Cloud Services

Container Cluster Management

AWS Cloud
Published On Dec 12, 2024 - 2:16 PM

AWS Cloud

Configure an AWS Cloud account view permission for Container Cluster Management to pull data from AWS.
As you embark on optimizing your container clusters, it's essential to establish the right permissions within your AWS Cloud account. By ensuring your AWS Cloud account is properly configured, you gain the invaluable ability to monitor and manage your Elastic Kubernetes Service (EKS) clusters with precision.
Container Cluster Management will only require read-only access to your AWS services, specifically for actions such as
ListClusters
 and
DescribeCluster
. This level of access allows you to maintain a secure environment while still leveraging the full capabilities of Kyndryl's management tools.

Prerequisites

To enable AWS Cloud for CCM you must first configure configure it for the application using the EKS (Elastic Kubernetes Service). Container Cluster Management reads data from AWS services and ReadOnly access is required for the EKS service.

Access rights for Elastic Kubernetes Service(EKS)

Container Cluster Management performs the following actions on Amazon EKS:
  • ListClusters
  • DescribeCluster
The following code example describes a way to create a policy that allows users read-only access to list or describe all clusters:
{
 "Version": "2022-07-10",
 "Statement": [
     {
         "Effect": "Allow",
         "Action": [
             "eks:DescribeCluster",
             "eks:ListClusters"
         ],
         "Resource": "*"
     }
 ]
}

Container Cluster Management Console IAM connection

Once all configuration steps have been completed at a cloud provider level, you must configure the tenant to continue with the data exchange for cluster management.

Pre-requisites

  • Complete the configuration on the Cloud Provider console.
Step 1
 From the Container Cluster Management landing page, select the Main menu or the
Manage IAM
 tile.
Step 2:
 Select Admin then
IAM
.
Step 3:
 On the IAM screen, select the
Connections
 tab from the left panel.
Step 4:
 Select the
Add New
 Drop-down menu.
Step 5:
 Select the
Add a Connection
.
Step 6:
 Select the Technology Category as
Cloud Provider
.
Step 7:
 Select
AWS Cloud
.
Step 8:
 Enter the
Account Number
,
Access Key Id
, and
Access Secret Key
 from the AWS account referred to in the previous section.
To get the account number, refer to the image below:
Step 9:
 Validate your credentials by selecting
Test connection
.
Step 10:
 Once the connection is successful, select
Add
 to create a connection.

Amazon CloudWatch support

Container Cluster Management supports Amazon CloudWatch. Amazon CloudWatch is a service that monitors applications, responds to performance changes, optimizes resource use, and provides insights into operational health. By collecting data across AWS resources, CloudWatch gives visibility into system-wide performance and allows users to set alarms, automatically react to changes, and gain a unified view of operational health.
Users benefit from real-time visibility into their cloud platform to facilitate troubleshooting, ensure availability and minimize impact on business operations.

Configuring Container Cluster Management for CloudWatch

Prerequisites:
  • CMS service fetches the data stored by Cloudwatch Container Insights for AWS clusters. Refer to docs.aws.amazon.com for details.
  • To enable CloudWatch to gather logs and metrics data from AWS clusters, the following two steps are required:
  1. Grant IAM permissions to enable your Amazon EKS worker nodes to send metrics and logs to CloudWatch. Refer to docs.aws.amazon.com for details.
  2. Setup Cloudwatch agent to collect metrics. Refer to docs.aws.amazon.com for details.
The following YAML configuration, containing the query to fetch CPU and Memory stats is added in CMS:
metricbeat.modules:
- module: aws
 period: 48h
 continuous: true
 metricsets:
   - container_insights
 queries:
   - name: "CPUMemoryStats"
     query: "filter Type='Container' | stats max(container_cpu_utilization) as cpu_utilization, max(container_cpu_request) as cpu_request, max(container_cpu_limit) as cpu_limit, max(container_memory_usage) as memory_usage, max(container_memory_limit) as memory_limit, max(container_memory_request) as memory_request, latest(NodeName) as nodeName, latest(Namespace) as namespace, latest(PodName) as podName, latest(ClusterName) as clusterName,latest(kubernetes.pod_owners.0.owner_name) as ownerName,latest(kubernetes.pod_owners.0.owner_kind) as ownerKind,latest(kubernetes.containerd.container_id) as containerID, latest(@logStream) as logStream by kubernetes.container_name as containerName, bin(24h) as timestamp"
Do you have two minutes for a quick survey?
Take Survey