EKS Observability Demo

Deploy EKS Observability resources.

Demonstration

Prerequisites

1. Access to an AWS account.
2. An operational EKS cluster created in your account and appropriate access.
   • EKS security groups should allow HTTPS ingress from your Cloud9 instance.
3. IAM Identity Center is configured in the account with a user and group.
4. A running Cloud9 environment with Administrator access for the instance IAM role.
5. Ensure that kubectl is available from the Cloud9 environment with kubectl version --client
6. Ensure terraform is available from the Cloud9 environment with terraform version

Setup

1. Go to AWS Cloud9 and connect to your environment
2. Disable AWS managed temporary credentials in Cloud9. They do not play nice with EKS.
   1. In the Cloud9 IDE, click on the cog icon at the top right of the IDE
   2. Scroll down to AWS Settings
   3. Turn off AWS managed temporary credentials
3. If kubectl is not install, install it with the appropriate method for your OS here
4. Connect to your EKS cluster and confirm access

   aws eks update-kubeconfig --name <your-cluster-arn> --alias <optional-kube-context-alias>
   kubectl get all -A

5. If Terraform is not installed, install it with the appropriate method for your OS here

Deploy AWS Observability Accelerator

1. Populate your terraform.tfvars file with your EKS cluster name and region
2. Deploy your Terraform template

   terraform init
   terraform apply

3. Verify

Grafana Dashboards and Alerts

Baseline dashboards and alerts are deployed from the Observability Accelerator artifacts repository. These artifacts are based on the Kubernetes Mixin repo for Kubernetes monitoring.

Deploy Sample App

Let's deploy a modified version of a sample application provided by AWS. Original source can be found here

1. From within this demo repo, change to the sample-app directory.

   cd sample-app

2. Retrieve the load balancer DNS name from the Ingress resource in your new namespace

   sed -i "s/{{external_ip}}/$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o 'jsonpath={$.status.loadBalancer.ingress[0].hostname}')/g" nginx-traffic-sample.yaml

3. Deploy the sample application manifest

   kubectl apply -f nginx-traffic-sample.yaml
   

4. Verify template deployed resources

   kubectl get ingress,pod,svc -n sample-app

   You should see similar output to the following

   NAME                    READY   STATUS    RESTARTS   AGE
   pod/apple-app           1/1     Running   0          2m53s
   pod/banana-app          1/1     Running   0          2m53s
   pod/traffic-generator   1/1     Running   0          2m53s
   
   NAME                     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
   service/apple-service    ClusterIP   172.20.37.121   <none>        5678/TCP   2m53s
   service/banana-service   ClusterIP   172.20.42.197   <none>        5678/TCP   2m53s
   
   NAME                                           CLASS   HOSTS                                                                 ADDRESS                                                               PORTS   AGE
   ingress.networking.k8s.io/ingress-nginx-demo   nginx   nginx-eksblueprintblue-82fc84117349e7fb.elb.us-west-2.amazonaws.com   nginx-eksblueprintblue-82fc84117349e7fb.elb.us-west-2.amazonaws.com   80      2m53s
   

Requirements

Name	Version
terraform	~> 1.7
aws	~> 5.49
helm	~> 2.13
kubectl	~> 2.0
kubernetes	~> 2.30

Providers

Name	Version
aws	~> 5.49

Modules

Name	Source	Version
addons	aws-ia/eks-blueprints-addons/aws	~>1.16
eks_monitoring	github.com/aws-observability/terraform-aws-observability-accelerator//modules/eks-monitoring	v2.12.2
managed_grafana	terraform-aws-modules/managed-service-grafana/aws	~>2.1

Resources

Name	Type
aws_sns_topic.prometheus_alerts_topic	resource
aws_sns_topic_subscription.grafana_alert_sub	resource
aws_caller_identity.current	data source
aws_eks_cluster.this	data source
aws_eks_cluster_auth.this	data source

Inputs

Name	Description	Type	Default	Required
cluster_name	EKS cluster name the workspace is deployed for	string	n/a	yes
grafana_workspace_name	Grafana workspace name	string	n/a	yes
region	AWS Region being deployed to	string	n/a	yes
adot_loglevel	Verbosity level for ADOT Collector	string	"normal"	no
alert_email_addresses	Email addressses for Observability alerts	list(string)	[]	no
enable_dashboards	Enables or disables curated dashboards. Dashboards are managed by the Grafana Operator	bool	true	no
global_tags	Map of key,value pairs to tag all resources	map(string)	{ "creation-method": "terraform", "project": "eks-observability-demo" }	no
grafana_admin_groups	List of AWS SSO groups to assign as administrators in Amazon Managed Grafana	list(string)	[]	no
grafana_editor_groups	List of AWS SSO groups to assign as editor in Amazon Managed Grafana	list(string)	[]	no
grafana_enable_alerts	Determines whether IAM permissions for alerting are enabled for the workspace IAM role	bool	true	no
grafana_readonly_groups	List of AWS SSO groups to assign as readonly users in Amazon Managed Grafana	list(string)	[]	no
grafana_version	Grafana version	string	"9.4"	no
target_secret_name	Target secret in Kubernetes to store the Grafana API Key Secret	string	"grafana-admin-credentials"	no
target_secret_namespace	Target namespace of secret in Kubernetes to store the Grafana API Key Secret	string	"grafana-operator"	no

Outputs

No outputs.