--- # create adot-col namespace apiVersion: v1 kind: Namespace metadata: name: adot-col labels: name: adot-col --- apiVersion: v1 kind: ConfigMap metadata: name: adot-collector-conf namespace: adot-col labels: app: aws-adot component: adot-collector-conf data: adot-collector-config: | receivers: prometheus: config: global: scrape_interval: 15s scrape_timeout: 10s scrape_configs: - job_name: 'kubernetes-cadvisor' scheme: https metrics_path: /metrics/cadvisor tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: - role: node relabel_configs: - source_labels: [__meta_kubernetes_node_name] regex: (.+) target_label: __metrics_path__ replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - target_label: __address__ replacement: kubernetes.default.svc:443 exporters: prometheusremotewrite: endpoint: "<>" auth: authenticator: sigv4auth namespace: "adot" logging: loglevel: debug extensions: health_check: pprof: endpoint: :1888 zpages: endpoint: :55679 # replace this with your region sigv4auth: # TODO change this dynamically based on current region region: "eu-west-2" service: extensions: [pprof, zpages, health_check, sigv4auth] pipelines: metrics: receivers: [prometheus] exporters: [logging, prometheusremotewrite] --- # create adot-col service account and role binding apiVersion: v1 kind: ServiceAccount metadata: name: amp-iamproxy-ingest-service-account namespace: adot-col annotations: # TODO substitute the current account ID here eks.amazonaws.com/role-arn: arn:aws:iam::713965580784:role/amp-iamproxy-ingest-role --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: adotcol-admin-role rules: - apiGroups: [""] resources: - nodes - nodes/proxy - services - endpoints - pods verbs: ["get", "list", "watch"] - apiGroups: - extensions resources: - ingresses verbs: ["get", "list", "watch"] - nonResourceURLs: ["/metrics"] verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: adotcol-admin-role-binding subjects: - kind: ServiceAccount name: amp-iamproxy-ingest-service-account namespace: adot-col roleRef: kind: ClusterRole name: adotcol-admin-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Service metadata: name: adot-collector namespace: adot-col labels: app: aws-adot component: adot-collector spec: ports: - name: metrics # Default endpoint for querying metrics. port: 8888 selector: component: adot-collector type: NodePort --- apiVersion: apps/v1 kind: DaemonSet metadata: name: adot-collector namespace: adot-col labels: app: aws-adot component: adot-collector spec: selector: matchLabels: app: aws-adot component: adot-collector minReadySeconds: 5 template: metadata: labels: app: aws-adot component: adot-collector spec: serviceAccountName: amp-iamproxy-ingest-service-account containers: - command: - "/awscollector" - "--config=/conf/adot-collector-config.yaml" image: public.ecr.aws/aws-observability/aws-otel-collector:latest name: adot-collector resources: limits: cpu: 1 memory: 2Gi requests: cpu: 200m memory: 400Mi ports: - containerPort: 8888 # Default endpoint for querying metrics. volumeMounts: - name: adot-collector-config-vol mountPath: /conf livenessProbe: httpGet: path: / port: 13133 # Health Check extension default port. readinessProbe: httpGet: path: / port: 13133 # Health Check extension default port. volumes: - configMap: name: adot-collector-conf items: - key: adot-collector-config path: adot-collector-config.yaml name: adot-collector-config-vol ---