Amazon CloudWatch Insights for Amazon EKS on EC2 utilizing AWS Distro for OpenTelemetry Helm charts

This weblog gives a simplified three-step answer to gather metrics and logs from an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on Amazon Elastic Compute Cloud (Amazon EC2) utilizing the AWS Distro for OpenTelemetry (ADOT) Helm charts repository and ship them to Amazon CloudWatch Logs and Amazon CloudWatch Container Insights. The ADOT Helm charts repository comprises Helm charts to offer simple mechanisms to arrange the ADOT Collector and different assortment brokers like fluentbit to gather telemetry information corresponding to metrics, logs and traces to ship to AWS monitoring providers.

Amazon EKS is a managed Kubernetes service that makes it simple for organizations to run Kubernetes on AWS Cloud and on premises. Organizations use Amazon EKS to routinely handle the provision and scalability of the Kubernetes management aircraft nodes liable for scheduling containers, managing software availability, storing cluster information, and performing different key duties. ADOT is a safe, production-ready, AWS-supported distribution of the OpenTelemetry undertaking. Functions can arrange ADOT Collector and different collector brokers solely as soon as to ship correlated metrics and traces to a number of AWS and Associate monitoring options. Fluent Bit is an open-source log processor and forwarder that you need to use to gather information corresponding to metrics and logs from totally different sources. Helm deploys packaged functions to Kubernetes and constructions them into Helm charts.

Resolution overview

A high-level structure diagram depicted in Determine 1 exhibits a easy answer for accumulating metrics and logs to ship to Amazon CloudWatch Container Insights by putting in an ADOT Helm chart in your present or new Amazon EKS cluster.

Listed here are the steps to arrange an ADOT and fluentbit collector:

1. Arrange your atmosphere and set up the mandatory instruments to connect with an present or newly created Amazon EKS cluster.
2. Configure the mandatory roles for AWS Id and Entry Administration (IAM) roles for service accounts and set up Helm charts for ADOT, enabling fluentbit.
3. Monitor logs, metrics, and traces from Amazon CloudWatch Logs and Container Insights.

Determine 1. Structure diagram for Helm chart set up of ADOT and fluentbit to an present Amazon EKS cluster

Conditions

• Current AWS account with entry to AWS Administration Console
• Intermediate-level information and understanding of Amazon EKS
• An present or new Amazon EKS cluster

Set up the instruments

On this weblog, AWS Cloud9 is used as an atmosphere to connect with the Amazon EKS cluster and set up Helm charts. In case you select to make use of AWS Cloud9, comply with the step-by-step directions supplied in Creating an EC2 Setting. Check with Getting began with Amazon EKS for extra directions to put in eksctl, create EKS clusters, and arrange required IAM permissions for connecting to an EKS cluster.

1. Log in to your Amazon EKS cluster and examine the cluster. Choose an EKS cluster in AWS Administration Console. On the Assets tab, examine the DaemonSets, as in Determine 2a.
   

   Determine 2a. EKS cluster DaemonSets

2. Open Amazon CloudWatch and examine the Log teams and Amazon CloudWatch Container Insights. Notice that the Log teams and Amazon CloudWatch Container Insights in Determine 2b don’t present any EKS cluster-specific logs.
   

   Determine 2b. Container Insights earlier than ADOT and fluentbit collector set up

Set up Helm and configure IAM roles

1. Run the next command to put in Helm, confirm the model, and configure Bash completion for the Helm command:

   curl -ssl https://uncooked.githubusercontent.com/helm/helm/grasp/scripts/get-helm-3 | bash
   helm model --short
   
   helm completion bash >> ~/.bash_completion
   . /and many others/profile.d/bash_completion.sh
   . ~/.bash_completion
   supply <(helm completion bash)

2. Arrange IAM roles for service accounts.
   Substitute XXX within the following instructions along with your EKS Cluster identify.

   eksctl create iamserviceaccount 
   --name fluent-bit 
   --role-name EKS-ADOT-CWCI-Helm-Chart-Position-CW 
   --namespace amazon-cloudwatch 
   --cluster XXX 
   --attach-policy-arn arn:aws:iam::aws:coverage/CloudWatchAgentServerPolicy 
   --role-only 
   --approve
   

   eksctl create iamserviceaccount 
   --name adot-collector-sa 
   --role-name EKS-ADOT-CWCI-Helm-Chart-Position-METRICS 
   --namespace amazon-metrics 
   --cluster XXX 
   --attach-policy-arn arn:aws:iam::aws:coverage/CloudWatchAgentServerPolicy 
   --role-only 
   --approve
   

3. Deploy the ADOT Helm chart.
   Substitute XXX within the following code along with your EKS Cluster identify.

   CWCI_ADOT_HELM_ROLE_ARN_CW=$(aws iam get-role --role-name EKS-ADOT-CWCI-Helm-Chart-Position-CW | jq .Position.Arn -r)
   CWCI_ADOT_HELM_ROLE_ARN_METRICS=$(aws iam get-role --role-name EKS-ADOT-CWCI-Helm-Chart-Position-METRICS | jq .Position.Arn -r)
   helm repo add adot-helm-repo https://aws-observability.github.io/aws-otel-helm-charts
   helm set up adot-release adot-helm-repo/adot-exporter-for-eks-on-ec2  
   --set clusterName=XXX --set awsRegion=us-east-1 --set fluentbit.enabled=true 
   --set adotCollector.daemonSet.service.metrics.receivers={awscontainerinsightreceiver} 
   --set adotCollector.daemonSet.service.metrics.exporters={awsemf} 
   --set adotCollector.daemonSet.cwexporters.logStreamName=EKSNode 
   

4. Run the next instructions to validate the profitable deployment.
   • Confirm that two new namespaces have been created.
     kubectl get ns
     The outcome must be:

     $ kubectl get ns
     NAME                STATUS           AGE
     amazon-cloudwatch   Lively           2d20h
     amazon-metrics      Lively           2d20h

   • Confirm {that a} fluentbit pod was enabled as a part of the ADOT Helm Chart beneath the amazon-cloudwatch namespace.
     kubectl get all -n amazon-cloudwatch
     The outcome must be:

     kubectl get all -n amazon-cloudwatch
     NAME                   READY   STATUS    RESTARTS   AGE
     pod/fluent-bit-9lrnt   1/1     Operating   0          2d20h
     pod/fluent-bit-h9lvt   1/1     Operating   0          2d20h
     pod/fluent-bit-nbqjm   1/1     Operating   0          2d20h
     
     NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE

   • Confirm the adot-collector-pod beneath the amazon-metrics namespace.
     kubectl get all -n amazon-metrics
     The outcome must be:

     $ kubectl get all -n amazon-metrics
     NAME                                 READY   STATUS    RESTARTS   AGE
     pod/adot-collector-daemonset-6qcsd   1/1     Operating   0          2d20h
     pod/adot-collector-daemonset-f92fr   1/1     Operating   0          2d20h
     pod/adot-collector-daemonset-gmhbx   1/1     Operating   0          2d20h
     
     NAME                                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
     daemonset.apps/adot-collector-daemonset   3         3         3       3            3           <none>          2d20h

5. Validate the set up by means of the Amazon EKS cluster.
   Go to the Amazon EKS cluster and choose the Assets tab. Underneath Workloads, choose DaemonSets, and discover the fluent-bit and adot-collector-daemonsets as demonstrated in Determine 3.
   

   Determine 3. DaemonSet beneath Amazon EKS cluster assets

Monitor logs, metrics, and traces

Monitor the CloudWatch Logs and CloudWatch Insights.

• Within the Logs part, select Log teams to view Amazon EKS cluster log teams with a prefix of /aws/containerinsights, as in Determine 4a.
  

  Determine 4a. EKS cluster log teams

• Within the Insights part, select Container Insights to view all of the assets inside your Amazon EKS cluster, as in Determine 4b.
  

  Determine 4b. EKS cluster’s Container Insights assets

• On the Container Insights web page, choose Container map from the dropdown to examine the container map for Amazon EKS clusters, as demonstrated in Determine 4c.
  

  Determine 4c. EKS cluster’s Container Insights container map

• On the Container Insights web page, choose Efficiency monitoring from the dropdown to view numerous efficiency metrics for Amazon EKS cluster, as demonstrated in Determine 4d.
  

  Determine 4d. EKS cluster’s Container Insights efficiency monitoring

Cleanup

If you’re now not utilizing the assets mentioned on this weblog, take away the surplus AWS assets to keep away from incurring prices. After you end organising ADOT and fluentbit collectors to ship logs and metrics to Amazon CloudWatch Logs and Container Insights, clear up assets by uninstalling the ADOT Helm chart, deleting IAM Roles created for the providers, deleting CloudWatch Logs, and deleting Container Insights.

Conclusion

On this weblog we walked by means of a easy three-step answer to arrange Amazon EKS cluster logs and Container Insights utilizing Helm charts. The Helm chart installs ADOT and fluentbit as a DaemonSet within the present EKS cluster to gather and port logs, metrics, and traces to Amazon CloudWatch Logs and Container Insights. The Amazon CloudWatch Container Insights present insights into assets, monitor efficiency, and container map of all of the assets throughout the Amazon EKS cluster.