Grafana for Amazon EKS on AWS

Partner Solution Deployment Guide

QS

August 2023
Sumit Joshi and Jay McConnell, AWS

Refer to the GitHub repository to view source files, report bugs, submit feature ideas, and post feedback about this Partner Solution. To comment on the documentation, refer to Feedback.

This Partner Solution was created by Amazon Web Services (AWS). Partner Solutions are automated reference deployments that help people deploy popular technologies on AWS according to AWS best practices. If you’re unfamiliar with AWS Partner Solutions, refer to the AWS Partner Solution General Information Guide.

Overview

This guide provides instructions for deploying the Grafana Partner Solution into Amazon Elastic Kubernetes Service (Amazon EKS).

This Partner Solution deploys Grafana open-source visualization and resource-monitoring software for Amazon EKS. It deploys Grafana workspaces for you, and manages their provisioning, setup, scaling, and maintenance. You can focus instead on creating and sharing dashboards and visualizations to analyze your metrics, logs, and traces.

It is for developers, DevOps, security teams, and roles within an organization for building, deploying, and maintaining Amazon EKS applications.

Costs and licenses

There is no cost to use this Partner Solution, but you will be billed for any AWS services or resources that this Partner Solution deploys. For more information, refer to the AWS Partner Solution General Information Guide.

Grafana is an open source project licensed under the Apache 2.0 license.

Architecture

Deploying this Partner Solution with default parameters builds the following Grafana environment in the AWS Cloud.

Architecture
Figure 1. Partner Solution architecture for Grafana on AWS

  • A Kubernetes namespace for Grafana.

  • A Classic Load Balancer to route traffic to the Grafana pod.

  • A Grafana deployment containing a single pod.

  • An Amazon Elastic Block Store (Amazon EBS) volume.

Deployment options

This Partner Solution provides the following deployment options:

This Partner Solution provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks and Grafana settings.

Predeployment steps

(Optional) Amazon EKS cluster

If you deploy your cluster into an existing Amazon EKS cluster that was not created by the Amazon EKS on the AWS Cloud Partner Solution, you must configure your cluster to allow this Partner Solution to manage it. For more information, see the Deployment steps section.

Deployment steps

  1. Sign in to your AWS account, and launch this Partner Solution, as described under Deployment options. The AWS CloudFormation console opens with a prepopulated template.

  2. Choose the correct AWS Region, and then choose Next.

  3. On the Create stack page, keep the default setting for the template URL, and then choose Next.

  4. On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.

    Unless you’re customizing the Partner Solution templates or are instructed otherwise in this guide’s Predeployment section, don’t change the default settings for the following parameters: QSS3BucketName, QSS3BucketRegion, and QSS3KeyPrefix. Changing the values of these parameters will modify code references that point to the Amazon Simple Storage Service (Amazon S3) bucket name and key prefix. For more information, refer to the AWS Partner Solutions Contributor’s Guide.

  5. On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next.

  6. On the Review page, review and confirm the template settings. Under Capabilities, select all of the check boxes to acknowledge that the template creates AWS Identity and Access Management (IAM) resources that might require the ability to automatically expand macros.

  7. Choose Create stack. The stack takes about 45-60 minutes to deploy.

  8. Monitor the stack’s status, and when the status is CREATE_COMPLETE, the Grafana for Amazon EKS deployment is ready.

  9. To view the created resources, choose the Outputs tab.

Postdeployment steps

  1. From the Outputs section of the stack, note the KubernetesRoleArn and HelmRoleArn roles.

  2. Add the roles to the aws-auth config map in your cluster, specifying system:masters for the groups. This allows the Quick Start to manage your cluster via AWS CloudFormation. For more information, see Managing users or IAM roles for your cluster.

Test the deployment

Test from a network with access to the Kubernetes API, as configured by the Amazon EKS public access endpoint and Kubernetes API public access CIDR parameters. For more information, see Installing kubectl. If you enabled the optional bastion host, you can connect to it using SSH (Secure Shell). Use the key pair that you specified during deployment and the IP address from the Outputs tab of the AWS CloudFormation stack. The bastion host already has Kubectl installed and configured so that it connects to the cluster. To test the CLI, connect to the cluster, and run the following command.

  1. In the AWS CloudFormation console, choose the Outputs tab and retrieve the URL from the /GrafanaURL output.

  2. Retrieve the password for the Grafana UI using the following Kubectl command:

`kubectl get secret --namespace default grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo`

  1. Navigate to the console URL from step 1, and log in using admin as the user and the password from step 2.

  2. Choose Configuration and then Data Sources.

  3. Choose Prometheus and then Test. This should return the message Data source is working.

Best practices for using Grafana on Amazon EKS

For dashboard best practices and observability strategies, see Best practices in the Grafana documentation.

Security

For Grafana security precautions, see Security in the Grafana documentation.

Troubleshooting

For troubleshooting common Partner Solution issues, refer to the AWS Partner Solution General Information Guide and Troubleshooting CloudFormation.

Other useful information

Customer responsibility

After you deploy a Partner Solution, confirm that your resources and services are updated and configured—including any required patches—to meet your security and other needs. For more information, refer to the Shared Responsibility Model.

Feedback

To submit feature ideas and report bugs, use the Issues section of the GitHub repository for this Partner Solution. To submit code, refer to the Partner Solution Contributor’s Guide. To submit feedback on this deployment guide, use the following GitHub links:

Notices

This document is provided for informational purposes only. It represents current AWS product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided "as is" without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at https://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "as is" basis, without warranties or conditions of any kind, either expressed or implied. Refer to the License for specific language governing permissions and limitations.