Professional Documents
Culture Documents
EKS Thanos and S3
EKS Thanos and S3
EKS Thanos and S3
Overview
Thanos is an open source project that is capable of integrating with a Prometheus deployment, enabling a highly available
metrics system with long-term storage.
Thanos Components
Thanos Sidecar: Sidecar runs with every Prometheus instance. The sidecar uploads Prometheus data every two hours to
storage. It also serves real-time metrics that are not uploaded in bucket.
Thanos Querier: Querier has a user interface similar to that of prometheus and it handles prometheus query API. Querier
queries Store and Sidecar to return the relevant metrics. Ig there are multiple Prometheus instances setup for HA, it can
also de-duplicate the metrics.
We can also install Thanos Compactor, which applied compaction procedure to Prometheus block data stored in an S3 bucket.
It is also responsible for downsampling of data.
Prerequisites
AWS Account with adequate permissions to operate IAM roles, IAM Policy, Amazon EKS and Amazon S3.
Helm 3.x
AWS CLI
Confirm that all Thanos components are installed in the same Kubernetes namespace as Prometheus
Clone the Kubernetes manifests for Thanos Querier and store Deployment steps:
https://github.com/thanos-io/kube-thanos/tree/master/examples/all/manifests
Deployment Overview
Before beginning with Thanos deployment, we configure an S3 bucket to use as object storage and create IAM policy required
to access this bucket.
2. Create an IAM policy to attach to the IAM role to give access to ServiceAccount used by Prometheus Pod.
{
"Version": "2012-10-17",
"Statement": {
"Sid": "BucketPolicy",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::thanos-metrics-s3storage/*",
"arn:aws:s3:::thanos-metrics-s3storage"
]
}
}
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: thanosdemo
region: us-west-2
version: '1.16'
iam:
withOIDC: true
serviceAccounts:
- metadata:
name: prometheus-prometheus-oper-prometheus
namespace: monitoring
labels: {aws-usage: "application"}
attachPolicyARNs:
- "arn:aws:iam::454014481298:policy/thanos-metrics-s3storage-policy"
managedNodeGroups:
- name: ng0
minSize: 1
maxSize: 3
desiredCapacity: 2
ssh:
allow: true
publicKeyName: thanosdemo
labels: {role: mngworker}
iam:
withAddonPolicies:
imageBuilder: true
autoScaler: true
externalDNS: true
certManager: true
ebs: true
albIngress: true
xRay: true
cloudWatch: true
appMesh: true
cloudWatch:
clusterLogging:
enableTypes: ["*"]
2. The prometheus-operator chat creates the Kubernetes resources required to run Prometheus as part of the installation. We
must disable ServiceAccount creation for the Prometheus POD as ServiceAccount prometheus-prometheus-oper-
prometheus was created during the cluster install.
thanos:
baseImage: quay.io/thanos/thanos
version: v0.12.2
objectStorageConfig:
key: thanos-storage-config.yaml
name: thanos-storage-config
4. Configure ObjectStorageConfig witht the configuration file with the command thanos-storage-config.yaml :
type: s3
config:
bucket: thanos-metrics-s3storage #S3 bucket name
endpoint: s3.us-west-2.amazonaws.com #S3 Regional endpoint
encryptsse: true
1. Add metric store configuration as thanos-query-deployment.yaml under spec.spec.containers args query section.
--store=thanos-store.monitoring.svc.cluster.local:10901
--store=prometheus-operated.monitoring.svc.cluster.local:10901