There are plenty of options to implement a fully-fledged observability solution for Kubernetes - self-managed or fully-managed cloud solutions. Here in this blog post we will setup a open-source self-managed observability stack for Kubernetes.

We will deploy and use the following tools:

• Grafana: Dashboards
• Prometheus Operator: Scraping and remote_write to Mimir
• [Mimir]: Scalable Prometheus and long term storage for metrics
• Loki: Logs
• Promtail: Log collector
• Tempo: Tracing

Quickstart

If you don't have a setup to try it out, you can use the following quickstart:

https://github.com/ventx/tf-k8s-eks-grafana-observability

Deployment

Edit bootstrap.hcl according to your setup, configure your Github token and OIDC client secret of your Slack app.

git clone https://github.com/ventx/tf-k8s-eks-grafana-observability.git
 export TF_VAR_github_token=123
 export TF_VAR_oidc_client_secret=123
export AWS_PROFILE=
make all

Deployment takes around ~20 minutes.

Cleanup

If you are done experimenting, simply destroy all resources with:

make destroy

Prometheus Operator

Mimir

Tempo

Loki (and Promtail)

Grafana

Links

• Istio: External Authorization
• Welcome to OAuth2 Proxy | OAuth2 Proxy
• https://events.istio.io/istiocon-2021/slides/d8p-DeepDiveAuthPolicies-LawrenceGadban.pdf
• Alpha Configuration | OAuth2 Proxy
• OpenId Connect Scopes
• SaaS Identity and Routing with Istio Service Mesh and Amazon EKS | Amazon Web Services
• Istio OIDC Authentication | Jetstack Blog
• Istio and OAuth2-Proxy in Kubernetes for microservice authentication
• Alternative to oauth2-proxy: https://github.com/istio-ecosystem/authservice
• Alternative to oauth2-proxy: http://openpolicyagent.org