Red Hat SummitYou are viewing documentation for a release that is no longer maintained. To view the documentation for the most recent version, see the latest RHACS docs.
Chapter 12. Monitoring with Prometheus
Prometheus is an open-source monitoring and alerting platform. You can use it to monitor health and availability of Central and Sensor components of Red Hat Advanced Cluster Security for Kubernetes.
12.1. Enabling monitoring
Before you can monitor Red Hat Advanced Cluster Security for Kubernetes, you must enable monitoring.
Procedure
Patch the services to expose the port number
9090.Patch the Sensor service:
oc -n stackrox patch svc/sensor -p '{"spec":{"ports":[{"name":"monitoring","port":9090,"protocol":"TCP","targetPort":9090}]}}'$ oc -n stackrox patch svc/sensor -p '{"spec":{"ports":[{"name":"monitoring","port":9090,"protocol":"TCP","targetPort":9090}]}}'1 Copy to Clipboard Copied! - 1
- If you use Kubernetes, enter
kubectlinstead ofoc.
Patch the Central service:
oc -n stackrox patch svc/central -p '{"spec":{"ports":[{"name":"monitoring","port":9090,"protocol":"TCP","targetPort":9090}]}}'$ oc -n stackrox patch svc/central -p '{"spec":{"ports":[{"name":"monitoring","port":9090,"protocol":"TCP","targetPort":9090}]}}'Copy to Clipboard Copied!
Modify network policies to allow ingress.
oc apply -f - <<EOF apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: app.kubernetes.io/name: stackrox name: allow-monitoring namespace: stackrox spec: ingress: - ports: - port: 9090 protocol: TCP podSelector: matchExpressions: - {key: app, operator: In, values: [central, sensor, collector]} policyTypes: - Ingress EOF$ oc apply -f - <<EOF1 apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: app.kubernetes.io/name: stackrox name: allow-monitoring namespace: stackrox spec: ingress: - ports: - port: 9090 protocol: TCP podSelector: matchExpressions: - {key: app, operator: In, values: [central, sensor, collector]} policyTypes: - Ingress EOFCopy to Clipboard Copied! - 1
- If you use Kubernetes, enter
kubectlinstead ofoc.
12.1.1. Customizing the default port
To customize the port used for Prometheus metrics in Red Hat Advanced Cluster Security for Kubernetes Central and Sensor, you can use the ROX_METRICS_PORT environment variable.
Procedure
Set the
ROX_METRICS_PORTenvironment variable:oc -n stackrox set env deploy/central ROX_METRICS_PORT=<value>
$ oc -n stackrox set env deploy/central ROX_METRICS_PORT=<value>1 Copy to Clipboard Copied! - 1
- If you use Kubernetes, enter
kubectlinstead ofoc.
You can specify the <value> for the ROX_METRICS_PORT environment variable as:
-
disabledto disable monitoring. -
:<port_number>to bind it to a wildcard address. -
<address>:<port_number>to use specific address and port number. You can also specify an IPv6 address by using square brackets, for example,[2001:db8::1234]:9090.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}