Amazon Distro for OpenTelemetry (ADOT) prerequisites and considerations - Amazon EKS
TLS certificate requirement
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Distro for OpenTelemetry (ADOT) prerequisites and considerations

Before installing the Amazon Distro for OpenTelemetry (ADOT) add-on, you must meet the following prerequisites and considerations.

  • Connected clusters can't use this add-on.

  • Meet the TLS certificate requirement to ensure end-to-end encryption.

  • If installing an add-on version that is v0.62.1 or earlier, grant permissions to Amazon EKS add-ons to install ADOT.

    kubectl apply -f https://amazon-eks.s3.amazonaws.com/docs/addons-otel-permissions.yaml

TLS certificate requirement

The ADOT Operator uses admission webhooks to mutate and validate the Collector Custom Resource (CR) requests. In Kubernetes, the webhook requires a TLS certificate that the API server is configured to trust. There are multiple ways for you to generate the required TLS certificate. However, the default method is to install the latest version of the cert-manager manually. The cert-manager generates a self-signed certificate. For more information on installing cert-manager, see kubectl apply in the cert-manager Documentation.