Amazon Distro for OpenTelemetry (ADOT) prerequisites and considerations

Before installing the Amazon Distro for OpenTelemetry (ADOT) add-on, you must meet the following prerequisites and considerations.

Connected clusters can't use this add-on.
Meet the TLS certificate requirement to ensure end-to-end encryption.
If installing an add-on version that is v0.62.1 or earlier, grant permissions to Amazon EKS add-ons to install ADOT.
```
kubectl apply -f https://amazon-eks.s3.amazonaws.com/docs/addons-otel-permissions.yaml
```

TLS certificate requirement

The ADOT Operator uses admission webhooks to mutate and validate the Collector Custom Resource (CR) requests. In Kubernetes, the webhook requires a TLS certificate that the API server is configured to trust. There are multiple ways for you to generate the required TLS certificate. However, the default method is to install the latest version of the cert-manager manually. The cert-manager generates a self-signed certificate.

Installing cert-manager

Install cert-manager using the following command. This creates the necessary cert-manager objects that allow end-to-end encryption. This must be done for each cluster that will have ADOT installed.
```
kubectl apply -f \
https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml
```

Verify that cert-manager is ready using the following command.


kubectl get pod -w -n cert-manager

The example output is as follows.


NAME READY  STATUS RESTARTS  AGE
cert-manager-5597cff495-mnb2p  1/1  Running  0 12d
cert-manager-cainjector-bd5f9c764-8jp5g  1/1  Running  0 12d
cert-manager-webhook-5f57f59fbc-h9st8  1/1  Running  0 12d

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Amazon EKS add-on support for ADOT Operator

Create an IAM role