Merge pull request #137 from Howlla/versionBump1_28

PR - Fargate OSS pattern logs enabled | FluentBit
aws-observability · Feb 5, 2024 · 32fdf78 · 32fdf78
2 parents 3a9b3f4 + c5b29b2
commit 32fdf78
Show file tree

Hide file tree

Showing 6 changed files with 151 additions and 15 deletions.
diff --git a/docs/patterns/images/logs-fargate-fluentbit.png b/docs/patterns/images/logs-fargate-fluentbit.png
diff --git a/...s-observability-accelerators/single-new-eks-fargate-opensource-observability.md b/...s-observability-accelerators/single-new-eks-fargate-opensource-observability.md
@@ -194,8 +194,10 @@ You should now see a new dashboard named `Java/JMX`, under `Observability Accele
 
 ## Viewing Logs
 
-By default, we deploy a FluentBit daemon set in the cluster to collect worker logs for all namespaces. Logs are collected and exported to Amazon CloudWatch Logs, which enables you to centralize the logs from all of your systems, applications,
-and AWS services that you use, in a single, highly scalable service.
+Amazon EKS on Fargate offers a built-in log router based on Fluent Bit. This means that you don't explicitly run a Fluent Bit container as a sidecar, but Amazon runs it for you. All that you have to do is configure the log router. The configuration happens through a dedicated [`ConfigMap`](../../../lib/common/resources/fluent-bit/fluent-bit-fargate-config.ytpl). Logs are collected and exported to Amazon CloudWatch Logs, which enables you to centralize the logs from all of your systems, applications,
+and AWS services that you use, in a single, highly scalable service. By default, the logs are exported to us-east-1 region but you can modify the `ConfigMap` for your region of choice. At least one supported `OUTPUT` plugin has to be provided in the `ConfigMap` to enable logging. You can also modify the destination from cloudwatch to Cloudwatch (default), Amazon OpenSearch Service or Kinesis Data Firehose. Read more about [EKS Fargate logging](https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html).
+
+![fargate-fluentbit](../images/logs-fargate-fluentbit.png)
 
 ## Teardown
 

diff --git a/lib/common/resources/fluent-bit/fluent-bit-fargate-config.ytpl b/lib/common/resources/fluent-bit/fluent-bit-fargate-config.ytpl
@@ -0,0 +1,42 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: aws-observability
+  labels:
+    aws-observability: enabled
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: aws-logging
+  namespace: aws-observability
+data:
+  flb_log_cw: "{{enableFlbProcessLogs}}"  # Set to true to ship Fluent Bit process logs to CloudWatch.
+  filters.conf: |
+    [FILTER]
+        Name parser
+        Match *
+        Key_name log
+        Parser crio
+    [FILTER]
+        Name kubernetes
+        Match kube.*
+        Merge_Log On
+        Keep_Log Off
+        Buffer_Size 0
+        Kube_Meta_Cache_TTL 300s
+  output.conf: |
+    [OUTPUT]
+        Name cloudwatch_logs
+        Match   kube.*
+        region {{awsRegion}}
+        log_group_name {{logGroupName}}
+        log_stream_prefix {{log_stream_prefix}}
+        auto_create_group true
+  parsers.conf: |
+    [PARSER]
+        Name crio
+        Format Regex
+        Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>P|F) (?<log>.*)$
+        Time_Key    time
+        Time_Format %Y-%m-%dT%H:%M:%S.%L%z
diff --git a/lib/single-new-eks-awsnative-fargate-observability-construct/index.ts b/lib/single-new-eks-awsnative-fargate-observability-construct/index.ts
@@ -39,7 +39,7 @@ export default class SingleNewEksAWSNativeFargateobservabilityConstruct {
         // Define fargate cluster provider and pass the profile options
         const fargateClusterProvider : blueprints.FargateClusterProvider = new blueprints.FargateClusterProvider({
             fargateProfiles,
-            version: eks.KubernetesVersion.of("1.27")
+            version: eks.KubernetesVersion.of("1.28")
         });
 
         const certManagerAddOnProps : blueprints.CertManagerAddOnProps = {
@@ -50,7 +50,7 @@ export default class SingleNewEksAWSNativeFargateobservabilityConstruct {
         };
 
         const coreDnsAddOnProps : blueprints.CoreDnsAddOnProps = {
-            version:"v1.10.1-eksbuild.1",
+            version:"v1.10.1-eksbuild.6",
             configurationValues:{
                 computeType: "Fargate" 
             }
@@ -64,7 +64,6 @@ export default class SingleNewEksAWSNativeFargateobservabilityConstruct {
             .withCertManagerProps(certManagerAddOnProps)
             .withCoreDnsProps(coreDnsAddOnProps)
             .enableFargatePatternAddOns()
-            .enableControlPlaneLogging()
             .clusterProvider(fargateClusterProvider)
             .addOns(...addOns)
             .build(scope, stackId);

diff --git a/lib/single-new-eks-fargate-opensource-observability-pattern/fluentbitconfigmap.ts b/lib/single-new-eks-fargate-opensource-observability-pattern/fluentbitconfigmap.ts
@@ -0,0 +1,79 @@
+import 'source-map-support/register';
+import * as blueprints from '@aws-quickstart/eks-blueprints';
+import { KubectlProvider, ManifestDeployment } from "@aws-quickstart/eks-blueprints/dist/addons/helm-addon/kubectl-provider";
+import { loadYaml, readYamlDocument } from '@aws-quickstart/eks-blueprints/dist/utils';
+
+/**
+ * Configuration options for the fluentbit configmap
+ */
+export interface FluentBitConfigMapProps {
+
+    /**
+     * Region to send cloudwatch logs.
+     */
+    awsRegion: string;
+
+    /**
+     * Log Group Name in cloudwatch
+     */
+    logGroupName: string
+
+    /**
+     * Prefix for logs stream
+     */
+    logStreamPrefix: string;
+
+    /**
+     * Enable logs from fluentBit process
+     */
+    enableFlbProcessLogs?: boolean
+}
+
+/**
+ * Default props for the add-on.
+ */
+const defaultProps: FluentBitConfigMapProps = {
+    awsRegion: "us-east-1",
+    logGroupName: "fargate-observability",
+    logStreamPrefix: "from-fluent-bit-",
+    enableFlbProcessLogs: false
+};
+
+/**
+ * Creates 'aws-observability' namespace and configurable ConfigMap
+ * to enable the Fargate built-in log router based on Fluent Bit 
+ * https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html
+ */
+export class FluentBitConfigMap implements blueprints.ClusterAddOn {
+    id?: string | undefined;
+    readonly props: FluentBitConfigMapProps;
+
+    constructor(props?: FluentBitConfigMapProps) {
+        this.props = { ...defaultProps, ...props };
+    }
+
+    deploy(clusterInfo: blueprints.ClusterInfo): void {
+        const cluster = clusterInfo.cluster;
+
+        const doc = readYamlDocument(__dirname + '/../common/resources/fluent-bit/fluent-bit-fargate-config.ytpl');
+        const manifest = doc.split("---").map(e => loadYaml(e));
+
+        const values: blueprints.Values = {
+            awsRegion: this.props.awsRegion,
+            logGroupName: this.props.logGroupName,
+            log_stream_prefix: this.props.logStreamPrefix,
+            enableFlbProcessLogs: this.props.enableFlbProcessLogs,
+        };
+
+        const manifestDeployment: ManifestDeployment = {
+            name: 'aws-logging',
+            namespace: 'aws-observability',
+            manifest,
+            values
+        };
+
+        const kubectlProvider = new KubectlProvider(clusterInfo);
+        kubectlProvider.addManifest(manifestDeployment);
+
+    }
+}
diff --git a/lib/single-new-eks-fargate-opensource-observability-pattern/index.ts b/lib/single-new-eks-fargate-opensource-observability-pattern/index.ts
@@ -2,10 +2,12 @@ import { Construct } from 'constructs';
 import { utils } from '@aws-quickstart/eks-blueprints';
 import * as blueprints from '@aws-quickstart/eks-blueprints';
 import { GrafanaOperatorSecretAddon } from '../single-new-eks-opensource-observability-pattern/grafanaoperatorsecretaddon';
+import { FluentBitConfigMap, FluentBitConfigMapProps } from './fluentbitconfigmap';
 import * as amp from 'aws-cdk-lib/aws-aps';
 import { ObservabilityBuilder } from '@aws-quickstart/eks-blueprints';
 import * as eks from 'aws-cdk-lib/aws-eks';
 import * as fs from 'fs';
+import { ManagedPolicy,Role,ServicePrincipal } from "aws-cdk-lib/aws-iam";
 
 export default class SingleNewEksFargateOpenSourceObservabilityConstruct {
     constructor(scope: Construct, id: string) {
@@ -111,11 +113,17 @@ export default class SingleNewEksFargateOpenSourceObservabilityConstruct {
             );
         }
 
+        const fluentBitConfigMapProps = {
+            awsRegion: region,
+            logGroupName: "fargate-observability",
+            logStreamPrefix: "from-fluent-bit-",
+        } as FluentBitConfigMapProps;
+
         Reflect.defineMetadata("ordered", true, blueprints.addons.GrafanaOperatorAddon);
         const addOns: Array<blueprints.ClusterAddOn> = [
             new blueprints.addons.VpcCniAddOn(),
             new blueprints.addons.CoreDnsAddOn({
-                version: "v1.10.1-eksbuild.1",
+                version: "v1.10.1-eksbuild.6",
                 configurationValues: { computeType: "Fargate" }
             }),
             new blueprints.addons.KubeProxyAddOn(),
@@ -128,10 +136,6 @@ export default class SingleNewEksFargateOpenSourceObservabilityConstruct {
             }),
             new blueprints.addons.KubeStateMetricsAddOn(),
             new blueprints.addons.MetricsServerAddOn(),
-            new blueprints.addons.CloudWatchLogsAddon({
-                logGroupPrefix: `/aws/eks/${stackId}`,
-                logRetentionDays: 30
-            }),
             new blueprints.addons.ExternalsSecretsAddOn({
                 namespace: "external-secrets",
                 values: { webhook: { port: 9443 } }
@@ -141,9 +145,17 @@ export default class SingleNewEksFargateOpenSourceObservabilityConstruct {
             new GrafanaOperatorSecretAddon(),
             new blueprints.addons.AdotCollectorAddOn(),
             new blueprints.addons.XrayAdotAddOn(),
-            new blueprints.addons.AmpAddOn(ampAddOnProps)
+            new blueprints.addons.AmpAddOn(ampAddOnProps),
+            new FluentBitConfigMap(fluentBitConfigMapProps)
         ];
 
+        const nodeRole = new blueprints.CreateRoleProvider("blueprint-fargate-pod-role", new ServicePrincipal("eks-fargate-pods.amazonaws.com"),
+            [
+                ManagedPolicy.fromAwsManagedPolicyName("AmazonEKSFargatePodExecutionRolePolicy"),
+                ManagedPolicy.fromAwsManagedPolicyName("CloudWatchAgentServerPolicy"),
+            ]);
+
+        const podExecutionRole = blueprints.getNamedResource("blueprint-fargate-pod-role") as Role;
 
         const fargateProfiles: Map<string, eks.FargateProfileOptions> = new Map([
             ["MyProfile", {
@@ -153,22 +165,24 @@ export default class SingleNewEksFargateOpenSourceObservabilityConstruct {
                     { namespace: "external-secrets" },
                     { namespace: "grafana-operator" },
                     { namespace: "flux-system" }
-                ]
-            }]
+                ],  podExecutionRole : podExecutionRole
+            }],
         ]);
 
         // Define fargate cluster provider and pass the profile options
         const fargateClusterProvider: blueprints.FargateClusterProvider = new blueprints.FargateClusterProvider({
             fargateProfiles,
-            version: eks.KubernetesVersion.of("1.27")
+            version: eks.KubernetesVersion.of("1.28"),
         });
 
+
         ObservabilityBuilder.builder()
             .account(account)
             .region(region)
             .clusterProvider(fargateClusterProvider)
+            .resourceProvider("blueprint-fargate-pod-role", nodeRole)
             .resourceProvider(ampWorkspaceName, new blueprints.CreateAmpProvider(ampWorkspaceName, ampWorkspaceName))
             .addOns(...addOns)
             .build(scope, stackId);
     }
-}
+}