AWS Distro for OpenTelemetry

Requirements for Getting Started with AWS Distro for OpenTelemetry using EKS Add-Ons

Requirements for Getting Started with AWS Distro for OpenTelemetry using EKS Add-Ons

ADOT requirements

  • Support for Windows Nodes is not currently available.

  • Connected clusters can't use this add-on.

  • kubectl is installed

    • There is no specified version, but will be dependent on your cluster’s Kubernetes version (see section below)
  • eksctl is installed

  • Your cluster should be on Kubernetes version 1.21 or higher. You can verify the version you’re running with the following command:

kubectl version | grep "Server Version"
  • Make sure that you can use kubectl with your EKS cluster by updating your kubeconfig if necessary:
aws eks update-kubeconfig --name cluster_name --region YOUR_AWS_REGION
  • AWS CLI v2 is installed

  • Grant permissions to Amazon EKS Add-ons to install ADOT with the command below. For more information, see this article on RBAC Authorization. Note that these permissions are only needed if installing an add-on version that is v0.62.1 or before.

kubectl apply -f https://amazon-eks.s3.amazonaws.com/docs/addons-otel-permissions.yaml
  • Meet the TLS certificate requirement as described in the following section. We recommend using the latest cert-manager version.

TLS Certificate Requirement

The ADOT Operator uses admission webhooks to mutate and validate the Collector Custom Resource (CR) requests. In Kubernetes, the webhook requires a TLS certificate that the API server is configured to trust. There are multiple ways for you to generate the required TLS certificate, but the default method is to install the latest version of the cert-manager manually.The cert-manager will generate a self-signed certificate. See cert-manager installation for more details.

To learn more about certificate management, please read the TLS certificate-related issues section of this blog post. This post provides more information regarding not just the cert-manager, but the ADOT Operator as well.

Install cert manager

  1. Install cert-manager with the command:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml
  1. Check that cert-manager is ready with the following command:
kubectl get pod -w -n cert-manager

Output:

NAME READY STATUS RESTARTS AGE
cert-manager-5597cff495-mnb2p 1/1 Running 0 12s
cert-manager-cainjector-bd5f9c764-8jp5g 1/1 Running 0 12s
cert-manager-webhook-5f57f59fbc-h9st8 1/1 Running 0 12s

Previous Topic: Introduction

Next Topic: Installation