Skip to content

ollionorg/eks-observability-demo

BranchesTags

Repository files navigation

EKS Observability Demo

Deploy EKS Observability resources.

Demonstration

Prerequisites

  1. Access to an AWS account.
  2. An operational EKS cluster created in your account and appropriate access.
    • EKS security groups should allow HTTPS ingress from your Cloud9 instance.
  3. IAM Identity Center is configured in the account with a user and group.
  4. A running Cloud9 environment with Administrator access for the instance IAM role.
  5. Ensure that kubectl is available from the Cloud9 environment with kubectl version --client
  6. Ensure terraform is available from the Cloud9 environment with terraform version

Setup

  1. Go to AWS Cloud9 and connect to your environment
  2. Disable AWS managed temporary credentials in Cloud9. They do not play nice with EKS.
    1. In the Cloud9 IDE, click on the cog icon at the top right of the IDE
    2. Scroll down to AWS Settings
    3. Turn off AWS managed temporary credentials
  3. If kubectl is not install, install it with the appropriate method for your OS here
  4. Connect to your EKS cluster and confirm access 
    aws eks update-kubeconfig --name <your-cluster-arn> --alias <optional-kube-context-alias>
kubectl get all -A
  5. If Terraform is not installed, install it with the appropriate method for your OS here

Deploy AWS Observability Accelerator

  1. Populate your terraform.tfvars file with your EKS cluster name and region
  2. Deploy your Terraform template 
    terraform init
terraform apply
  3. Verify

Grafana Dashboards and Alerts

Baseline dashboards and alerts are deployed from the Observability Accelerator artifacts repository. These artifacts are based on the Kubernetes Mixin repo for Kubernetes monitoring.

Deploy Sample App

Let's deploy a modified version of a sample application provided by AWS. Original source can be found here

  1. From within this demo repo, change to the sample-app directory.

    cd sample-app

  2. Retrieve the load balancer DNS name from the Ingress resource in your new namespace

    sed -i "s/{{external_ip}}/$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o 'jsonpath={$.status.loadBalancer.ingress[0].hostname}')/g" nginx-traffic-sample.yaml

  3. Deploy the sample application manifest

    kubectl apply -f nginx-traffic-sample.yaml

  4. Verify template deployed resources

    kubectl get ingress,pod,svc -n sample-app

    You should see similar output to the following

    NAME                    READY   STATUS    RESTARTS   AGE
pod/apple-app           1/1     Running   0          2m53s
pod/banana-app          1/1     Running   0          2m53s
pod/traffic-generator   1/1     Running   0          2m53s

NAME                     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/apple-service    ClusterIP   172.20.37.121   <none>        5678/TCP   2m53s
service/banana-service   ClusterIP   172.20.42.197   <none>        5678/TCP   2m53s

NAME                                           CLASS   HOSTS                                                                 ADDRESS                                                               PORTS   AGE
ingress.networking.k8s.io/ingress-nginx-demo   nginx   nginx-eksblueprintblue-82fc84117349e7fb.elb.us-west-2.amazonaws.com   nginx-eksblueprintblue-82fc84117349e7fb.elb.us-west-2.amazonaws.com   80      2m53s

Requirements

Name Version
terraform ~> 1.7
aws ~> 5.49
helm ~> 2.13
kubectl ~> 2.0
kubernetes ~> 2.30

Providers

Name Version
aws ~> 5.49

Modules

Name Source Version
addons aws-ia/eks-blueprints-addons/aws ~>1.16
eks_monitoring github.com/aws-observability/terraform-aws-observability-accelerator//modules/eks-monitoring v2.12.2
managed_grafana terraform-aws-modules/managed-service-grafana/aws ~>2.1

Resources

Name Type
aws_sns_topic.prometheus_alerts_topic resource
aws_sns_topic_subscription.grafana_alert_sub resource
aws_caller_identity.current data source
aws_eks_cluster.this data source
aws_eks_cluster_auth.this data source

Inputs

Name Description Type Default Required
cluster_name EKS cluster name the workspace is deployed for string n/a yes
grafana_workspace_name Grafana workspace name string n/a yes
region AWS Region being deployed to string n/a yes
adot_loglevel Verbosity level for ADOT Collector string "normal" no
alert_email_addresses Email addressses for Observability alerts list(string) [] no
enable_dashboards Enables or disables curated dashboards. Dashboards are managed by the Grafana Operator bool true no
global_tags Map of key,value pairs to tag all resources map(string) 
{
  "creation-method": "terraform",
  "project": "eks-observability-demo"
}
 no
grafana_admin_groups List of AWS SSO groups to assign as administrators in Amazon Managed Grafana list(string) [] no
grafana_editor_groups List of AWS SSO groups to assign as editor in Amazon Managed Grafana list(string) [] no
grafana_enable_alerts Determines whether IAM permissions for alerting are enabled for the workspace IAM role bool true no
grafana_readonly_groups List of AWS SSO groups to assign as readonly users in Amazon Managed Grafana list(string) [] no
grafana_version Grafana version string "9.4" no
target_secret_name Target secret in Kubernetes to store the Grafana API Key Secret string "grafana-admin-credentials" no
target_secret_namespace Target namespace of secret in Kubernetes to store the Grafana API Key Secret string "grafana-operator" no

Outputs

No outputs.

About

eks-observability-demo

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages