Enabling Monitoring for Attached Clusters

Prerequisites

An attached cluster has been registered with UCS. For details, see Overview.

Preparing the Network Environment

There are two options, public network and private network, for data access of an attached cluster.

• The public network features flexibility, cost-effectiveness, and easy access. If network quality is not a concern and simpler access is preferred, public network access is a good choice.

  This option is only available for clusters that can access the public network.

• The private network features high speed, low latency, and security. After you connect the private network of a third-party cloud to the cloud network over Direct Connect or VPN, you can use a VPC endpoint to access CIA over the private network.
  Figure 1 Private network access diagram
  

  Before enabling this function, you need to prepare a VPC and connect the network environment of the third-party cloud vendor to the VPC. The VPC subnet CIDR block cannot overlap with the network CIDR block used by the third-party cloud. Otherwise, the cluster cannot be connected. For example, if the VPC subnet used by the third-party cloud is 192.168.1.0/24, the subnet 192.168.1.0/24 cannot be used in the Huawei Cloud VPC.

  Use either of the following methods to connect the network:

  • VPN: See Connecting an On-Premises Data Center to a VPC Through a VPN.
  • Direct Connect: See Accessing a VPC over a Single Connection Through Static Routes or Accessing a VPC over a Single Connection Through BGP Routes.

Enabling Monitoring

1. Log in to the UCS console. In the navigation pane on the left, choose Container Intelligent Analysis.
2. Select a fleet or a cluster not in the fleet, and click Enable Monitoring.
   Figure 2 Selecting a fleet or a cluster not in the fleet
   

3. Select an attached cluster.
4. Click Next: Configure Connection to complete the network settings.
   • Data Access: Select Public access or Private access.
   • Data Reported To: Select the region where data is reported. The region must be the same as that of the VPC connected to the third-party cloud network.
   • Project: If the IAM project function is enabled, you also need to select a project.
   • Private access: This parameter is mandatory when Data Access is set to Private access.

     To connect to the data reporting and receiving point of CIA, you can create a VPC endpoint in the VPC that has been connected to the private network of the third-party cloud. You can select an existing private network access point. If you create a private network access point, you will be billed 0.1 CNY/hour for VPCEP resources.

     When you create a private network access point, a VPC endpoint and a DNS private domain name will be generated. Ensure that the Huawei Cloud account has corresponding resource quotas. In addition, ensure that the subnet selected on the page has available IP addresses.

5. Complete metric collection settings.

   Specifications

   • Deployment Mode: The Agent and Server modes are supported. The Agent mode occupies fewer cluster resources and provides the Prometheus metric collection capability for the cluster. However, the HPA and health diagnosis functions based on custom Prometheus statements are not supported. The Server mode provides the Prometheus metric collection capability for clusters and supports HPA and health diagnosis based on custom Prometheus statements. This mode depends on PVC and consumes a large amount of memory.
   • Add-on Specifications: If Deployment Mode is set to Agent, the default add-on specifications are used. If Deployment Mode is set to Server, the add-on specifications include Demo (≤ 100 containers), Small (≤ 2,000 containers), Medium (≤ 5,000 containers), and Large (> 5,000 containers). Different specifications have different requirements on cluster resources, such as CPUs and memory. For details about the resource quotas of different add-on specifications, see Resource Quota Requirements of Different Specifications..

   Parameters

   • Interconnection Mode: Currently, only AOM can be interconnected.
   • AOM Instance: Container monitoring reports metrics to AOM in a unified manner. Therefore, you need to select an AOM Prometheus for CCE instance. The default metrics are collected for free but custom metrics are billed by AOM. For details, see AOM Billing.
   • Collection Period: period for Prometheus to collect and report metrics. The value ranges from 10 to 60 seconds. The default value is 15 seconds.
   • Storage: used to temporarily store Prometheus data. This parameter is mandatory when Deployment Mode is set to Server.
     • Storage Type: Attached clusters support emptyDir and local-storage.

       If emptyDir is used, Prometheus data will be stored in the pod. Ensure that the storage volume mounted to the container on the node scheduled by prometheus-server-0 is no less than the entered capacity.

       If local-storage is used, the monitoring namespace (if it does not exist) and PVs and PVCs of the local-storage type will be created in your cluster. Ensure that the entered directory exists on the specified node and the path capacity is sufficient.

     • Capacity: capacity specified when a PVC is created or the maximum storage limit when the pod storage is selected.

   For details about the add-on, see kube-prometheus-stack.

6. Click Confirm. The Container Insights > Clusters page is displayed. The access status of the cluster is Installing.

   After monitoring is enabled for the cluster, metrics such as the CPU usage and CPU allocation rate of the cluster are displayed in the list, indicating that the cluster is monitored by CIA.

   

   If monitoring fails to be enabled for the cluster, rectify the fault by referring to FAQs.