diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml index 1d337604f253..c62f48f9932b 100644 --- a/_topic_maps/_topic_map_rosa.yml +++ b/_topic_maps/_topic_map_rosa.yml @@ -94,6 +94,8 @@ Topics: File: cloud-experts-aws-load-balancer-operator - Name: Configuring ROSA/OSD to use custom TLS ciphers on the ingress controllers File: cloud-experts-configure-custom-tls-ciphers +- Name: Using the AWS CloudWatch agent to publish metrics to CloudWatch in ROSA + File: rosa-mobb-aws-cloudwatch-publish-metrics --- Name: Getting started Dir: rosa_getting_started diff --git a/cloud_experts_tutorials/rosa-mobb-aws-cloudwatch-publish-metrics.adoc b/cloud_experts_tutorials/rosa-mobb-aws-cloudwatch-publish-metrics.adoc new file mode 100644 index 000000000000..35eaa19b5783 --- /dev/null +++ b/cloud_experts_tutorials/rosa-mobb-aws-cloudwatch-publish-metrics.adoc @@ -0,0 +1,173 @@ +:_content-type: ASSEMBLY +[id="rosa-mobb-aws-cloudwatch-publish-metrics"] += Tutorial: Using the AWS CloudWatch agent to publish metrics to CloudWatch in ROSA +include::_attributes/attributes-openshift-dedicated.adoc[] +:context: rosa-mobb-aws-cloudwatch-publish-metrics + +toc::[] + +//Mobb content metadata +//Brought into ROSA product docs 2023-09-19 +//--- +//date: '2021-10-04' +//title: Using the AWS Cloud Watch agent to publish metrics to CloudWatch in ROSA +//tags: ["AWS", "ROSA"] +//authors: +// - Kevin Collins +//--- + +Use the Amazon Web Services (AWS) CloudWatch agent to scrape Prometheus endpoints and publish metrics to CloudWatch in a {product-title} (ROSA) cluster. + +This tutorial pulls from the AWS documentation to install the CloudWatch agent to Kubernetes, publish metrics for the Kubernetes API server, and provide a simple dashboard to view the results. + +[IMPORTANT] +==== +The AWS CloudWatch agent does link:https://github.com/aws/amazon-cloudwatch-agent/issues/187[not support] pulling all metrics from the Prometheus federated endpoint. +==== + +.Prerequisites + +* The link:https://aws.amazon.com/cli/[AWS CLI] +* The link:https://stedolan.github.io/jq/[`jq` command] +* A ROSA cluster + +== Preparing your AWS account +. Turn off AWS CLI paging: ++ +[source,terminal] +---- +$ export AWS_PAGER="" +---- + +. Set the following environment variables, changing them to suit your environment: ++ +[source,terminal] +---- +$ export CLUSTER_NAME=metrics +$ export CLUSTER_REGION=us-east-2 +$ export SCRATCH_DIR=/tmp/scratch +$ mkdir -p $SCRATCH_DIR +---- + +. Create an AWS IAM user for CloudWatch: ++ +[source,terminal] +---- +$ aws iam create-user \ +--user-name $CLUSTER_NAME-cloud-watch \ +> $SCRATCH_DIR/aws-user.json +---- + +. Fetch access and secret keys for the IAM user: ++ +[source,terminal] +---- +$ aws iam create-access-key \ +--user-name $CLUSTER_NAME-cloud-watch \ +> $SCRATCH_DIR/aws-access-key.json +---- + +. Attach a policy to AWS IAM user: ++ +[source,terminal] +---- +$ aws iam attach-user-policy \ +--user-name $CLUSTER_NAME-cloud-watch \ +--policy-arn "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy" +---- + +== Deploying the CloudWatch Prometheus agent + +. Create a namespace for CloudWatch: ++ +[source,terminal] +---- +$ oc create namespace amazon-cloudwatch +---- + +. Download the CloudWatch agent Kubernetes manifests: ++ +[source,terminal] +---- +$ wget -O $SCRATCH_DIR/cloud-watch.yaml https://mobb.ninja/docs/rosa/metrics-to-cloudwatch-agent/cloud-watch.yaml +---- + +. Update the CloudWatch agent Kubernetes manifests: ++ +[source,terminal] +---- +$ sed -i .bak "s/__cluster_name__/$CLUSTER_NAME/g" $SCRATCH_DIR/cloud-watch.yaml +$ sed -i .bak "s/__cluster_region__/$CLUSTER_REGION/g" $SCRATCH_DIR/cloud-watch.yaml +---- + +. Provide AWS credentials to the CloudWatch agent: ++ +[source,terminal] +---- +$ AWS_ID=`cat $SCRATCH_DIR/aws-access-key.json | jq -r '.AccessKey.AccessKeyId'` +$ AWS_KEY=`cat $SCRATCH_DIR/aws-access-key.json | jq -r '.AccessKey.SecretAccessKey'` + +$ echo "[AmazonCloudWatchAgent]\naws_access_key_id = $AWS_ID\naws_secret_access_key = $AWS_KEY" \ +> $SCRATCH_DIR/credentials + +$ oc --namespace amazon-cloudwatch \ create secret generic aws-credentials \ +--from-file=credentials=$SCRATCH_DIR/credentials +---- + +. Allow the CloudWatch agent to run as a root user inside the container: ++ +[source,terminal] +---- +$ oc -n amazon-cloudwatch adm policy \ add-scc-to-user anyuid -z cwagent-prometheus +---- + +. Apply the CloudWatch agent Kubernetes manifests: ++ +[source,terminal] +---- +$ oc apply -f $SCRATCH_DIR/cloud-watch.yaml +---- + +. Check that the pod is running: ++ +[source,terminal] +---- +$ oc get pods -n amazon-cloudwatch +---- ++ +You should see: ++ +[source,terminal] +---- +NAME READY STATUS RESTARTS AGE +cwagent-prometheus-54cd498c9c-btmjm 1/1 Running 0 60m +---- + +== Creating a sample dashboard + +. Download the sample dashboard: ++ +[source,terminal] +---- +$ wget -O $SCRATCH_DIR/dashboard.json https://raw.githubusercontent.com/rh-mobb/documentation/main/content/docs/rosa/metrics-to-cloudwatch-agent/dashboard.json +---- + +. Update the sample dashboard: ++ +[source,terminal] +---- +$ sed -i .bak "s/__CLUSTER_NAME__/$CLUSTER_NAME/g" $SCRATCH_DIR/dashboard.json +$ sed -i .bak "s/__REGION_NAME__/$CLUSTER_REGION/g" $SCRATCH_DIR/dashboard.json +---- + +. Go to the link:https://us-east-2.console.aws.amazon.com/cloudwatch[CloudWatch section] of the AWS console. + +. Create a dashboard, and name it "Kubernetes API Server". + +. On the dashboard, select *Actions*, then *View/edit source*. + +. Paste the JSON contents from `$SCRATCH_DIR/dashboard.json` into the text area. + +. View your dashboard: ++ +image::dashboard.png[Dashboard] \ No newline at end of file diff --git a/images/dashboard.png b/images/dashboard.png new file mode 100644 index 000000000000..b6855a7c22ba Binary files /dev/null and b/images/dashboard.png differ