diff --git a/.gitignore b/.gitignore index 771d9c79..7df7bedd 100644 --- a/.gitignore +++ b/.gitignore @@ -22,4 +22,7 @@ yarn.lock # mkdocs artifact site # macOS extraneous file -.DS_STORE \ No newline at end of file +.DS_STORE + +#OTEL-collector-config +lib/common/resources/otel-collector-config-new.yml \ No newline at end of file diff --git a/bin/single-new-eks-fargate-opensource-observability.ts b/bin/single-new-eks-fargate-opensource-observability.ts new file mode 100644 index 00000000..5bac82f8 --- /dev/null +++ b/bin/single-new-eks-fargate-opensource-observability.ts @@ -0,0 +1,5 @@ +import SingleNewEksFargateOpenSourceObservabilityConstruct from '../lib/single-new-eks-fargate-opensource-observability-pattern'; +import { configureApp } from '../lib/common/construct-utils'; + +const app = configureApp(); +new SingleNewEksFargateOpenSourceObservabilityConstruct(app, 'single-new-eks-fargate-opensource'); \ No newline at end of file diff --git a/docs/patterns/images/OSSFargate_Arch.png b/docs/patterns/images/OSSFargate_Arch.png new file mode 100644 index 00000000..054e588c Binary files /dev/null and b/docs/patterns/images/OSSFargate_Arch.png differ diff --git a/docs/patterns/images/cluster-dashboard-fargate-oss.png b/docs/patterns/images/cluster-dashboard-fargate-oss.png new file mode 100644 index 00000000..840be507 Binary files /dev/null and b/docs/patterns/images/cluster-dashboard-fargate-oss.png differ diff --git a/docs/patterns/images/cluster-dashboard-kube-system-fargate-oss.png b/docs/patterns/images/cluster-dashboard-kube-system-fargate-oss.png new file mode 100644 index 00000000..a1db2d8f Binary files /dev/null and b/docs/patterns/images/cluster-dashboard-kube-system-fargate-oss.png differ diff --git a/docs/patterns/images/java-jmx-dashboard-fargate-oss.png b/docs/patterns/images/java-jmx-dashboard-fargate-oss.png new file mode 100644 index 00000000..3ae080a0 Binary files /dev/null and b/docs/patterns/images/java-jmx-dashboard-fargate-oss.png differ diff --git a/docs/patterns/images/kubelet-dashboard-fargate-oss.png b/docs/patterns/images/kubelet-dashboard-fargate-oss.png new file mode 100644 index 00000000..c52c669f Binary files /dev/null and b/docs/patterns/images/kubelet-dashboard-fargate-oss.png differ diff --git a/docs/patterns/single-new-eks-observability-accelerators/single-new-eks-fargate-opensource-observability.md b/docs/patterns/single-new-eks-observability-accelerators/single-new-eks-fargate-opensource-observability.md new file mode 100644 index 00000000..6aa88b11 --- /dev/null +++ b/docs/patterns/single-new-eks-observability-accelerators/single-new-eks-fargate-opensource-observability.md @@ -0,0 +1,201 @@ +# Single New EKS Cluster Opensource Observability - Fargate + +## Architecture + +The following figure illustrates the architecture of the pattern we will be deploying for Single EKS Fargate Open Source Observability pattern using open source tooling such as AWS Distro for Open Telemetry (ADOT), FluentBit (Logs), Amazon Managed Service for Prometheus and Amazon Managed Grafana: + +![Architecture](../images/OSSFargate_Arch.png) + +### Metrics and Traces +AWS Distro for OpenTelemetry (ADOT) is a secure, AWS-supported distribution of the OpenTelemetry project. With ADOT, users can instrument their applications just once to send correlated metrics and traces to multiple monitoring solutions. + +The ADOT Collector has the concept of a pipeline which comprises three key types of components, namely, receiver, processor, and exporter. A receiver is how data gets into the collector. It accepts data in a specified format, translates it into the internal format and passes it to processors and exporters defined in the pipeline. It can be pull or push based. A processor is an optional component that is used to perform tasks such as batching, filtering, and transformations on data between being received and being exported. An exporter is used to determine which destination to send the metrics, logs or traces. + +In the above architecture, the kubelet on a worker node in a Kubernetes cluster exposes resource metrics such as CPU, memory, disk, and network usage at the /metrics/cadvisor endpoint. However, in EKS Fargate networking architecture, a pod is not allowed to directly reach the kubelet on that worker node. Hence, the ADOT Collector calls the Kubernetes API Server to proxy the connection to the kubelet on a worker node, and collect kubelet's cAdvisor metrics for workloads on that node. These metrics are made available in Prometheus format. Therefore, the collector uses an instance of Prometheus Receiver as a drop-in replacement for a Prometheus server and scrapes these metrics from the Kubernetes API server endpoint. Using Kubernetes service discovery, the receiver can discover all the worker nodes in an EKS cluster. Hence, more than one instances of ADOT Collector will suffice to collect resource metrics from all the nodes in a cluster. Having a single instance of ADOT collector can be overwhelming during higher loads so always recommend to deploy more than one collector. + +### Logs +With Amazon EKS on Fargate, you can deploy pods without allocating or managing your Kubernetes nodes. This removes the need to capture system-level logs for your Kubernetes nodes. To capture the logs from your Fargate pods, we use Fluent Bit to forward the logs directly to CloudWatch. This enables you to automatically route logs to CloudWatch without further configuration or a sidecar container for your Amazon EKS pods on Fargate. For more information about this, see [Fargate logging](https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html) in the Amazon EKS documentation and [Fluent Bit for Amazon EKS](http://aws.amazon.com/blogs/containers/fluent-bit-for-amazon-eks-on-aws-fargate-is-here/) on the AWS Blog. This solution captures the STDOUT and STDERR input/output (I/O) streams from your container and sends them to CloudWatch through Fluent Bit, based on the Fluent Bit configuration established for the Amazon EKS cluster on Fargate + +## Objective + +- Deploys one production grade Amazon EKS cluster. +- AWS Distro For OpenTelemetry Operator and Collector for Metrics and Traces +- Logs with [AWS for FluentBit](https://github.com/aws/aws-for-fluent-bit) +- Installs Grafana Operator to add AWS data sources and create Grafana Dashboards to Amazon Managed Grafana. +- Installs FluxCD to perform GitOps sync of a Git Repo to EKS Cluster. We will use this later for creating Grafana Dashboards and AWS datasources to Amazon Managed Grafana. You can also use your own GitRepo to sync your own Grafana resources such as Dashboards, Datasources etc. Please check our One observability module - [GitOps with Amazon Managed Grafana](https://catalog.workshops.aws/observability/en-US/aws-managed-oss/gitops-with-amg) to learn more about this. +- Installs External Secrets Operator to retrieve and Sync the Grafana API keys. +- Amazon Managed Grafana Dashboard and data source +- Alerts and recording rules with Amazon Managed Service for Prometheus + +## Prerequisites: + +Ensure that you have installed the following tools on your machine. + +1. [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) +2. [kubectl](https://Kubernetes.io/docs/tasks/tools/) +3. [cdk](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html#getting_started_install) +4. [npm](https://docs.npmjs.com/cli/v8/commands/npm-install) + + +## Deploying + +Please follow the _Deploying_ instructions of the [New EKS Cluster Open Source Observability Accelerator](./single-new-eks-opensource-observability.md) pattern till step 7. +At step 8, execute the following + +```bash +make build +make pattern single-new-eks-fargate-opensource-observability deploy +``` + + +## Verify the resources + +Run update-kubeconfig command. You should be able to get the command from CDK output message. + +```bash +aws eks update-kubeconfig --name single-new-eks-fargate-opensource-observability-accelerator --region --role-arn arn:aws:iam::xxxxxxxxx:role/single-new-eks-fargate-op-singleneweksfargateopens-xxxxxxxx +``` + + +Let’s verify the resources created by steps above. + +```bash +kubectl get nodes -o wide +``` +``` +Output: +NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME +fargate-ip-10-0-100-154.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.100.154 Amazon Linux 2 5.10.192-183.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-102-67.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.102.67 Amazon Linux 2 5.10.192-183.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-121-124.ec2.internal Ready 7d11h v1.27.1-eks-2f008fe 10.0.121.124 Amazon Linux 2 5.10.192-183.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-135-174.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.135.174 Amazon Linux 2 5.10.192-182.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-135-90.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.135.90 Amazon Linux 2 5.10.192-182.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-136-121.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.136.121 Amazon Linux 2 5.10.192-182.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-138-15.ec2.internal Ready 2d8h v1.27.6-eks-f8587cb 10.0.138.15 Amazon Linux 2 5.10.192-183.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-139-227.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.139.227 Amazon Linux 2 5.10.192-182.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-148-152.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.148.152 Amazon Linux 2 5.10.192-182.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-151-22.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.151.22 Amazon Linux 2 5.10.192-182.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-158-82.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.158.82 Amazon Linux 2 5.10.192-182.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-161-151.ec2.internal Ready 2d8h v1.27.6-eks-f8587cb 10.0.161.151 Amazon Linux 2 5.10.192-183.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-164-251.ec2.internal Ready 87m v1.27.6-eks-f8587cb 10.0.164.251 Amazon Linux 2 5.10.192-183.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-165-99.ec2.internal Ready 2d9h v1.27.1-eks-2f008fe 10.0.165.99 Amazon Linux 2 5.10.192-183.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-167-115.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.167.115 Amazon Linux 2 5.10.192-182.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-178-170.ec2.internal Ready 12d v1.27.1-eks-2f008fe 10.0.178.170 Amazon Linux 2 5.10.192-182.736.amzn2.x86_64 containerd://1.6.6 +fargate-ip-10-0-186-44.ec2.internal Ready 87m v1.27.6-eks-f8587cb 10.0.186.44 Amazon Linux 2 5.10.192-183.736.amzn2.x86_64 containerd://1.6.6 +``` + +```bash +kubectl get pods -o wide -A +``` +``` +NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +cert-manager cert-manager-8694c7d4fd-pwmhh 1/1 Running 0 12d 10.0.135.90 fargate-ip-10-0-135-90.ec2.internal +cert-manager cert-manager-cainjector-744cb68868-m2j25 1/1 Running 0 12d 10.0.136.121 fargate-ip-10-0-136-121.ec2.internal +cert-manager cert-manager-webhook-5f6fff764b-4nq5q 1/1 Running 0 12d 10.0.151.22 fargate-ip-10-0-151-22.ec2.internal +default otel-collector-amp-collector-7cc9cfb77f-kjp5b 1/1 Running 0 2d9h 10.0.165.99 fargate-ip-10-0-165-99.ec2.internal +external-secrets blueprints-addon-external-secrets-797c97cc56-qnqvb 1/1 Running 0 12d 10.0.189.201 fargate-ip-10-0-189-201.ec2.internal +external-secrets blueprints-addon-external-secrets-cert-controller-75ccc646775f6 1/1 Running 0 12d 10.0.100.154 fargate-ip-10-0-100-154.ec2.internal +external-secrets blueprints-addon-external-secrets-webhook-749d46f5df-slb88 1/1 Running 0 12d 10.0.189.119 fargate-ip-10-0-189-119.ec2.internal +flux-system helm-controller-69ff5c96c7-xkbpc 1/1 Running 0 12d 10.0.190.34 fargate-ip-10-0-190-34.ec2.internal +flux-system image-automation-controller-65887476b7-8tvl6 1/1 Running 0 12d 10.0.167.115 fargate-ip-10-0-167-115.ec2.internal +flux-system image-reflector-controller-57847dc9cf-6pbts 1/1 Running 0 12d 10.0.178.170 fargate-ip-10-0-178-170.ec2.internal +flux-system kustomize-controller-68c6c766-hrxh4 1/1 Running 0 12d 10.0.102.67 fargate-ip-10-0-102-67.ec2.internal +flux-system notification-controller-5dbc9fc9c4-b7gvt 1/1 Running 0 12d 10.0.188.107 fargate-ip-10-0-188-107.ec2.internal +flux-system source-controller-5b669588f-jtgc6 1/1 Running 0 12d 10.0.148.152 fargate-ip-10-0-148-152.ec2.internal +grafana-operator grafana-operator-7d7ccc88f4-fw99n 1/1 Running 0 12d 10.0.99.84 fargate-ip-10-0-99-84.ec2.internal +kube-system aws-load-balancer-controller-7c7f88558d-rlzh6 1/1 Running 0 12d 10.0.158.82 fargate-ip-10-0-158-82.ec2.internal +kube-system aws-load-balancer-controller-7c7f88558d-v797p 1/1 Running 1 (5h40m ago) 12d 10.0.190.41 fargate-ip-10-0-190-41.ec2.internal +kube-system blueprints-addon-metrics-server-6765c9bc59-85jqq 1/1 Running 0 90m 10.0.186.44 fargate-ip-10-0-186-44.ec2.internal +kube-system coredns-6549dc85b9-586mh 1/1 Running 0 12d 10.0.139.227 fargate-ip-10-0-139-227.ec2.internal +kube-system coredns-6549dc85b9-n6xdr 1/1 Running 0 12d 10.0.135.174 fargate-ip-10-0-135-174.ec2.internal +kube-system kube-state-metrics-596b5dbf46-c9mdt 1/1 Running 0 90m 10.0.164.251 fargate-ip-10-0-164-251.ec2.internal +opentelemetry-operator-system opentelemetry-operator-5ddbdcdc57-nh5dr 2/2 Running 0 7d11h 10.0.121.124 fargate-ip-10-0-121-124.ec2.internal +``` + +```bash +kubectl get ns # Output shows all namespace +``` +``` +NAME STATUS AGE +aws-for-fluent-bit Active 12d +cert-manager Active 12d +default Active 12d +external-secrets Active 12d +flux-system Active 12d +grafana-operator Active 12d +kube-node-lease Active 12d +kube-public Active 12d +kube-system Active 12d +opentelemetry-operator-system Active 7d11h +``` + +## Visualize Dashboards in Amazon Managed Grafana + +Login to your Grafana workspace and navigate to the Dashboards panel. You should see a number of dashboards under `Observability Accelerator Dashboards`. Open `Kubernetes / Compute Resources / Cluster` and `Kubernetes / Kubelet` Dashboards, you should see data as below + +- **Cluster Dashboards** + +![cluster-dashboard](../images/cluster-dashboard-fargate-oss.png) + +You can also visualize cluster metrics for specific namespaces by clicking on a particular namespace. For instance, below is a snapshot of the `kube-system` namespace. + +![cluster-kube-system-dashboard](../images/cluster-dashboard-kube-system-fargate-oss.png) + +- **Kubelet Dashboard** + +![kubelet-dashboard](../images/kubelet-dashboard-fargate-oss.png) + +### Deploy Sample Java Workload + +We'll deploy a sample java workload in our newly created EKS cluster running on AWS Fargate. To do that, follow the instructions in [New EKS Cluster Java Open Source Observability Accelerator](./single-new-eks-java-opensource-observability.md) pattern till step number 4. + +Since we're deploying the sample workload on AWS Fargate compute, we need to create a Fargate profile for running the java application. + +Execute the following command to create a Fargate profile + +``` +SAMPLE_TRAFFIC_NAMESPACE=javajmx-sample +CLUSTER_NAME=single-new-eks-fargate-opensource-observability-accelerator +eksctl create fargateprofile --namespace $SAMPLE_TRAFFIC_NAMESPACE --cluster $CLUSTER_NAME --name sample-java-workload-profile +``` + +Check if the profile got created successfully by running + +``` +$ eksctl get fargateprofile --cluster $CLUSTER_NAME +NAME SELECTOR_NAMESPACE SELECTOR_LABELS POD_EXECUTION_ROLE_ARN SUBNETS TAGS STATUS +sample-java-workload-profile javajmx-sample arn:aws:iam::200202725330:role/eksctl-single-new-eks-farga-FargatePodExecutionRole-pBT3sLM15PYx subnet-0d9ae01b957d93732,subnet-07e7079de2ee19ee1,subnet-0d1f688becf9864ff ACTIVE +singleneweksfargateopensourceo-153ba837dcf44bbe84881aa5336f0bf1 default arn:aws:iam::200202725330:role/single-new-eks-fargate-op-singleneweksfargateopens-1UCAAI02CIG27 subnet-0d9ae01b957d93732,subnet-07e7079de2ee19ee1,subnet-0d1f688becf9864ff ACTIVE +singleneweksfargateopensourceo-153ba837dcf44bbe84881aa5336f0bf1 kube-system arn:aws:iam::200202725330:role/single-new-eks-fargate-op-singleneweksfargateopens-1UCAAI02CIG27 subnet-0d9ae01b957d93732,subnet-07e7079de2ee19ee1,subnet-0d1f688becf9864ff ACTIVE +singleneweksfargateopensourceo-8faabc1806d44e4bb0f656aa6785e276 cert-manager arn:aws:iam::200202725330:role/single-new-eks-fargate-op-singleneweksfargateopens-FDF881YCTAAT subnet-0d9ae01b957d93732,subnet-07e7079de2ee19ee1,subnet-0d1f688becf9864ff ACTIVE +singleneweksfargateopensourceo-8faabc1806d44e4bb0f656aa6785e276 external-secrets arn:aws:iam::200202725330:role/single-new-eks-fargate-op-singleneweksfargateopens-FDF881YCTAAT subnet-0d9ae01b957d93732,subnet-07e7079de2ee19ee1,subnet-0d1f688becf9864ff ACTIVE +singleneweksfargateopensourceo-8faabc1806d44e4bb0f656aa6785e276 flux-system arn:aws:iam::200202725330:role/single-new-eks-fargate-op-singleneweksfargateopens-FDF881YCTAAT subnet-0d9ae01b957d93732,subnet-07e7079de2ee19ee1,subnet-0d1f688becf9864ff ACTIVE +singleneweksfargateopensourceo-8faabc1806d44e4bb0f656aa6785e276 grafana-operator arn:aws:iam::200202725330:role/single-new-eks-fargate-op-singleneweksfargateopens-FDF881YCTAAT subnet-0d9ae01b957d93732,subnet-07e7079de2ee19ee1,subnet-0d1f688becf9864ff ACTIVE +singleneweksfargateopensourceo-8faabc1806d44e4bb0f656aa6785e276 opentelemetry-operator-system arn:aws:iam::200202725330:role/single-new-eks-fargate-op-singleneweksfargateopens-FDF881YCTAAT subnet-0d9ae01b957d93732,subnet-07e7079de2ee19ee1,subnet-0d1f688becf9864ff ACTIVE +``` + +Now run step 5 of the instructions at [New EKS Cluster Java Open Source Observability Accelerator](./single-new-eks-java-opensource-observability.md) pattern. + +Check whether the Sample Java Workload got deployed successfully + +``` +kubectl get po -n $SAMPLE_TRAFFIC_NAMESPACE + +NAME READY STATUS RESTARTS AGE +tomcat-bad-traffic-generator 1/1 Running 0 2d9h +tomcat-example-fcbb8856b-s4mq8 1/1 Running 0 2d9h +tomcat-traffic-generator 1/1 Running 0 2d9h +``` + +You should now see a new dashboard named `Java/JMX`, under `Observability Accelerator Dashboards`: + + +![java-dashboard](../images/java-jmx-dashboard-fargate-oss.png) + +## Teardown + +You can teardown the whole CDK stack with the following command: + +```bash +make pattern single-new-eks-fargate-opensource-observability destroy +``` \ No newline at end of file diff --git a/lib/common/resources/otel-collector-config-new.yml b/lib/common/resources/otel-collector-config-new.yml deleted file mode 100644 index 456fae3e..00000000 --- a/lib/common/resources/otel-collector-config-new.yml +++ /dev/null @@ -1,1622 +0,0 @@ -# -# OpenTelemetry Collector configuration -# Metrics pipeline with Prometheus Receiver and AWS Remote Write Exporter sending metrics to Amazon Managed Prometheus -# -apiVersion: opentelemetry.io/v1alpha1 -kind: OpenTelemetryCollector -metadata: - name: otel-collector-amp - namespace: "{{namespace}}" -spec: - mode: "{{deploymentMode}}" - image: public.ecr.aws/aws-observability/aws-otel-collector:v0.21.0 - serviceAccount: adot-collector - config: | - receivers: - prometheus: - config: - global: - scrape_interval: 15s - scrape_timeout: 10s - external_labels: - cluster: "{{clusterName}}" - scrape_configs: - - job_name: 'kubernetes-kubelet' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc.cluster.local:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/$${1}/proxy/metrics - - job_name: 'kubelet' - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc.cluster.local:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/$${1}/proxy/metrics/cadvisor - - - job_name: serviceMonitor/default/kube-prometheus-stack-prometheus-node-exporter/0 - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app, __meta_kubernetes_service_labelpresent_app] - separator: ; - regex: (prometheus-node-exporter);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_release, __meta_kubernetes_service_labelpresent_release] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: http-metrics - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_jobLabel] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: http-metrics - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - default - - job_name: serviceMonitor/default/kube-prometheus-stack-prometheus/0 - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app, __meta_kubernetes_service_labelpresent_app] - separator: ; - regex: (kube-prometheus-stack-prometheus);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_release, __meta_kubernetes_service_labelpresent_release] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_self_monitor, __meta_kubernetes_service_labelpresent_self_monitor] - separator: ; - regex: (true);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: http-web - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: http-web - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - default - - job_name: serviceMonitor/default/kube-prometheus-stack-operator/0 - honor_labels: true - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app, __meta_kubernetes_service_labelpresent_app] - separator: ; - regex: (kube-prometheus-stack-operator);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_release, __meta_kubernetes_service_labelpresent_release] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: https - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: https - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - default - - job_name: serviceMonitor/default/kube-prometheus-stack-kubelet/2 - honor_labels: true - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics/probes - scheme: https - authorization: - type: Bearer - credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name, __meta_kubernetes_service_labelpresent_app_kubernetes_io_name] - separator: ; - regex: (kubelet);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_k8s_app, __meta_kubernetes_service_labelpresent_k8s_app] - separator: ; - regex: (kubelet);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: https-metrics - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_k8s_app] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: https-metrics - action: replace - - source_labels: [__metrics_path__] - separator: ; - regex: (.*) - target_label: metrics_path - replacement: $$1 - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - kube-system - - job_name: serviceMonitor/default/kube-prometheus-stack-kubelet/1 - honor_labels: true - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics/cadvisor - scheme: https - authorization: - type: Bearer - credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name, __meta_kubernetes_service_labelpresent_app_kubernetes_io_name] - separator: ; - regex: (kubelet);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_k8s_app, __meta_kubernetes_service_labelpresent_k8s_app] - separator: ; - regex: (kubelet);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: https-metrics - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_k8s_app] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: https-metrics - action: replace - - source_labels: [__metrics_path__] - separator: ; - regex: (.*) - target_label: metrics_path - replacement: $$1 - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - kube-system - - job_name: serviceMonitor/default/kube-prometheus-stack-kubelet/0 - honor_labels: true - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: https - authorization: - type: Bearer - credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name, __meta_kubernetes_service_labelpresent_app_kubernetes_io_name] - separator: ; - regex: (kubelet);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_k8s_app, __meta_kubernetes_service_labelpresent_k8s_app] - separator: ; - regex: (kubelet);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: https-metrics - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_k8s_app] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: https-metrics - action: replace - - source_labels: [__metrics_path__] - separator: ; - regex: (.*) - target_label: metrics_path - replacement: $$1 - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - kube-system - - job_name: serviceMonitor/default/kube-prometheus-stack-kube-state-metrics/0 - honor_labels: true - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_instance, __meta_kubernetes_service_labelpresent_app_kubernetes_io_instance] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name, __meta_kubernetes_service_labelpresent_app_kubernetes_io_name] - separator: ; - regex: (kube-state-metrics);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: http - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: http - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - default - - job_name: serviceMonitor/default/kube-prometheus-stack-kube-scheduler/0 - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - authorization: - type: Bearer - credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app, __meta_kubernetes_service_labelpresent_app] - separator: ; - regex: (kube-prometheus-stack-kube-scheduler);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_release, __meta_kubernetes_service_labelpresent_release] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: http-metrics - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_jobLabel] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: http-metrics - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - kube-system - - job_name: serviceMonitor/default/kube-prometheus-stack-kube-proxy/0 - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - authorization: - type: Bearer - credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app, __meta_kubernetes_service_labelpresent_app] - separator: ; - regex: (kube-prometheus-stack-kube-proxy);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_release, __meta_kubernetes_service_labelpresent_release] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: http-metrics - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_jobLabel] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: http-metrics - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - kube-system - - job_name: serviceMonitor/default/kube-prometheus-stack-kube-etcd/0 - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - authorization: - type: Bearer - credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app, __meta_kubernetes_service_labelpresent_app] - separator: ; - regex: (kube-prometheus-stack-kube-etcd);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_release, __meta_kubernetes_service_labelpresent_release] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: http-metrics - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_jobLabel] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: http-metrics - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - kube-system - - job_name: serviceMonitor/default/kube-prometheus-stack-kube-controller-manager/0 - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - authorization: - type: Bearer - credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app, __meta_kubernetes_service_labelpresent_app] - separator: ; - regex: (kube-prometheus-stack-kube-controller-manager);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_release, __meta_kubernetes_service_labelpresent_release] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: http-metrics - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_jobLabel] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: http-metrics - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - kube-system - - job_name: serviceMonitor/default/kube-prometheus-stack-coredns/0 - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - authorization: - type: Bearer - credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app, __meta_kubernetes_service_labelpresent_app] - separator: ; - regex: (kube-prometheus-stack-coredns);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_release, __meta_kubernetes_service_labelpresent_release] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: http-metrics - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_jobLabel] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: http-metrics - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - namespaces: - own_namespace: false - names: - - kube-system - - job_name: serviceMonitor/default/kube-prometheus-stack-apiserver/0 - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: https - authorization: - type: Bearer - credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - server_name: kubernetes - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_component, __meta_kubernetes_service_labelpresent_component] - separator: ; - regex: (kubernetes);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: https - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_component] - separator: ; - regex: (.+) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: https - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - default - - job_name: serviceMonitor/default/kube-prometheus-stack-alertmanager/0 - honor_timestamps: true - scrape_interval: 30s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - follow_redirects: true - enable_http2: true - relabel_configs: - - source_labels: [job] - separator: ; - regex: (.*) - target_label: __tmp_prometheus_job_name - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_label_app, __meta_kubernetes_service_labelpresent_app] - separator: ; - regex: (kube-prometheus-stack-alertmanager);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_release, __meta_kubernetes_service_labelpresent_release] - separator: ; - regex: (kube-prometheus-stack);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_service_label_self_monitor, __meta_kubernetes_service_labelpresent_self_monitor] - separator: ; - regex: (true);true - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_port_name] - separator: ; - regex: http-web - replacement: $$1 - action: keep - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Node;(.*) - target_label: node - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name] - separator: ; - regex: Pod;(.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_namespace] - separator: ; - regex: (.*) - target_label: namespace - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: service - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_name] - separator: ; - regex: (.*) - target_label: pod - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_pod_container_name] - separator: ; - regex: (.*) - target_label: container - replacement: $$1 - action: replace - - source_labels: [__meta_kubernetes_service_name] - separator: ; - regex: (.*) - target_label: job - replacement: $$1 - action: replace - - separator: ; - regex: (.*) - target_label: endpoint - replacement: http-web - action: replace - - source_labels: [__address__] - separator: ; - regex: (.*) - modulus: 1 - target_label: __tmp_hash - replacement: $$1 - action: hashmod - - source_labels: [__tmp_hash] - separator: ; - regex: "0" - replacement: $$1 - action: keep - kubernetes_sd_configs: - - role: endpoints - kubeconfig_file: "" - follow_redirects: true - enable_http2: true - namespaces: - own_namespace: false - names: - - default - - job_name: 'kube-state-metrics' - static_configs: - - targets: ['kube-state-metrics.kube-system.svc.cluster.local:8080'] - - job_name: 'node-exporter' - kubernetes_sd_configs: - - role: endpoints - - job_name: 'kubernetes-java-jmx' - sample_limit: {{javaScrapeSampleLimit}} - metrics_path: {{javaPrometheusMetricsEndpoint}} - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [ __address__ ] - action: keep - regex: '.*:9404$' - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - action: replace - source_labels: [ __meta_kubernetes_namespace ] - target_label: Namespace - - source_labels: [ __meta_kubernetes_pod_name ] - action: replace - target_label: pod_name - - action: replace - source_labels: [ __meta_kubernetes_pod_container_name ] - target_label: container_name - - action: replace - source_labels: [ __meta_kubernetes_pod_controller_kind ] - target_label: pod_controller_kind - - action: replace - source_labels: [ __meta_kubernetes_pod_phase ] - target_label: pod_controller_phase - metric_relabel_configs: - - source_labels: [ __name__ ] - regex: 'jvm_gc_collection_seconds.*' - action: drop - exporters: - prometheusremotewrite: - endpoint: "{{remoteWriteEndpoint}}" - auth: - authenticator: sigv4auth - logging: - loglevel: info - extensions: - sigv4auth: - region: "{{awsRegion}}" - service: aps - health_check: - pprof: - endpoint: :1888 - zpages: - endpoint: :55679 - service: - extensions: [pprof, zpages, health_check, sigv4auth] - pipelines: - metrics: - receivers: [prometheus] - exporters: [logging, prometheusremotewrite] diff --git a/lib/common/resources/otel-collector-config.yml b/lib/common/resources/otel-collector-config.yml index 83542ab9..98f798ff 100644 --- a/lib/common/resources/otel-collector-config.yml +++ b/lib/common/resources/otel-collector-config.yml @@ -9,7 +9,14 @@ metadata: namespace: "{{namespace}}" spec: mode: "{{deploymentMode}}" - image: public.ecr.aws/aws-observability/aws-otel-collector:v0.21.0 + image: public.ecr.aws/aws-observability/aws-otel-collector:v0.33.1 + resources: + limits: + cpu: "1" + memory: "2Gi" + requests: + cpu: "1" + memory: "2Gi" serviceAccount: adot-collector config: | receivers: diff --git a/lib/single-new-eks-fargate-opensource-observability-pattern/index.ts b/lib/single-new-eks-fargate-opensource-observability-pattern/index.ts new file mode 100644 index 00000000..46862ef6 --- /dev/null +++ b/lib/single-new-eks-fargate-opensource-observability-pattern/index.ts @@ -0,0 +1,144 @@ +import { Construct } from 'constructs'; +import { utils } from '@aws-quickstart/eks-blueprints'; +import * as blueprints from '@aws-quickstart/eks-blueprints'; +import { GrafanaOperatorSecretAddon } from '../single-new-eks-opensource-observability-pattern/grafanaoperatorsecretaddon'; +import * as amp from 'aws-cdk-lib/aws-aps'; +import { ObservabilityBuilder } from '@aws-quickstart/eks-blueprints'; +import * as eks from 'aws-cdk-lib/aws-eks'; +import * as fs from 'fs'; + +export default class SingleNewEksFargateOpenSourceObservabilityConstruct { + constructor(scope: Construct, id: string) { + const stackId = `${id}-observability-accelerator`; + + const account = process.env.COA_ACCOUNT_ID! || process.env.CDK_DEFAULT_ACCOUNT!; + const region = process.env.COA_AWS_REGION! || process.env.CDK_DEFAULT_REGION!; + const ampWorkspaceName = process.env.COA_AMP_WORKSPACE_NAME! || 'observability-amp-Workspace'; + const ampWorkspace = blueprints.getNamedResource(ampWorkspaceName) as unknown as amp.CfnWorkspace; + const ampEndpoint = ampWorkspace.attrPrometheusEndpoint; + const ampWorkspaceArn = ampWorkspace.attrArn; + + const amgEndpointUrl = process.env.COA_AMG_ENDPOINT_URL; + // All Grafana Dashboard URLs from `cdk.json` + const fluxRepository: blueprints.FluxGitRepo = utils.valueFromContext(scope, "fluxRepository", undefined); + fluxRepository.values!.AMG_AWS_REGION = region; + fluxRepository.values!.AMP_ENDPOINT_URL = ampEndpoint; + fluxRepository.values!.AMG_ENDPOINT_URL = amgEndpointUrl; + + const ampAddOnProps: blueprints.AmpAddOnProps = { + ampPrometheusEndpoint: ampEndpoint, + ampRules: { + ampWorkspaceArn: ampWorkspaceArn, + ruleFilePaths: [ + __dirname + '/../common/resources/amp-config/alerting-rules.yml', + __dirname + '/../common/resources/amp-config/recording-rules.yml' + ] + } + }; + + let doc = utils.readYamlDocument(__dirname + '/../common/resources/otel-collector-config.yml'); + doc = utils.changeTextBetweenTokens( + doc, + "{{ if enableAPIserverJob }}", + "{{ end }}", + true + ); + console.log(doc); + fs.writeFileSync(__dirname + '/../common/resources/otel-collector-config-new.yml', doc); + + + if (utils.valueFromContext(scope, "java.pattern.enabled", false)) { + ampAddOnProps.openTelemetryCollector = { + manifestPath: __dirname + '/../common/resources/otel-collector-config-new.yml', + manifestParameterMap: { + javaScrapeSampleLimit: 1000, + javaPrometheusMetricsEndpoint: "/metrics" + } + }; + ampAddOnProps.ampRules?.ruleFilePaths.push( + __dirname + '/../common/resources/amp-config/java/alerting-rules.yml', + __dirname + '/../common/resources/amp-config/java/recording-rules.yml' + ); + } + + if (utils.valueFromContext(scope, "apiserver.pattern.enabled", false)) { + ampAddOnProps.enableAPIServerJob = true, + ampAddOnProps.ampRules?.ruleFilePaths.push( + __dirname + '/../common/resources/amp-config/apiserver/recording-rules.yml' + ); + } + + if (utils.valueFromContext(scope, "nginx.pattern.enabled", false)) { + ampAddOnProps.openTelemetryCollector = { + manifestPath: __dirname + '/../common/resources/otel-collector-config-new.yml', + manifestParameterMap: { + javaScrapeSampleLimit: 1000, + javaPrometheusMetricsEndpoint: "/metrics" + } + }; + ampAddOnProps.ampRules?.ruleFilePaths.push( + __dirname + '/../common/resources/amp-config/nginx/alerting-rules.yml' + ); + } + + Reflect.defineMetadata("ordered", true, blueprints.addons.GrafanaOperatorAddon); + const addOns: Array = [ + new blueprints.addons.VpcCniAddOn(), + new blueprints.addons.CoreDnsAddOn({ + version: "v1.10.1-eksbuild.1", + configurationValues: { computeType: "Fargate" } + }), + new blueprints.addons.KubeProxyAddOn(), + new blueprints.addons.AwsLoadBalancerControllerAddOn(), + new blueprints.addons.CertManagerAddOn({ + installCRDs: true, + createNamespace: true, + namespace: "cert-manager", + values: { webhook: { securePort: 10260 } } + }), + new blueprints.addons.KubeStateMetricsAddOn(), + new blueprints.addons.MetricsServerAddOn(), + new blueprints.addons.CloudWatchLogsAddon({ + logGroupPrefix: `/aws/eks/${stackId}`, + logRetentionDays: 30 + }), + new blueprints.addons.ExternalsSecretsAddOn({ + namespace: "external-secrets", + values: { webhook: { port: 9443 } } + }), + new blueprints.addons.GrafanaOperatorAddon(), + new blueprints.addons.FluxCDAddOn({"repositories": [fluxRepository]}), + new GrafanaOperatorSecretAddon(), + new blueprints.addons.AdotCollectorAddOn(), + new blueprints.addons.XrayAdotAddOn(), + new blueprints.addons.AmpAddOn(ampAddOnProps) + ]; + + + const fargateProfiles: Map = new Map([ + ["MyProfile", { + selectors: [ + { namespace: "cert-manager" }, + { namespace: "opentelemetry-operator-system" }, + { namespace: "external-secrets" }, + { namespace: "grafana-operator" }, + { namespace: "flux-system" } + ] + }] + ]); + + // Define fargate cluster provider and pass the profile options + const fargateClusterProvider: blueprints.FargateClusterProvider = new blueprints.FargateClusterProvider({ + fargateProfiles, + version: eks.KubernetesVersion.of("1.27") + }); + + ObservabilityBuilder.builder() + .account(account) + .region(region) + .clusterProvider(fargateClusterProvider) + .resourceProvider(ampWorkspaceName, new blueprints.CreateAmpProvider(ampWorkspaceName, ampWorkspaceName)) + .addOns(...addOns) + .build(scope, stackId); + } +} diff --git a/mkdocs.yml b/mkdocs.yml index cab7394d..d277b996 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -34,7 +34,9 @@ nav: - New Cluster: - AWS Native : patterns/single-new-eks-observability-accelerators/single-new-eks-awsnative-observability.md - Graviton OSS : patterns/single-new-eks-observability-accelerators/single-new-eks-graviton-opensource-observability.md - - Fargate AWS Native : patterns/single-new-eks-observability-accelerators/single-new-eks-awsnative-fargate-observability.md + - EKS Fargate : + - AWS Native : patterns/single-new-eks-observability-accelerators/single-new-eks-awsnative-fargate-observability.md + - OSS: patterns/single-new-eks-observability-accelerators/single-new-eks-fargate-opensource-observability.md - Mixed : patterns/single-new-eks-observability-accelerators/single-new-eks-mixed-observability.md - Multi-Cluster Multi-Region Mon : patterns/multi-new-eks-observability-accelerators/multi-acc-new-eks-mixed-observability.md - OSS : patterns/single-new-eks-observability-accelerators/single-new-eks-opensource-observability.md