Advanced Cluster Management Observability on ROSA
This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.
This document will take you through deploying ACM Observability on a ROSA cluster. see here for the original documentation.
Prerequisites
- An existing ROSA cluster
- An Advanced Cluster Management (ACM) deployment
Set up environment
Set environment variables
export CLUSTER_NAME=my-cluster export S3_BUCKET=$CLUSTER_NAME-acm-observability export REGION=us-east-2 export NAMESPACE=open-cluster-management-observability export SA=tbd export SCRATCH_DIR=/tmp/scratch export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) export AWS_PAGER="" rm -rf $SCRATCH_DIR mkdir -p $SCRATCH_DIR
Copy
Prepare AWS Account
Create an S3 bucket
aws s3 mb s3://$S3_BUCKET
CopyCreate a Policy for access to S3
cat <<EOF > $SCRATCH_DIR/s3-policy.json { "Version": "2012-10-17", "Statement": [ { "Sid": "Statement", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject", "s3:DeleteObject", "s3:PutObject", "s3:PutObjectAcl", "s3:CreateBucket", "s3:DeleteBucket" ], "Resource": [ "arn:aws:s3:::$S3_BUCKET/*", "arn:aws:s3:::$S3_BUCKET" ] } ] } EOF
CopyApply the Policy
S3_POLICY=$(aws iam create-policy --policy-name $CLUSTER_NAME-acm-obs \ --policy-document file://$SCRATCH_DIR/s3-policy.json \ --query 'Policy.Arn' --output text) echo $S3_POLICY
CopyCreate service account
aws iam create-user --user-name $CLUSTER_NAME-acm-obs \ --query User.Arn --output text
CopyAttach policy to user
aws iam attach-user-policy --user-name $CLUSTER_NAME-acm-obs \ --policy-arn ${S3_POLICY}
CopyCreate Access Keys
read -r ACCESS_KEY_ID ACCESS_KEY < <(aws iam create-access-key \ --user-name $CLUSTER_NAME-acm-obs \ --query 'AccessKey.[AccessKeyId,SecretAccessKey]' --output text)
Copy
ACM Hub
Log into the OpenShift cluster that is running your ACM Hub. We’ll set up Observability here
Create a namespace for the observability
oc new-project $NAMESPACE
CopyGenerate a pull secret (this will check if the pull secret exists, if not, it will create it)
DOCKER_CONFIG_JSON=`oc extract secret/multiclusterhub-operator-pull-secret -n open-cluster-management --to=-` || \ DOCKER_CONFIG_JSON=`oc extract secret/pull-secret -n openshift-config --to=-` && \ oc create secret generic multiclusterhub-operator-pull-secret \ -n open-cluster-management-observability \ --from-literal=.dockerconfigjson="$DOCKER_CONFIG_JSON" \ --type=kubernetes.io/dockerconfigjson
CopyCreate a Secret containing your S3 details
cat << EOF | kubectl apply -f - apiVersion: v1 kind: Secret metadata: name: thanos-object-storage namespace: open-cluster-management-observability type: Opaque stringData: thanos.yaml: | type: s3 config: bucket: $S3_BUCKET endpoint: s3.$REGION.amazonaws.com signature_version2: false access_key: $ACCESS_KEY_ID secret_key: $ACCESS_KEY EOF
CopyCreate a CR for
MulticlusterHub
cat << EOF | kubectl apply -f - apiVersion: observability.open-cluster-management.io/v1beta2 kind: MultiClusterObservability metadata: name: observability spec: observabilityAddonSpec: {} storageConfig: metricObjectStorage: name: thanos-object-storage key: thanos.yaml EOF
Copy
Access ACM Observability
- Log into Advanced Cluster management and access the new Grafana dashboard
