In previous section we learned how to receive metrics from the Kubernetes Control Plane and export them to CloudWatch using the OpenTelemetry collector. In this section we are going to demonstrate a core benefit of the OpenTelemetry Collector pattern, by configuring it to send the Kubernetes Control Plane metrics to an additional destination, AWS Managed Service for Prometheus (AMP).
Let’s create an AMP workspace:
aws amp create-workspace --alias eks-workshop --region $AWS_REGION
Now we create a new IAM Policy (AWSManagedPrometheusWriteAccessPolicy
) which grants AMP read and write permission:
read -r -d '' PERMISSION_POLICY <<EOF
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"aps:RemoteWrite",
"aps:QueryMetrics",
"aps:GetSeries",
"aps:GetLabels",
"aps:GetMetricMetadata"
],
"Resource":"*"
}
]
}
EOF
echo "${PERMISSION_POLICY}" > AMPPolicy.json
export SERVICE_ACCOUNT_IAM_POLICY_ARN="arn:aws:iam::${ACCOUNT_ID}:policy/AWSManagedPrometheusWriteAccessPolicy"
aws iam create-policy --policy-name AWSManagedPrometheusWriteAccessPolicy --policy-document file://AMPPolicy.json
Then the AWSManagedPrometheusWriteAccessPolicy
IAM Policy is attached to the IAM Role (AWSDistroOpenTelemetryRole
)
we previously created for our OpenTelemetry collector.
aws iam attach-role-policy --role-name AWSDistroOpenTelemetryRole --policy-arn=${SERVICE_ACCOUNT_IAM_POLICY_ARN}
Open kubernetes/adot/otel-prometheus.yaml
, and view lines 63-67. This describes an exporter which sends metrics to an AMP workspace.
Let’s un-comment lines 63-67 with the following command:
sed -i '63,67 s/#//g' kubernetes/adot/otel-prometheus.yaml
Now in kubernetes/adot/otel-prometheus.yaml
let’s view lines 116-119. This outlines a new pipeline, which
takes in the same prometheus metrics we send to CloudWatch, processes the metrics into batched segments, then exports
the metrics to our AMP workspace.
Let’s un-comment lines 116-119 with the following command:
sed -i '116,119 s/#//g' kubernetes/adot/otel-prometheus.yaml
Now that the Prometheus Metrics Collector’s configuration was updated to send metrics to Prometheus, let’s update our deployment.
First, let’s grab our AMP Workspace ID:
export WORKSPACE_ID=$(aws amp --region=$AWS_REGION list-workspaces --alias eks-workshop | jq .workspaces[0].workspaceId -r)
echo "AMP Workspace ID: ${WORKSPACE_ID}"
Now we’ll update the manifest with our environment variables, deploy the new manifest, and like before force-recreate the collector to speed up the rollout.
envsubst < kubernetes/adot/otel-prometheus.yaml | sponge kubernetes/adot/otel-prometheus.yaml
kubectl apply -f kubernetes/adot/otel-prometheus.yaml
kubectl delete pod -n aws-otel-eks -l name=aws-otel-eks-prometheus
Now our OpenTelemetry Collector is sending Kubernetes Control Plane metrics to both CloudWatch and Prometheus.