#!/bin/sh # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 REGION=$(../get_region.sh) AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) CLUSTER=DevOpsGuruTestCluster echo "Creating cluster in region $REGION" if [ "$REGION" = "us-east-1" ]; then echo "WARNING: If you're getting an exception as you're running in IAD/us-east-1, you need to update the code for creating a cluster." echo "WARNING: Go to the cluster_bootstrap/create_cluster.sh file for details." fi # Create cluster # If you're in IAD/us-east-1 and you're getting an exception, # append `--region=us-east-1 --zones=us-east-1a,us-east-1b,us-east-1d` to the following command. # Details https://eksctl.io/usage/creating-and-managing-clusters/ # Node type is based on the default from https://eksctl.io/ eksctl create cluster \ --name $CLUSTER \ --version 1.26 \ --with-oidc \ --managed=true \ --nodegroup-name t3-xlarge \ --node-type t3.xlarge \ --nodes 3 \ --nodes-min 2 \ --nodes-max 6 \ --region "$REGION" # Enable control plane logging aws eks update-cluster-config \ --region "$REGION" \ --name $CLUSTER \ --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}' # Create admin service account for further use eksctl utils associate-iam-oidc-provider --cluster=$CLUSTER --approve kubectl apply -f eks-admin-service-account.yaml # EBS CSI Driver EBS_CSI_ROLE=AmazonEKS_EBS_CSI_DriverRole_$REGION eksctl create iamserviceaccount \ --name ebs-csi-controller-sa \ --namespace kube-system \ --cluster $CLUSTER \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approve \ --role-only \ --role-name "$EBS_CSI_ROLE" aws eks create-addon --cluster-name $CLUSTER \ --addon-name aws-ebs-csi-driver \ --service-account-role-arn arn:aws:iam::"$AWS_ACCOUNT_ID":role/"$EBS_CSI_ROLE" # See: # - https://docs.aws.amazon.com/eks/latest/userguide/opentelemetry.html # - https://aws-otel.github.io/docs/getting-started/adot-eks-add-on/add-on-configuration-collector-deployment # - https://aws-otel.github.io/docs/getting-started/adot-eks-add-on/config-intro ./install_core_dns.sh ./install_cert_manager.sh eksctl create iamserviceaccount \ --name aws-otel-collector \ --namespace default \ --cluster $CLUSTER \ --attach-policy-arn arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess \ --attach-policy-arn arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess \ --attach-policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy \ --approve \ --override-existing-serviceaccounts kubectl apply -f adot-namespace.yaml eksctl create iamserviceaccount \ --name aws-otel-sa \ --namespace aws-otel-eks \ --cluster $CLUSTER \ --attach-policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy \ --approve \ --override-existing-serviceaccounts aws eks create-addon --addon-name adot \ --cluster-name $CLUSTER \ --configuration-values file://adot-collector-configuration.json aws eks describe-addon --addon-name adot --cluster-name $CLUSTER # Create an ADOT collector with CloudWatch exporter kubectl apply -f adot-collector-cloudwatch-insights.yaml sed "s/<<REGION>>/$REGION/g" adot-collector-cloudwatch-prometheus-metrics.yaml | kubectl apply -f - # ADOT collector without using ADOt operator since it is broken right now kubectl apply -f otel-daemonset-collector-cloudwatch-insights.yaml # Install Metrics Server ./install_metrics_server.sh # Enable ingestion of container logs into CloudWatch ./enable_cloudwatch_container_logs.sh