Enable Logging and Monitoring of Lazsa Orchestrator Agent

The Lazsa Platform leverages Amazon CloudWatch for logging and monitoring of the EKS clusters on which Lazsa Orchestrator Agent is deployed.

 

Prerequisites:

• The EKS cluster must have IAM policy with CloudWatchReadWriteAccess policy applied to it.

1. Create a namespace in the EKS cluster using the following command:

   kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cloudwatch-namespace.yaml

2. Create a ConfigMap named cluster-infoto send the logs to. Use the following command to create ConfigMap. Replace cluster-name and cluster-region with the name of your cluster and region.

   ClusterName=<cluster-name>

   RegionName=<cluster-region>

   FluentBitHttpPort='2020'

   FluentBitReadFromHead='Off'

   [[ ${FluentBitReadFromHead} = 'On' ]] && FluentBitReadFromTail='Off'|| FluentBitReadFromTail='On'

   [[ -z ${FluentBitHttpPort} ]] && FluentBitHttpServer='Off' || FluentBitHttpServer='On'

   kubectl create configmap fluent-bit-cluster-info \

   --from-literal=cluster.name=${ClusterName} \

   --from-literal=http.server=${FluentBitHttpServer} \

   --from-literal=http.port=${FluentBitHttpPort} \

   --from-literal=read.head=${FluentBitReadFromHead} \

   --from-literal=read.tail=${FluentBitReadFromTail} \

   --from-literal=logs.region=${RegionName} -n amazon-cloudwatch

To enable monitoring on the EKS cluster, you must complete the following steps:

1. Create a namespace on the EKS cluster using the following command:

   kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cloudwatch-namespace.yaml

2. Create a Service Account using the following command:

   kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cwagent/cwagent-serviceaccount.yaml

3. Download the ConfigMap YAML to your kubectl client host by running the following command:

   curl -O https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cwagent/cwagent-configmap.yaml

4. Edit the downloaded YAML file, as follows:

   cluster_name – In the kubernetes section, replace {{cluster-name}} with the name of your cluster. Remove the {{}} characters. Alternatively, if you're using an Amazon EKS cluster, you can delete the "cluster_name" field and value. If you do, the CloudWatch agent detects the cluster name from the Amazon EC2 tags.

5. Create the ConfigMap in the cluster by running the following command:

   kubectl apply -f cwagent-configmap.yaml

6. Deploy the CloudWatch agent as a DaemonSet by running the following command:

   kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cwagent/cwagent-daemonset.yaml

 

Example of CloudWatchReadWriteAccess policy:

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"cloudwatch:PutMetricData",

"ec2:DescribeVolumes",

"ec2:DescribeTags",

"logs:PutLogEvents",

"logs:DescribeLogStreams",

"logs:DescribeLogGroups",

"logs:CreateLogStream",

"logs:CreateLogGroup"

],

"Resource": "*"

},

{

"Effect": "Allow",

"Action": [

"ssm:GetParameter"

],

"Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"

}

]

}

Recommended Topics

What's next?Lazsa Orchestrator Agent