Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.
Getting started with Grafana Enterprise Metrics on AWS Marketplace
Grafana Enterprise Metrics (GEM) on AWS Marketplace offers a simple and easy way to get production grade GEM clusters up and running in your own Amazon Elastic Kubernetes Service (EKS) cluster.
This page will guide you through the process of deploying GEM through the AWS Marketplace.
Prerequisites
In order to complete the steps described in this guide we require that:
- You have access to an AWS account with sufficient permissions to subscribe to products on the AWS Marketplace as well as permissions to create an IAM role and policy for your service account. For more information, refer to Creating an IAM role and policy for your service account.
- You have a properly sized, and correctly configured and running EKS cluster (Kubernetes 1.18 or higher).
- You have Helm (3.6.0 or newer), the latest version of the AWS
Command Line Interface and
kubectl
installed on your local machine pointing to the correct EKS cluster.
Step 1. Subscribe to GEM on the AWS Marketplace
- Log in to your AWS account.
- Subscribe to the Grafana Enterprise Metrics product on the AWS Marketplace; go to the product overview page, and click the Continue to Subscribe button in the top-right corner of the page.
- Accept the terms and conditions by selecting the Accept Terms button.
- After the process of subscribing completes, from the top-right corner of the page, select Continue to Configuration.
- From the Delivery Method drop-down menu on Configure this software page, select “Helm Chart”.
- From the Software Version drop-down menu, select a version.
- In the upper-right corner, select Continue to Launch. The Launch this software page displays and your subscription set-up process is complete for the Grafana Enterprise Metrics product.
- Select Usage Instructions.
Step 2. Prepare your Kubernetes cluster
Note: Replace any
<PLACEHOLDER_VALUES>
(including the<>
brackets) with your own values:
Create a Kubernetes namespace for your application using the
kubectl
command.kubectl create namespace <NAMESPACE>
Create the image pull secret for the Amazon Elastic Container Registry (ECR).
# get login credentials from AWS and store them in config.json aws ecr get-login-password --region us-east-1 | docker --config . login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com # use config.json to create a Kubernetes image pull secret kubectl --namespace <NAMESPACE> create secret generic ecr --from-file=.dockerconfigjson=config.json --type=kubernetes.io/dockerconfigjson
Set up a Kubernetes ServiceAccount, to allow containers in your EKS cluster to communicate to the relevant AWS services.
For that, create an IAM policy that specifies the required permissions, and attach the policy to a role that is associated with the Kubernetes ServiceAccount under which the Pod runs.
There are multiple ways to create the policy and the role. We recommend to follow the steps of the Amazon EKS User Guide using
eksctl
. Usemarketplace-service-account
as value for the--name
parameter of theeksctl create iamserviceaccount
command. This will be referenced later when configuring the Helm chart.
GEM utilizes the Marketplace Metering
APIs to check
whether your AWS account is subscribed to the Marketplace product and to report usage for billing.
Therefore, the Pod requires permissions for RegisterUsage
and MeterUsage
.
GEM also uses Amazon S3 as the storage backend for TSDB blocks and other meta information.
An example policy contains the required permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowMeteringAccess",
"Effect": "Allow",
"Action": ["aws-marketplace:RegisterUsage", "aws-marketplace:MeterUsage"],
"Resource": "*"
},
{
"Sid": "AllowBucketAccess",
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": [
"arn:aws:s3:::<bucket-admin>",
"arn:aws:s3:::<bucket-admin>/*",
"arn:aws:s3:::<bucket-alertmanager>",
"arn:aws:s3:::<bucket-alertmanager>/*",
"arn:aws:s3:::<bucket-ruler>",
"arn:aws:s3:::<bucket-ruler>/*",
"arn:aws:s3:::<bucket-tsdb>",
"arn:aws:s3:::<bucket-tsdb>/*"
]
},
{
"Sid": "AllowListBuckets",
"Effect": "Allow",
"Action": ["s3:ListAllMyBuckets"],
"Resource": "*"
}
]
}
Warning: If you do not grant the permissions above your Grafana Enterprise Metrics installation will not function! Even though some services will continue to run, others won’t start and any enterprise features are disabled and only Grafana Mimir functionality is available.
Step 3. Prepare a Helm chart
Grafana Metrics Enterprise uses the same Helm chart as Grafana Mimir
- grafana/mimir-distributed. Before continuing, be aware that as part of the mimir-distributed Helm chart pods and services will be installed which all have varying resource requirements. Please make sure that you have sufficient resources (both CPU and memory) available in your EKS cluster or auto-scaling enabled before installing the software stack.
First, add the official grafana
Helm repository and update, so you have the latest versions of the
charts.
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update
In the following instructions we omit the --kube-context
option from helm
commands and assume that the correct
context pointing to your desired EKS cluster is set. You can verify the context by invoking
kubectl config current-context
The output should match your EKS cluster environment.
Step 4. Configure your Helm chart
a. You need a local file that contains the configuration for the Helm chart.
To do this start by creating a new file custom.yaml
with the following contents:
image:
pullSecrets:
# name of the image pull secret created in "Step 2. Prepare your Kubernetes cluster"
- <IMAGE_PULL_SECRET>
serviceAccount:
create: false
name: marketplace-service-account
enterprise:
enabled: true
image:
# Version of Grafana Enterprise Metrics
tag: <IMAGE_TAG>
repository: 709825985650.dkr.ecr.us-east-1.amazonaws.com/grafana-labs/grafana-enterprise-metrics
b. You also need to provide configuration for GEM itself. Start by extracting the default configuration from the mimir-distributed
Helm chart into the mimir-distributed.yaml
file.
The following command requires the Go yq
tool.
helm template <RELEASE NAME> -f <VALUES FILE> grafana/mimir-distributed | yq 'select(.metadata.name == "<RELEASE NAME>-enterprise-metrics-config") | .data."mimir.yaml"' | base64 -d > mimir-distributed.yaml
c. You need to override the storage settings to use S3. Create a new file with the S3 storage
configuration storage.yaml
:
license:
type: aws-marketplace
# https://grafana.com/docs/enterprise-metrics/v2.2.x/config/reference/#blocks_storage_config
blocks_storage:
backend: "s3"
s3:
endpoint: "s3.<AWS_REGION>.amazonaws.com"
bucket_name: "<S3_BUCKET_TSDB>"
# https://grafana.com/docs/enterprise-metrics/v2.2.x/config/reference/#admin_client_config
admin_client:
storage:
type: "s3"
s3:
endpoint: "s3.<AWS_REGION>.amazonaws.com"
bucket_name: "<S3_BUCKET_ADMIN>"
# https://grafana.com/docs/enterprise-metrics/v2.2.x/config/reference/#alertmanager_storage_config
alertmanager_storage:
backend: "s3"
s3:
endpoint: "s3.<AWS_REGION>.amazonaws.com"
bucket_name: "<S3_BUCKET_ALERTMANAGER>"
# https://grafana.com/docs/enterprise-metrics/v2.2.x/config/reference/#ruler_storage_config
ruler_storage:
backend: "s3"
s3:
endpoint: "s3.<AWS_REGION>.amazonaws.com"
bucket_name: "<S3_BUCKET_RULER>"
d. Merge the files containing the default GEM configuration and the storage configuration.
The resulting configuration is the configuration used for GEM itself.
The following command requires the Go yq
tool.
yq '. *= load("storage.yaml")' mimir-distributed.yaml > config.yaml
e. In custom.yaml
, add the contents of the config.yaml
file as the value for the mimir.config
key.
Note: The Grafana Mimir Helm chart expects the configuration as a string value. You can provide a literal block string with the
|
symbol. In your Helm values file:
mimir:
config: |
<CONFIG.YAML CONTENTS>
If you need to configure the deployment further, see Supported contents and default values of the config file.
f. Replace S3_BUCKET_ADMIN
, S3_BUCKET_ALERTMANAGER
, S3_BUCKET_TSDB
,
S3_BUCKET_RULER
, AWS_REGION
, and IMAGE_PULL_SECRET
. Remember to use different buckets for
storing administration objects
(admin_client
), TSDB blocks (blocks_storage
), rules (ruler_storage
) and alertmanager objects
(alertmanager_storage
).
Also, replace <IMAGE_TAG>
key with the GEM version that you selected in the final step of the
Marketplace subscription flow.
Step 5. Install your Helm chart
To account for different ingestion and querying requirements, the Helm chart contains configurations for different scale values for different cluster sizes. You can use one of the following configurations as is or as a starting point to configure your cluster size:
If you are unsure about sizing, use the capped-small
configuration. However, use the
capped-large
configuration for production workloads. Only adjust values if you already have
experience with GEM.
Run:
helm install <NAME> \
grafana/mimir-distributed \
--namespace <NAMESPACE> \
--values https://raw.githubusercontent.com/grafana/mimir/main/operations/helm/charts/mimir-distributed/capped-large.yaml \
--values custom.yaml \
--no-hooks
After deploying the resources using the helm install
command it can take a few minutes before all
the services are running. To verify that your installation succeeded, watch the rollout of the pods
of Deployments and StatefulSets.
$ kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
<NAME>-mimir-gateway 2/2 2 2 72s
<NAME>-mimir-admin-api 1/1 1 1 72s
<NAME>-mimir-distributor 2/2 2 2 72s
<NAME>-mimir-overrides-exporter 1/1 1 1 72s
<NAME>-mimir-querier 1/1 1 1 72s
<NAME>-mimir-query-frontend 1/1 1 1 72s
<NAME>-mimir-ruler 1/1 1 1 72s
$ kubectl get statefulsets
NAME READY AGE
<NAME>-memcached-queries 2/2 9m34s
<NAME>-memcached-metadata 2/2 9m34s
<NAME>-memcached 2/2 9m34s
<NAME>-mimir-alertmanager 1/1 100s
<NAME>-mimir-compactor 1/1 100s
<NAME>-mimir-store-gateway 1/1 100s
<NAME>-mimir-ingester 3/3 100s
Note: Depending on your cluster size, the number of replicas might differ from the preceding output.
After all Deployment and StatefulSet instances are ready, you can verify the integrity of the GEM cluster by querying metrics that are emitted from self-monitoring. Refer to self-monitoring verification.
The AWS Marketplace version of Grafana Enterprise Metrics does not contain a web-based frontend. If you need one, install Grafana Enterprise and the GEM plugin. Refer to Set up the GEM plugin for Grafana.
Billing
The GEM product is billed by consumption with a single usage dimension “CPU time”. CPU time is
defined by the amount of provisioned CPU cores (value of GOMAXPROCS
as exposed by Prometheus
metric cortex_quota_gomaxprocs
) times the hours that the product is running. Each Pod that runs as
part of the product contributes to the overall usage, meaning that scaling up will also result in
higher consumption.
The minimum CPU per container is 1
, even if Kubernetes resource limits are set to a fraction of a
CPU (below 1000m
) for a Pod. If you don’t set any CPU resource limits on containers, GEM will use
the number of physical CPU cores as reported by Golang’s GOMAXPROCS
. If Kubernetes resource limits
are set, GOMAXPROCS
is automatically set to the next highest integer value of the CPU limit. If
you do not want to set CPU limits on Kubernetes (kernel level), but still want to limit CPU usage,
you can still override the GOMAXPROCS
value by providing the GOMAXPROCS
environment variable in
the Helm chart deployment.