openshift · jneczypor · Sep 19, 2023
diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml
@@ -94,6 +94,8 @@ Topics:
   File: cloud-experts-aws-load-balancer-operator
 - Name: Configuring ROSA/OSD to use custom TLS ciphers on the ingress controllers
   File: cloud-experts-configure-custom-tls-ciphers
+- Name: Using the AWS CloudWatch agent to publish metrics to CloudWatch in ROSA
+  File: rosa-mobb-aws-cloudwatch-publish-metrics
 ---
 Name: Getting started
 Dir: rosa_getting_started

diff --git a/cloud_experts_tutorials/rosa-mobb-aws-cloudwatch-publish-metrics.adoc b/cloud_experts_tutorials/rosa-mobb-aws-cloudwatch-publish-metrics.adoc
@@ -0,0 +1,173 @@
+:_content-type: ASSEMBLY
+[id="rosa-mobb-aws-cloudwatch-publish-metrics"]
+= Tutorial: Using the AWS CloudWatch agent to publish metrics to CloudWatch in ROSA
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-mobb-aws-cloudwatch-publish-metrics
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-19
+//---
+//date: '2021-10-04'
+//title: Using the AWS Cloud Watch agent to publish metrics to CloudWatch in ROSA
+//tags: ["AWS", "ROSA"]
+//authors:
+//  - Kevin Collins
+//---
+
+Use the Amazon Web Services (AWS) CloudWatch agent to scrape Prometheus endpoints and publish metrics to CloudWatch in a {product-title} (ROSA) cluster.
+
+This tutorial pulls from the AWS documentation to install the CloudWatch agent to Kubernetes, publish metrics for the Kubernetes API server, and provide a simple dashboard to view the results.
+
+[IMPORTANT]
+====
+The AWS CloudWatch agent does link:https://github.com/aws/amazon-cloudwatch-agent/issues/187[not support] pulling all metrics from the Prometheus federated endpoint.
+====
+
+.Prerequisites
+
+* The link:https://aws.amazon.com/cli/[AWS CLI]
+* The link:https://stedolan.github.io/jq/[`jq` command]
+* A ROSA cluster
+
+== Preparing your AWS account
+. Turn off AWS CLI paging:
++
+[source,terminal]
+----
+$ export AWS_PAGER=""
+----
+
+. Set the following environment variables, changing them to suit your environment:
++
+[source,terminal]
+----
+$ export CLUSTER_NAME=metrics
+$ export CLUSTER_REGION=us-east-2
+$ export SCRATCH_DIR=/tmp/scratch
+$ mkdir -p $SCRATCH_DIR
+----
+
+. Create an AWS IAM user for CloudWatch:
++
+[source,terminal]
+----
+$ aws iam create-user \
+--user-name $CLUSTER_NAME-cloud-watch \ 
+> $SCRATCH_DIR/aws-user.json
+----
+
+. Fetch access and secret keys for the IAM user:
++
+[source,terminal]
+----
+$ aws iam create-access-key \
+--user-name $CLUSTER_NAME-cloud-watch \
+> $SCRATCH_DIR/aws-access-key.json
+----
+
+. Attach a policy to AWS IAM user:
++
+[source,terminal]
+----
+$ aws iam attach-user-policy \
+--user-name $CLUSTER_NAME-cloud-watch \
+--policy-arn "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
+----
+
+== Deploying the CloudWatch Prometheus agent
+
+. Create a namespace for CloudWatch:
++
+[source,terminal]
+----
+$ oc create namespace amazon-cloudwatch
+----
+
+. Download the CloudWatch agent Kubernetes manifests:
++
+[source,terminal]
+----
+$ wget -O $SCRATCH_DIR/cloud-watch.yaml https://mobb.ninja/docs/rosa/metrics-to-cloudwatch-agent/cloud-watch.yaml
+----
+
+. Update the CloudWatch agent Kubernetes manifests:
++
+[source,terminal]
+----
+$ sed -i .bak "s/__cluster_name__/$CLUSTER_NAME/g" $SCRATCH_DIR/cloud-watch.yaml
+$ sed -i .bak "s/__cluster_region__/$CLUSTER_REGION/g" $SCRATCH_DIR/cloud-watch.yaml
+----
+
+. Provide AWS credentials to the CloudWatch agent:
++
+[source,terminal]
+----
+$ AWS_ID=`cat $SCRATCH_DIR/aws-access-key.json | jq -r '.AccessKey.AccessKeyId'`
+$ AWS_KEY=`cat $SCRATCH_DIR/aws-access-key.json | jq -r '.AccessKey.SecretAccessKey'`
+
+$ echo "[AmazonCloudWatchAgent]\naws_access_key_id = $AWS_ID\naws_secret_access_key = $AWS_KEY" \
+> $SCRATCH_DIR/credentials
+
+$ oc --namespace amazon-cloudwatch \ create secret generic aws-credentials \
+--from-file=credentials=$SCRATCH_DIR/credentials
+----
+
+. Allow the CloudWatch agent to run as a root user inside the container:
++
+[source,terminal]
+----
+$ oc -n amazon-cloudwatch adm policy \ add-scc-to-user anyuid -z cwagent-prometheus
+----
+
+. Apply the CloudWatch agent Kubernetes manifests:
++
+[source,terminal]
+----
+$ oc apply -f $SCRATCH_DIR/cloud-watch.yaml
+----
+
+. Check that the pod is running:
++
+[source,terminal]
+----
+$ oc get pods -n amazon-cloudwatch
+----
++
+You should see:
++
+[source,terminal]
+----
+NAME                                  READY   STATUS    RESTARTS   AGE
+cwagent-prometheus-54cd498c9c-btmjm   1/1     Running   0          60m
+----
+
+== Creating a sample dashboard
+
+. Download the sample dashboard:
++
+[source,terminal]
+----
+$ wget -O $SCRATCH_DIR/dashboard.json https://raw.githubusercontent.com/rh-mobb/documentation/main/content/docs/rosa/metrics-to-cloudwatch-agent/dashboard.json
+----
+
+. Update the sample dashboard:
++
+[source,terminal]
+----
+$ sed -i .bak "s/__CLUSTER_NAME__/$CLUSTER_NAME/g" $SCRATCH_DIR/dashboard.json
+$ sed -i .bak "s/__REGION_NAME__/$CLUSTER_REGION/g" $SCRATCH_DIR/dashboard.json
+----
+
+. Go to the link:https://us-east-2.console.aws.amazon.com/cloudwatch[CloudWatch section] of the AWS console.
+
+. Create a dashboard, and name it "Kubernetes API Server".
+
+. On the dashboard, select *Actions*, then *View/edit source*.
+
+. Paste the JSON contents from `$SCRATCH_DIR/dashboard.json` into the text area.
+
+. View your dashboard:
++
+image::dashboard.png[Dashboard]
diff --git a/images/dashboard.png b/images/dashboard.png