excludePatterns:
- key: log
regex: "^\\s*$" # Drop empty lines
- key: log
regex: "health.?check" # Drop health-check noise
includePatterns:
- key: log
regex: "ERROR|WARN" # Only forward errors and warnings
Patterns use Fluent Bit's grep filter. key is the field to match against, regex is the regex.
Step 7: Deploy
Create your namespace (if needed) and install:
kubectl create namespace logging
helm install my-reporter log10x/reporter-10x \
-f my-reporter.yaml \
--namespace logging
The chart deploys a DaemonSet with two containers per node: fluent-bit (log tailer) and tenx (the 10x engine sidecar). They communicate over a shared Unix socket inside the pod.
Step 8: Verify
Verify the install in three phases: pods Ready → 10x processor alive → metrics flowing to the dashboard.
Phase A: pods Ready
kubectl -n logging wait --for=condition=Ready pod -l app.kubernetes.io/instance=my-reporter --timeout=5m
Phase B: 10x processor alive
The 10x engine runs in the tenx container alongside fluent-bit. Check the startup banner: the 🪵 / 🚀 / 📥 / 📈 lines confirm the engine wired up Fluent Bit's Forward input and is publishing metrics:
kubectl -n logging logs -l app.kubernetes.io/instance=my-reporter -c tenx --tail=200 | grep -E '🪵|🚀|📥|🚦|📈|📝'
Confirm Fluent Bit is tailing logs (look for [input:tail lines and event counts):
kubectl -n logging logs -l app.kubernetes.io/instance=my-reporter -c fluent-bit --tail=200 | grep -iE 'tail|forward|output'
Phase C: metrics flowing to the dashboard
The Reporter publishes pattern and volume metrics to your configured metrics backend; the Log10x SaaS dashboard is one option. View them in the Reporter Dashboard. The dashboard updates within a few minutes of the first events.
Step 9: Teardown
Uninstall the Helm release:
Clean up any Secret you created out-of-band (the chart-created license Secret is reaped automatically; PVCs are reaped if they were chart-created):
Verify nothing remains:
Delete the namespace (optional):
Quickstart Full Sample
Minimal-to-realistic values file. Runs against all namespaces except system ones, pulls its 10x config from a private Git repo, and uses an external Secret for the license JWT.
Save as my-reporter.yaml and apply with helm install my-reporter log10x/reporter-10x -f my-reporter.yaml -n logging.
log10xLicenseJwt: "" # Provided via existing Secret below
runtimeName: "my-reporter"
licenseSecret:
create: false
existingSecret: "my-log10x-secret"
secretKey: "license-jwt"
# Pull pipeline config + symbols from a private Git repo
config:
git:
enabled: true
url: "https://github.com/YOUR-ACCOUNT/log10x-config.git"
symbols:
git:
enabled: true
url: "https://github.com/YOUR-ACCOUNT/log10x-config.git"
path: "tenx/my-app/symbols"
gitToken: "YOUR-GIT-TOKEN"
# Skip system namespaces
excludeNamespaces:
- kube-system
- kube-public
- kube-node-lease
# Drop empty lines and health checks
excludePatterns:
- key: log
regex: "^\\s*$"
- key: log
regex: "health.?check"
# Resource overrides for high-volume nodes (>1000 containers/node)
tenx:
resources:
requests: { cpu: 200m, memory: 300Mi }
limits: { cpu: 500m, memory: 512Mi }
fluentbit:
resources:
requests: { cpu: 50m, memory: 64Mi }
limits: { cpu: 200m, memory: 128Mi }
See the Reporter app guide for the full set of values and the matching local-install walkthrough.