diff --git a/cloudwatch_eks_pod_logs.tf b/cloudwatch_eks_pod_logs.tf new file mode 100644 index 0000000..5685d7d --- /dev/null +++ b/cloudwatch_eks_pod_logs.tf @@ -0,0 +1,47 @@ +resource "kubernetes_namespace" "amazon_cloudwatch" { + count = var.enable_pods_logs_to_cloudwatch ? 1 : 0 + + metadata { + name = "amazon-cloudwatch" + } +} + +resource "kubernetes_config_map" "fluent_bit_cluster_info" { + count = var.enable_pods_logs_to_cloudwatch ? 1 : 0 + + metadata { + name = "fluent-bit-cluster-info" + namespace = "amazon-cloudwatch" + } + + data = { + "cluster.name" = "cluster-name" + "http.server" = On + "http.port" = 2020 + "read.head" = Off + "read.tail" = On + "logs.region" = "cluster-region" + } +} + +data "http" "fluent_bit_yaml" { + url = "https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/k8s/${local.eks_pod_logs_cloudwatch_fluent_bit_version}/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/fluent-bit/fluent-bit.yaml" +} + + +resource "null_resource" "eks_pod_cloudwatch" { + count = var.enable_pods_logs_to_cloudwatch ? 1 : 0 + + triggers = { + manifest_sha1 = sha1(data.http.fluent_bit_yaml.body) + } + + provisioner "local-exec" { + command = "kubectl replace -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/k8s/${local.eks_pod_logs_cloudwatch_fluent_bit_version}/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/fluent-bit/fluent-bit.yaml" + } + + depends_on = [ + kubernetes_namespace.amazon_cloudwatch, + kubernetes_config_map.fluent_bit_cluster_info + ] +} diff --git a/locals.tf b/locals.tf index 6df42dc..507466e 100644 --- a/locals.tf +++ b/locals.tf @@ -2,6 +2,8 @@ locals { alb_name = "aws-load-balancer-controller" partition = data.aws_partition.current.partition account_id = data.aws_caller_identity.current.account_id + # https://github.com/aws-samples/amazon-cloudwatch-container-insights/releases + eks_pod_logs_cloudwatch_fluent_bit_version = "1.3.19" tags = merge(var.tags, { "KubespotEnvironment" = var.environment_name diff --git a/node_role.tf b/node_role.tf index bc944c2..a0d4a41 100644 --- a/node_role.tf +++ b/node_role.tf @@ -36,6 +36,39 @@ resource "aws_iam_role_policy_attachment" "node_role_policies" { role = aws_iam_role.node.name } + +resource "aws_iam_policy" "eks_pod_logs_to_cloudwatch" { + count = var.eks_pod_logs_cloudwatch ? 1 : 0 + name = "nodeEksPodLogsToCloudwatch" + description = "Used by fluentbit agent to send eks pods logs to cloudwatch" + + policy = <