Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ollionorg/eks-observability-demo

eks-observability-demo
https://github.com/ollionorg/eks-observability-demo

Last synced: 6 months ago
JSON representation

eks-observability-demo

Awesome Lists containing this project

README 

          
# EKS Observability Demo



Deploy EKS Observability resources.



## Demonstration



### Prerequisites



1. Access to an AWS account.

1. An operational EKS cluster created in your account and appropriate access.

   - EKS security groups should allow HTTPS ingress from your Cloud9 instance.

1. IAM Identity Center is configured in the account with a user and group.

1. A running Cloud9 environment with Administrator access for the instance IAM role.

1. Ensure that kubectl is available from the Cloud9 environment with `kubectl version --client`

1. Ensure terraform is available from the Cloud9 environment with `terraform version`



### Setup



1. Go to AWS Cloud9 and connect to your environment

1. Disable AWS managed temporary credentials in Cloud9. They do not play nice with EKS.

   1. In the Cloud9 IDE, click on the cog icon at the top right of the IDE

   1. Scroll down to `AWS Settings`

   1. Turn off `AWS managed temporary credentials`

1. If kubectl is not install, install it with the appropriate method for your OS [here](https://kubernetes.io/docs/tasks/tools/install-kubectl/)

1. Connect to your EKS cluster and confirm access

   ```bash

   aws eks update-kubeconfig --name  --alias 

   kubectl get all -A

   ```

1. If Terraform is not installed, install it with the appropriate method for your OS [here](https://learn.hashicorp.com/tutorials/terraform/install-cli)



### Deploy AWS Observability Accelerator



1. Populate your `terraform.tfvars` file with your EKS cluster name and region

1. Deploy your Terraform template

   ```bash

   terraform init

   terraform apply

   ```

1. Verify 



#### Grafana Dashboards and Alerts



Baseline dashboards and alerts are deployed from the [Observability Accelerator artifacts repository](https://github.com/aws-observability/aws-observability-accelerator/tree/main/artifacts).  These artifacts are based on the [Kubernetes Mixin repo for Kubernetes monitoring](https://github.com/kubernetes-monitoring/kubernetes-mixin).



### Deploy Sample App



Let's deploy a modified version of a sample application provided by AWS.  Original source can be found [here](https://github.com/aws-observability/aws-observability-accelerator/blob/main/artifacts/k8s-deployment-manifest-templates/nginx/nginx-traffic-sample.yaml)



1. From within this demo repo, change to the `sample-app` directory.

   ```bash

   cd sample-app

   ```

1. Retrieve the load balancer DNS name from the Ingress resource in your new namespace

   ```bash

   sed -i "s/{{external_ip}}/$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o 'jsonpath={$.status.loadBalancer.ingress[0].hostname}')/g" nginx-traffic-sample.yaml

   ```

1. Deploy the sample application manifest

   ```

   kubectl apply -f nginx-traffic-sample.yaml

   ```

1. Verify template deployed resources

   ```bash

   kubectl get ingress,pod,svc -n sample-app

   ```



   You should see similar output to the following

   ```

   NAME                    READY   STATUS    RESTARTS   AGE

   pod/apple-app           1/1     Running   0          2m53s

   pod/banana-app          1/1     Running   0          2m53s

   pod/traffic-generator   1/1     Running   0          2m53s



   NAME                     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE

   service/apple-service    ClusterIP   172.20.37.121           5678/TCP   2m53s

   service/banana-service   ClusterIP   172.20.42.197           5678/TCP   2m53s



   NAME                                           CLASS   HOSTS                                                                 ADDRESS                                                               PORTS   AGE

   ingress.networking.k8s.io/ingress-nginx-demo   nginx   nginx-eksblueprintblue-82fc84117349e7fb.elb.us-west-2.amazonaws.com   nginx-eksblueprintblue-82fc84117349e7fb.elb.us-west-2.amazonaws.com   80      2m53s

   ```



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | ~> 1.7 |

|  [aws](#requirement\_aws) | ~> 5.49 |

|  [helm](#requirement\_helm) | ~> 2.13 |

|  [kubectl](#requirement\_kubectl) | ~> 2.0 |

|  [kubernetes](#requirement\_kubernetes) | ~> 2.30 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | ~> 5.49 |



## Modules



| Name | Source | Version |

|------|--------|---------|

|  [addons](#module\_addons) | aws-ia/eks-blueprints-addons/aws | ~>1.16 |

|  [eks\_monitoring](#module\_eks\_monitoring) | github.com/aws-observability/terraform-aws-observability-accelerator//modules/eks-monitoring | v2.12.2 |

|  [managed\_grafana](#module\_managed\_grafana) | terraform-aws-modules/managed-service-grafana/aws | ~>2.1 |



## Resources



| Name | Type |

|------|------|

| [aws_sns_topic.prometheus_alerts_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic_subscription.grafana_alert_sub](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

| [aws_eks_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |

| [aws_eks_cluster_auth.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [cluster\_name](#input\_cluster\_name) | EKS cluster name the workspace is deployed for | `string` | n/a | yes |

|  [grafana\_workspace\_name](#input\_grafana\_workspace\_name) | Grafana workspace name | `string` | n/a | yes |

|  [region](#input\_region) | AWS Region being deployed to | `string` | n/a | yes |

|  [adot\_loglevel](#input\_adot\_loglevel) | Verbosity level for ADOT Collector | `string` | `"normal"` | no |

|  [alert\_email\_addresses](#input\_alert\_email\_addresses) | Email addressses for Observability alerts | `list(string)` | `[]` | no |

|  [enable\_dashboards](#input\_enable\_dashboards) | Enables or disables curated dashboards. Dashboards are managed by the Grafana Operator | `bool` | `true` | no |

|  [global\_tags](#input\_global\_tags) | Map of key,value pairs to tag all resources | `map(string)` | 
{
  "creation-method": "terraform",
  "project": "eks-observability-demo"
}
 | no |

|  [grafana\_admin\_groups](#input\_grafana\_admin\_groups) | List of AWS SSO groups to assign as administrators in Amazon Managed Grafana | `list(string)` | `[]` | no |

|  [grafana\_editor\_groups](#input\_grafana\_editor\_groups) | List of AWS SSO groups to assign as editor in Amazon Managed Grafana | `list(string)` | `[]` | no |

|  [grafana\_enable\_alerts](#input\_grafana\_enable\_alerts) | Determines whether IAM permissions for alerting are enabled for the workspace IAM role | `bool` | `true` | no |

|  [grafana\_readonly\_groups](#input\_grafana\_readonly\_groups) | List of AWS SSO groups to assign as readonly users in Amazon Managed Grafana | `list(string)` | `[]` | no |

|  [grafana\_version](#input\_grafana\_version) | Grafana version | `string` | `"9.4"` | no |

|  [target\_secret\_name](#input\_target\_secret\_name) | Target secret in Kubernetes to store the Grafana API Key Secret | `string` | `"grafana-admin-credentials"` | no |

|  [target\_secret\_namespace](#input\_target\_secret\_namespace) | Target namespace of secret in Kubernetes to store the Grafana API Key Secret | `string` | `"grafana-operator"` | no |



## Outputs



No outputs.