cloudwatch-指标收集
开源exporter
yet-another-cloudwatch-exporter
部署方式
k8s集群部署
1.helm-chart包
helm-chart: https://prometheus-community.github.io/helm-charts
prometheus-community/yet-another-cloudwatch-exporter
2.准备依赖:
1.署前需要创建单独获取cloudwatch指标的角色
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# 执行一次
aws iam create-role --role-name yace-irsa-role --assume-role-policy-document file://yace-trust-policy.json
# 更新信任策略
aws iam update-assume-role-policy --role-name yace-irsa-role --policy-document file://yace-trust-policy.json
aws iam attach-role-policy --role-name yace-irsa-role --policy-arn arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess
# 执行一次
aws iam create-policy --policy-name yace-resource-policy --policy-document file://yace-resource-policy.json
aws iam attach-role-policy --role-name yace-irsa-role --policy-arn arn:aws:iam::335581776782:policy/yace-resource-policy
# 更新策略
aws iam put-role-policy --role-name yace-irsa-role --policy-name yace-inline-policy --policy-document file://yace-resource-policy.json
aws iam create-policy-version --policy-arn arn:aws:iam::335581776782:policy/yace-resource-policy --policy-document file://yace-resource-policy.json --set-as-default
2.依赖附件
yace-trust-policy.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::xxx:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/xxx"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.eks.us-west-2.amazonaws.com/id/xxx:sub": "system:serviceaccount:monitor:yace-sa"
}
}
},
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::xxx:oidc-provider/oidc.eks.eu-central-1.amazonaws.com/id/xxx"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.eks.eu-central-1.amazonaws.com/id/xxx:sub": "system:serviceaccount:monitor:yace-sa"
}
}
},
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::xxx:oidc-provider/oidc.eks.ap-southeast-1.amazonaws.com/id/xxx"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.eks.ap-southeast-1.amazonaws.com/id/xxx:sub": "system:serviceaccount:monitor:yace-sa"
}
}
}
]
}
yace-resource-policy.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:DescribeInstances",
"rds:DescribeDBInstances",
"es:ListDomainNames",
"es:DescribeElasticsearchDomains",
"elasticloadbalancing:DescribeLoadBalancers",
"s3:ListAllMyBuckets",
"tag:GetResources",
"tag:GetTagKeys",
"tag:GetTagValues",
"elasticache:DescribeCacheClusters",
"elasticache:ListTagsForResource",
"iam:ListAccountAliases"
],
"Resource": "*"
}
]
}
3.资源实例增加标签
/将需要增加监控的实例,更加资源类型,增加以下标签
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 增加标签
key: resource
value: <资源类型>
## 资源类型标签有:
AWS/ApplicationELB
AWS/AutoScaling
AWS/Backup
AWS/EBS
AWS/EC2
AWS/EFS
AWS/ElastiCache
AWS/ELB
AWS/Events
AWS/Lambda
AWS/NATGateway
AWS/RDS
AWS/S3
本文由作者按照
CC BY 4.0
进行授权