CloudWatch Metrics for AWS CNI plugin

[PaulMaddox]

The AWS CNI plugin allows automatically exporting the following metrics to CloudWatch:

• The number of errors encountered in ipamd
• The number of ipamd actions inprogress
• The maximum number of ENIs that can be attached to the instance
• The maximum number of IP addresses that can be allocated to the instance
• The number of times ipamD reconciles on ENIs and IP addresses
• The number of add IP address request
• The number of delete IP address request
• The number of ENIs allocated
• The total number of IP addresses
• The number of IP addresses assigned to pods
• AWS API call latency in ms
• The number of times AWS API returns an error
• The number of errors not handled in awsutils library

These are super useful for EKS cluster administrators, and correct use of dashboards/alarms can save pain.

In order for this to work, the following needs to be added to eksctl:

• The worker nodes should have cloudwatch:PutMetricData permissions added.
• The following K8s manifest should be deployed: [cni_metrics_helper.yaml].(https://github.com/aws/amazon-vpc-cni-k8s/blob/master/misc/cni_metrics_helper.yaml).
• And finally, for best experience it would be great to automatically create a CloudWatch Dashboard for each EKS cluster.

[PaulMaddox]

Example CloudWatch Dashboard

[errordeveloper]

I guess we could just enable the permission without a flag. I believe the only implications would be that someone can flood CloudWatch with metrics, which impacts the bill. Creation of dashboard would have to wait for add-ons capability.

[errordeveloper]

@PaulMaddox do you agree with my assessment above?

[errordeveloper]

I'll open a PR to add IAM role, and we can get it into this week's release.

[PaulMaddox]

👍

[errordeveloper]

#296 will add the role, the rest of this feature will have to wait until add-ons are a thing (see #242).

[michaelbeaumont]

This is unlikely to be prioritized.
We are tending away from adding more special case addons to eksctl. Using this plugin may be possible at some point using cluster addons or gitops but it won't be a special case as part of eksctl directly.
Please let us know here or in a new issue if there's something eksctl does that makes using this plugin especially difficult or if you think it really is justified being part of eksctl.