In today's article, We going to learn to how to enable AWS CloudWatch feature to your EKS cluster with the help of Fluentd. This will help you to monitor, isolate, and diagnose performance issues for your containerized applications. It provides near real-time visibility into resource utilization, application performance, and host health of your Amazon Elastic Kubernetes Service (EKS) clusters and the nodes they run on.

Create a EKS Cluster

Before we start, we need to create a EKS cluster. If you already have a EKS cluster, you can skip this step. In this step we will create a simple EKS cluster using eksctl byusing the below config file.

cluster.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: demo-cluster
  region: ap-southeast-1

managedNodeGroups:
  - name: demo-nodegroup
    instanceType: t3.large
    desiredCapacity: 1
    minSize: 1
    maxSize: 2
    privateNetworking: true

To create cluster with the above config file, run the below command. 

1
eksctl create cluster -f cluster.yaml

This will create a EKS cluster with the name demo-cluster and a node group with the name demo-nodegroup. You can change the name of the cluster and node group as you wish. You can also change the instance type and the number of nodes you want to create. In this example, we are creating a cluster with 1 node. You can also create a cluster with multiple nodes.

If you want to avoid manually Associate CloudWatch Policy to EKS Worker Nodes Role which is our second step, plase use below config file.

Config file 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: demo-cluster
  region: ap-southeast-1

managedNodeGroups:
  - name: demo-nodegroup
    instanceType: t3.large
    desiredCapacity: 1
    minSize: 1
    maxSize: 2
    privateNetworking: true
    iam: 
      attachPolicyARNs:
        - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
        - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser
        - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy

Associate CloudWatch Policy to EKS Worker Nodes Role

To enable CloudWatch Container Insights for your EKS cluster, you need to associate the CloudWatchAgentServerPolicy policy to the IAM role that is associated with your worker nodes. To do this, navigate to the IAM console and search for the role that is associated with your worker nodes. Then attach the CloudWatchAgentServerPolicy policy to the role.

Install CloudWatch Agent & Fluentd as DaemonSets

To install CloudWatch Agent and Fluentd as DaemonSets, run the below command. 

1
2
# Replaced Cluster Name and Region with yours
curl -s https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/quickstart/cwagent-fluentd-quickstart.yaml | sed "s/{{cluster_name}}/<REPLACE_CLUSTER_NAME>/;s/{{region_name}}/<REPLACE-AWS_REGION>/" | kubectl apply -f -

Now we have finished with our Cloudwatch agent & Fluentd DaemonSets installation. Next you need to deploy a sample application on your EKS cluster.

Access CloudWatch Dashboard

Once the CloudWatch agent & application is up and running, you can view your metrics and logs in the CloudWatch console. In next article, I'll show you how to work with Log Insights in depth & how to setup CloudWatch Alarms to notify you when certain thresholds are exceeded

Conclusion

In this tutorial, we have learned how to enable AWS CloudWatch feature to your EKS cluster. You can obtain all the required script from this GitHub repository. If you have any issue regarding this tutorial, mention your issue in the comment section or reach me through my E-mail.

Happy Coding