Red Hat SummitChapter 13. Monitoring with Prometheus
Prometheus is an open-source monitoring and alerting platform. You can use it to monitor health and availability of Central and Sensor components of Red Hat Advanced Cluster Security for Kubernetes.
13.1. Enabling monitoring
Before you can monitor Red Hat Advanced Cluster Security for Kubernetes, you must enable monitoring.
Procedure
Patch the services to expose the port number
9090.Patch the Sensor service:
$ oc -n stackrox patch svc/sensor -p '{"spec":{"ports":[{"name":"monitoring","port":9090,"protocol":"TCP","targetPort":9090}]}}' 1- 1
- If you use Kubernetes, enter
kubectlinstead ofoc.
Patch the Central service:
$ oc -n stackrox patch svc/central -p '{"spec":{"ports":[{"name":"monitoring","port":9090,"protocol":"TCP","targetPort":9090}]}}'
Modify network policies to allow ingress.
$ oc apply -f - <<EOF 1 apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: app.kubernetes.io/name: stackrox name: allow-monitoring namespace: stackrox spec: ingress: - ports: - port: 9090 protocol: TCP podSelector: matchExpressions: - {key: app, operator: In, values: [central, sensor, collector]} policyTypes: - Ingress EOF- 1
- If you use Kubernetes, enter
kubectlinstead ofoc.
13.1.1. Customizing the default port
To customize the port used for Prometheus metrics in Red Hat Advanced Cluster Security for Kubernetes Central and Sensor, you can use the ROX_METRICS_PORT environment variable.
Procedure
Set the
ROX_METRICS_PORTenvironment variable:$ oc -n stackrox set env deploy/central ROX_METRICS_PORT=<value> 1- 1
- If you use Kubernetes, enter
kubectlinstead ofoc.
You can specify the <value> for the ROX_METRICS_PORT environment variable as:
-
disabledto disable monitoring. -
:<port_number>to bind it to a wildcard address. -
<address>:<port_number>to use specific address and port number. You can also specify an IPv6 address by using square brackets, for example,[2001:db8::1234]:9090.
