Install CloudWatch Container Insights on EKS | Kubernetes

To
You can download this article in PDF format via the link below to support us.

Download the guide in PDF format

turn off
To

To
To

CloudWatch is a service that collects operational and monitoring data in the form of logs, metrics, and events in the AWS Cloud Platform. Then, it visualizes the data by using automated dashboards so that you can view the AWS resources, applications, and services running on AWS and locally.

After deploying an EKS or Kubernetes cluster, you need to configure Container Insights to send data to CloudWatch.

The prerequisite for this setup is a functioning Amazon EKS or Kubernetes cluster. If you need to refer to installation articles, please find them on our website.

Use EKS to easily set up a Kubernetes cluster on AWS

Use kubeadm to install a Kubernetes cluster on Ubuntu

Use kubeadm to install a Kubernetes cluster on CentOS 7

Check to confirm that kubectl can connect to the Kubernetes API Server.

$ kubectl get nodes
NAME                                            STATUS   ROLES    AGE   VERSION
ip-192-168-138-244.eu-west-1.compute.internal   Ready       9d    v1.17.9-eks-4c6976
ip-192-168-176-247.eu-west-1.compute.internal   Ready       9d    v1.17.9-eks-4c6976

Create a policy and attach it to the IAM role of the worker node

Open the Amazon EC2 console in the following location https://console.aws.amazon.com/ec2/ And select a Worker node.

Select the IAM role in the description. On the IAM role page, select Additional policy.

Choose CloudWatchAgentServerPolicy Check box and attach policy.

Set up container insights on Amazon EKS

After attaching the policy to the EKS secondary node role, continue to deploy Container Insights on Amazon EKS.

Save the cluster name and region as variables.

EKS_CLUSTER_NAME="prod-eks-cluster"
EKS_CLUSTER_REGION="eu-west-1"

Download the installation list:

curl -O https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/quickstart/cwagent-fluentd-quickstart.yaml

Update the file to set the correct cluster and zone name.

sed -ie "s/{{cluster_name}}/${EKS_CLUSTER_NAME}/;s/{{region_name}}/${EKS_CLUSTER_REGION}/" cwagent-fluentd-quickstart.yaml

Use the following command to install Container Insights on Amazon EKS.

kubectl apply -f ./cwagent-fluentd-quickstart.yaml

As shown in the command execution output, many resources are created:

namespace/amazon-cloudwatch unchanged
serviceaccount/cloudwatch-agent unchanged
clusterrole.rbac.authorization.k8s.io/cloudwatch-agent-role unchanged
clusterrolebinding.rbac.authorization.k8s.io/cloudwatch-agent-role-binding unchanged
configmap/cwagentconfig unchanged
daemonset.apps/cloudwatch-agent unchanged
configmap/cluster-info unchanged
serviceaccount/fluentd unchanged
clusterrole.rbac.authorization.k8s.io/fluentd-role unchanged
clusterrolebinding.rbac.authorization.k8s.io/fluentd-role-binding unchanged
configmap/fluentd-config unchanged
daemonset.apps/fluentd-cloudwatch unchanged

Get the status of all resources in the amazon-cloudwatch namespace.

$ kubectl get all -n amazon-cloudwatch
NAME                           READY   STATUS    RESTARTS   AGE
pod/cloudwatch-agent-lqtfw     1/1     Running   0          5m21s
pod/cloudwatch-agent-lsz92     1/1     Running   0          5m21s
pod/fluentd-cloudwatch-6j2jf   1/1     Running   0          5m17s
pod/fluentd-cloudwatch-dzrdq   1/1     Running   0          5m17s

NAME                                DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/cloudwatch-agent     2         2         2       2            2                     5m22s
daemonset.apps/fluentd-cloudwatch   2         2         2       2            2                     5m18s

We can see that all Pods are running and they are created by the daemon set.