Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 4. Accessing metrics
4.1. Accessing metrics as an administrator
You can access metrics to monitor the performance of cluster components and your workloads.
4.1.1. Querying metrics for all projects with the OpenShift Dedicated web console
You can use the OpenShift Dedicated metrics query browser to run Prometheus Query Language (PromQL) queries to examine metrics visualized on a plot. This functionality provides information about the state of a cluster and any user-defined workloads that you are monitoring.
As a dedicated-admin or as a user with view permissions for all projects, you can access metrics for all default OpenShift Dedicated and user-defined projects in the Metrics UI.
Only dedicated administrators have access to the third-party UIs provided with OpenShift Dedicated monitoring.
The Metrics UI includes predefined queries, for example, CPU, memory, bandwidth, or network packet for all projects. You can also run custom Prometheus Query Language (PromQL) queries.
Prerequisites
-
You have access to the cluster as a user with the
dedicated-adminrole or with view permissions for all projects. -
You have installed the OpenShift CLI (
oc).
Procedure
-
In the OpenShift Dedicated web console, click Observe
Metrics. To add one or more queries, perform any of the following actions:
Expand Option Description Select an existing query.
From the Select query drop-down list, select an existing query.
Create a custom query.
Add your Prometheus Query Language (PromQL) query to the Expression field.
As you type a PromQL expression, autocomplete suggestions appear in a drop-down list. These suggestions include functions, metrics, labels, and time tokens. Use the keyboard arrows to select one of these suggested items and then press Enter to add the item to your expression. Move your mouse pointer over a suggested item to view a brief description of that item.
Add multiple queries.
Click Add query.
Duplicate an existing query.
Click the options menu
next to the query, then choose Duplicate query.
Disable a query from being run.
Click the options menu
next to the query and choose Disable query.
To run queries that you created, click Run queries. The metrics from the queries are visualized on the plot. If a query is invalid, the UI shows an error message.
Note- When drawing time series graphs, queries that operate on large amounts of data might time out or overload the browser. To avoid this, click Hide graph and calibrate your query by using only the metrics table. Then, after finding a feasible query, enable the plot to draw the graphs.
- By default, the query table shows an expanded view that lists every metric and its current value. Click the ˅ down arrowhead to minimize the expanded view for a query.
- Optional: Save the page URL to use this set of queries again in the future.
Explore the visualized metrics. Initially, all metrics from all enabled queries are shown on the plot. Select which metrics are shown by performing any of the following actions:
Expand Option Description Hide all metrics from a query.
Click the options menu
for the query and click Hide all series.
Hide a specific metric.
Go to the query table and click the colored square near the metric name.
Zoom into the plot and change the time range.
Perform one of the following actions:
- Visually select the time range by clicking and dragging on the plot horizontally.
- Use the menu to select the time range.
Reset the time range.
Click Reset zoom.
Display outputs for all queries at a specific point in time.
Hover over the plot at the point you are interested in. The query outputs appear in a pop-up box.
Hide the plot.
Click Hide graph.
4.1.2. Getting detailed information about a metrics target
You can use the OpenShift Dedicated web console to view, search, and filter the endpoints that are currently targeted for scraping, which helps you to identify and troubleshoot problems. For example, you can view the current status of targeted endpoints to see when OpenShift Dedicated monitoring is not able to scrape metrics from a targeted component.
The Metrics targets page shows targets for user-defined projects.
Prerequisites
-
You have access to the cluster as a user with the
dedicated-adminrole.
Procedure
In the OpenShift Dedicated web console, go to Observe
Targets. The Metrics targets page opens with a list of all service endpoint targets that are being scraped for metrics. This page shows details about targets for default OpenShift Dedicated and user-defined projects. This page lists the following information for each target:
- Service endpoint URL being scraped
-
The
ServiceMonitorresource being monitored - The up or down status of the target
- Namespace
- Last scrape time
- Duration of the last scrape
Optional: To find a specific target, perform any of the following actions:
Expand Option Description Filter the targets by status and source.
Choose filters in the Filter list.
The following filtering options are available:
Status filters:
- Up. The target is currently up and being actively scraped for metrics.
- Down. The target is currently down and not being scraped for metrics.
Source filters:
- Platform. Platform-level targets relate only to default Red Hat OpenShift Service on AWS projects. These projects provide core Red Hat OpenShift Service on AWS functionality.
- User. User targets relate to user-defined projects. These projects are user-created and can be customized.
Search for a target by name or label.
Enter a search term in the Text or Label field next to the search box.
Sort the targets.
Click one or more of the Endpoint Status, Namespace, Last Scrape, and Scrape Duration column headers.
Click the URL in the Endpoint column for a target to go to its Target details page. This page provides information about the target, including the following information:
- The endpoint URL being scraped for metrics
- The current Up or Down status of the target
- A link to the namespace
-
A link to the
ServiceMonitorresource details - Labels attached to the target
- The most recent time that the target was scraped for metrics
4.1.3. Reviewing monitoring dashboards as a cluster administrator
As an administrator, you can view dashboards relating to core OpenShift Dedicated cluster components.
Starting with OpenShift Dedicated 4.19, the perspectives in the web console have unified. The Developer perspective is no longer enabled by default.
All users can interact with all OpenShift Dedicated web console features. However, if you are not the cluster owner, you might need to request permission to access certain features from the cluster owner.
You can still enable the Developer perspective. On the Getting Started pane in the web console, you can take a tour of the console, find information on setting up your cluster, view a quick start for enabling the Developer perspective, and follow links to explore new features and capabilities.
Prerequisites
-
You have access to the cluster as a user with the
dedicated-adminrole.
Procedure
-
In the OpenShift Dedicated web console, go to Observe
Dashboards. - Choose a dashboard in the Dashboard list. Some dashboards, such as etcd and Prometheus dashboards, produce additional sub-menus when selected.
Optional: Select a time range for the graphs in the Time range list.
- Select a predefined time period.
Set a custom time range by clicking Custom time range in the Time range list.
- Input or select the From and To dates and times.
- Click Save to save the custom time range.
- Optional: Select a Refresh interval.
- Hover over each of the graphs within a dashboard to display detailed information about specific items.
4.2. Accessing metrics as a developer
You can access metrics to monitor the performance of your cluster workloads.
4.2.1. Querying metrics for user-defined projects with the OpenShift Dedicated web console
You can use the OpenShift Dedicated metrics query browser to run Prometheus Query Language (PromQL) queries to examine metrics visualized on a plot. This functionality provides information about any user-defined workloads that you are monitoring.
As a developer, you must specify a project name when querying metrics. You must have the required privileges to view metrics for the selected project.
The Metrics UI includes predefined queries, for example, CPU, memory, bandwidth, or network packet. These queries are restricted to the selected project. You can also run custom Prometheus Query Language (PromQL) queries for the project.
Developers cannot access the third-party UIs provided with OpenShift Dedicated monitoring.
Prerequisites
- You have access to the cluster as a developer or as a user with view permissions for the project that you are viewing metrics for.
- You have enabled monitoring for user-defined projects.
- You have deployed a service in a user-defined project.
-
You have created a
ServiceMonitorcustom resource definition (CRD) for the service to define how the service is monitored.
Procedure
-
In the OpenShift Dedicated web console, click Observe
Metrics. To add one or more queries, perform any of the following actions:
Expand Option Description Select an existing query.
From the Select query drop-down list, select an existing query.
Create a custom query.
Add your Prometheus Query Language (PromQL) query to the Expression field.
As you type a PromQL expression, autocomplete suggestions appear in a drop-down list. These suggestions include functions, metrics, labels, and time tokens. Use the keyboard arrows to select one of these suggested items and then press Enter to add the item to your expression. Move your mouse pointer over a suggested item to view a brief description of that item.
Add multiple queries.
Click Add query.
Duplicate an existing query.
Click the options menu
next to the query, then choose Duplicate query.
Disable a query from being run.
Click the options menu
next to the query and choose Disable query.
To run queries that you created, click Run queries. The metrics from the queries are visualized on the plot. If a query is invalid, the UI shows an error message.
Note- When drawing time series graphs, queries that operate on large amounts of data might time out or overload the browser. To avoid this, click Hide graph and calibrate your query by using only the metrics table. Then, after finding a feasible query, enable the plot to draw the graphs.
- By default, the query table shows an expanded view that lists every metric and its current value. Click the ˅ down arrowhead to minimize the expanded view for a query.
- Optional: Save the page URL to use this set of queries again in the future.
Explore the visualized metrics. Initially, all metrics from all enabled queries are shown on the plot. Select which metrics are shown by performing any of the following actions:
Expand Option Description Hide all metrics from a query.
Click the options menu
for the query and click Hide all series.
Hide a specific metric.
Go to the query table and click the colored square near the metric name.
Zoom into the plot and change the time range.
Perform one of the following actions:
- Visually select the time range by clicking and dragging on the plot horizontally.
- Use the menu to select the time range.
Reset the time range.
Click Reset zoom.
Display outputs for all queries at a specific point in time.
Hover over the plot at the point you are interested in. The query outputs appear in a pop-up box.
Hide the plot.
Click Hide graph.
4.2.2. Reviewing monitoring dashboards as a developer
As a developer, you can view dashboards relating to projects you have permissions for.
Starting with OpenShift Dedicated 4.19, the perspectives in the web console have unified. The Developer perspective is no longer enabled by default.
All users can interact with all OpenShift Dedicated web console features. However, if you are not the cluster owner, you might need to request permission to access certain features from the cluster owner.
You can still enable the Developer perspective. On the Getting Started pane in the web console, you can take a tour of the console, find information on setting up your cluster, view a quick start for enabling the Developer perspective, and follow links to explore new features and capabilities.
Prerequisites
- You have access to the cluster as a developer or as a user.
- You have view permissions for the project that you are viewing the dashboard for.
- A cluster administrator has enabled the Developer perspective in the web console.
Procedure
- In the the Developer perspective of the OpenShift Dedicated web console, click Observe and go to the Dashboards tab.
- Select a project from the Project: drop-down list.
- Select a dashboard from the Dashboard drop-down list to see the filtered metrics.
Optional: Select a time range for the graphs in the Time range list.
- Select a predefined time period.
Set a custom time range by clicking Custom time range in the Time range list.
- Input or select the From and To dates and times.
- Click Save to save the custom time range.
- Optional: Select a Refresh interval.
- Hover over each of the graphs within a dashboard to display detailed information about specific items.
4.3. Accessing monitoring APIs by using the CLI
In OpenShift Dedicated, you can access web service APIs for some monitoring components from the command-line interface (CLI).
In certain situations, accessing API endpoints can degrade the performance and scalability of your cluster, especially if you use endpoints to retrieve, send, or query large amounts of metrics data.
To avoid these issues, consider the following recommendations:
- Avoid querying endpoints frequently. Limit queries to a maximum of one every 30 seconds.
-
Do not retrieve all metrics data through the
/federateendpoint for Prometheus. Query the endpoint only when you want to retrieve a limited, aggregated data set. For example, retrieving fewer than 1,000 samples for each request helps minimize the risk of performance degradation.
4.3.1. About accessing monitoring web service APIs
You can directly access web service API endpoints from the command line for the following monitoring stack components:
- Prometheus
- Alertmanager
- Thanos Ruler
- Thanos Querier
To access Thanos Ruler and Thanos Querier service APIs, the requesting account must have get permission on the namespaces resource, which can be granted by binding the cluster-monitoring-view cluster role to the account.
When you access web service API endpoints for monitoring components, be aware of the following limitations:
- You can only use bearer token authentication to access API endpoints.
-
You can only access endpoints in the
/apipath for a route. If you try to access an API endpoint in a web browser, anApplication is not availableerror occurs. To access monitoring features in a web browser, use the OpenShift Dedicated web console to review monitoring dashboards.
4.3.2. Accessing a monitoring web service API
The following example shows how to query the service API receivers for the Alertmanager service used in core platform monitoring. You can use a similar method to access the prometheus-k8s service for core platform Prometheus and the thanos-ruler service for Thanos Ruler.
Prerequisites
-
You are logged in to an account that is bound against the
monitoring-alertmanager-editrole in theopenshift-monitoringnamespace. You are logged in to an account that has permission to get the Alertmanager API route.
NoteIf your account does not have permission to get the Alertmanager API route, a cluster administrator can provide the URL for the route.
Procedure
Extract an authentication token by running the following command:
TOKEN=$(oc whoami -t)
$ TOKEN=$(oc whoami -t)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Extract the
alertmanager-mainAPI route URL by running the following command:HOST=$(oc -n openshift-monitoring get route alertmanager-main -ojsonpath='{.status.ingress[].host}')$ HOST=$(oc -n openshift-monitoring get route alertmanager-main -ojsonpath='{.status.ingress[].host}')Copy to Clipboard Copied! Toggle word wrap Toggle overflow Query the service API receivers for Alertmanager by running the following command:
curl -H "Authorization: Bearer $TOKEN" -k "https://$HOST/api/v2/receivers"
$ curl -H "Authorization: Bearer $TOKEN" -k "https://$HOST/api/v2/receivers"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
4.3.3. Querying metrics by using the federation endpoint for Prometheus
You can use the federation endpoint for Prometheus to scrape platform and user-defined metrics from a network location outside the cluster. To do so, access the Prometheus /federate endpoint for the cluster via an OpenShift Dedicated route.
A delay in retrieving metrics data occurs when you use federation. This delay can affect the accuracy and timeliness of the scraped metrics.
Using the federation endpoint can also degrade the performance and scalability of your cluster, especially if you use the federation endpoint to retrieve large amounts of metrics data. To avoid these issues, follow these recommendations:
- Do not try to retrieve all metrics data via the federation endpoint for Prometheus. Query it only when you want to retrieve a limited, aggregated data set. For example, retrieving fewer than 1,000 samples for each request helps minimize the risk of performance degradation.
- Avoid frequent querying of the federation endpoint for Prometheus. Limit queries to a maximum of one every 30 seconds.
If you need to forward large amounts of data outside the cluster, use remote write instead. For more information, see the Configuring remote write storage section.
Prerequisites
-
You have installed the OpenShift CLI (
oc). You have access to the cluster as a user with the
cluster-monitoring-viewcluster role or have obtained a bearer token withgetpermission on thenamespacesresource.NoteYou can only use bearer token authentication to access the Prometheus federation endpoint.
You are logged in to an account that has permission to get the Prometheus federation route.
NoteIf your account does not have permission to get the Prometheus federation route, a cluster administrator can provide the URL for the route.
Procedure
Retrieve the bearer token by running the following the command:
TOKEN=$(oc whoami -t)
$ TOKEN=$(oc whoami -t)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Get the Prometheus federation route URL by running the following command:
HOST=$(oc -n openshift-monitoring get route prometheus-k8s-federate -ojsonpath='{.status.ingress[].host}')$ HOST=$(oc -n openshift-monitoring get route prometheus-k8s-federate -ojsonpath='{.status.ingress[].host}')Copy to Clipboard Copied! Toggle word wrap Toggle overflow Query metrics from the
/federateroute. The following example command queriesupmetrics:curl -G -k -H "Authorization: Bearer $TOKEN" https://$HOST/federate --data-urlencode 'match[]=up'
$ curl -G -k -H "Authorization: Bearer $TOKEN" https://$HOST/federate --data-urlencode 'match[]=up'Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
TYPE up untyped
# TYPE up untyped up{apiserver="kube-apiserver",endpoint="https",instance="10.0.143.148:6443",job="apiserver",namespace="default",service="kubernetes",prometheus="openshift-monitoring/k8s",prometheus_replica="prometheus-k8s-0"} 1 1657035322214 up{apiserver="kube-apiserver",endpoint="https",instance="10.0.148.166:6443",job="apiserver",namespace="default",service="kubernetes",prometheus="openshift-monitoring/k8s",prometheus_replica="prometheus-k8s-0"} 1 1657035338597 up{apiserver="kube-apiserver",endpoint="https",instance="10.0.173.16:6443",job="apiserver",namespace="default",service="kubernetes",prometheus="openshift-monitoring/k8s",prometheus_replica="prometheus-k8s-0"} 1 1657035343834 ...Copy to Clipboard Copied! Toggle word wrap Toggle overflow
4.3.4. Accessing metrics from outside the cluster for custom applications
You can query Prometheus metrics from outside the cluster when monitoring your own services with user-defined projects. Access this data from outside the cluster by using the thanos-querier route.
This access only supports using a bearer token for authentication.
Prerequisites
- You have deployed your own service, following the "Enabling monitoring for user-defined projects" procedure.
-
You are logged in to an account with the
cluster-monitoring-viewcluster role, which provides permission to access the Thanos Querier API. You are logged in to an account that has permission to get the Thanos Querier API route.
NoteIf your account does not have permission to get the Thanos Querier API route, a cluster administrator can provide the URL for the route.
Procedure
Extract an authentication token to connect to Prometheus by running the following command:
TOKEN=$(oc whoami -t)
$ TOKEN=$(oc whoami -t)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Extract the
thanos-querierAPI route URL by running the following command:HOST=$(oc -n openshift-monitoring get route thanos-querier -ojsonpath='{.status.ingress[].host}')$ HOST=$(oc -n openshift-monitoring get route thanos-querier -ojsonpath='{.status.ingress[].host}')Copy to Clipboard Copied! Toggle word wrap Toggle overflow Set the namespace to the namespace in which your service is running by using the following command:
NAMESPACE=ns1
$ NAMESPACE=ns1Copy to Clipboard Copied! Toggle word wrap Toggle overflow Query the metrics of your own services in the command line by running the following command:
curl -H "Authorization: Bearer $TOKEN" -k "https://$HOST/api/v1/query?" --data-urlencode "query=up{namespace='$NAMESPACE'}"$ curl -H "Authorization: Bearer $TOKEN" -k "https://$HOST/api/v1/query?" --data-urlencode "query=up{namespace='$NAMESPACE'}"Copy to Clipboard Copied! Toggle word wrap Toggle overflow The output shows the status for each application pod that Prometheus is scraping:
The formatted example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note-
The formatted example output uses a filtering tool, such as
jq, to provide the formatted indented JSON. See the jq Manual (jq documentation) for more information about usingjq. - The command requests an instant query endpoint of the Thanos Querier service, which evaluates selectors at one point in time.
-
The formatted example output uses a filtering tool, such as
4.3.5. Resources reference for the Cluster Monitoring Operator
This document describes the following resources deployed and managed by the Cluster Monitoring Operator (CMO):
Use this information when you want to configure API endpoint connections to retrieve, send, or query metrics data.
In certain situations, accessing endpoints can degrade the performance and scalability of your cluster, especially if you use endpoints to retrieve, send, or query large amounts of metrics data.
To avoid these issues, follow these recommendations:
- Avoid querying endpoints frequently. Limit queries to a maximum of one every 30 seconds.
-
Do not try to retrieve all metrics data via the
/federateendpoint. Query it only when you want to retrieve a limited, aggregated data set. For example, retrieving fewer than 1,000 samples for each request helps minimize the risk of performance degradation.
4.3.5.1. CMO routes resources
4.3.5.1.1. openshift-monitoring/alertmanager-main
Expose the /api endpoints of the alertmanager-main service via a router.
4.3.5.1.2. openshift-monitoring/prometheus-k8s
Expose the /api endpoints of the prometheus-k8s service via a router.
4.3.5.1.3. openshift-monitoring/prometheus-k8s-federate
Expose the /federate endpoint of the prometheus-k8s service via a router.
4.3.5.1.4. openshift-user-workload-monitoring/federate
Expose the /federate endpoint of the prometheus-user-workload service via a router.
4.3.5.1.5. openshift-monitoring/thanos-querier
Expose the /api endpoints of the thanos-querier service via a router.
4.3.5.1.6. openshift-user-workload-monitoring/thanos-ruler
Expose the /api endpoints of the thanos-ruler service via a router.
4.3.5.2. CMO services resources
4.3.5.2.1. openshift-monitoring/prometheus-operator-admission-webhook
Expose the admission webhook service which validates PrometheusRules and AlertmanagerConfig custom resources on port 8443.
4.3.5.2.2. openshift-user-workload-monitoring/alertmanager-user-workload
Expose the user-defined Alertmanager web server within the cluster on the following ports:
-
Port 9095 provides access to the Alertmanager endpoints. Granting access requires binding a user to the
monitoring-alertmanager-api-readerrole (for read-only operations) or themonitoring-alertmanager-api-writerrole in theopenshift-user-workload-monitoringproject. -
Port 9092 provides access to the Alertmanager endpoints restricted to a given project. Granting access requires binding a user to the
monitoring-rules-editcluster role ormonitoring-editcluster role in the project. -
Port 9097 provides access to the
/metricsendpoint only. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.3. openshift-monitoring/alertmanager-main
Expose the Alertmanager web server within the cluster on the following ports:
-
Port 9094 provides access to all the Alertmanager endpoints. Granting access requires binding a user to the
monitoring-alertmanager-viewrole (for read-only operations) or themonitoring-alertmanager-editrole in theopenshift-monitoringproject. -
Port 9092 provides access to the Alertmanager endpoints restricted to a given project. Granting access requires binding a user to the
monitoring-rules-editcluster role ormonitoring-editcluster role in the project. -
Port 9097 provides access to the
/metricsendpoint only. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.4. openshift-monitoring/kube-state-metrics
Expose kube-state-metrics /metrics endpoints within the cluster on the following ports:
- Port 8443 provides access to the Kubernetes resource metrics. This port is for internal use, and no other usage is guaranteed.
- Port 9443 provides access to the internal kube-state-metrics metrics. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.5. openshift-monitoring/metrics-server
Expose the metrics-server web server on port 443. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.6. openshift-monitoring/monitoring-plugin
Expose the monitoring plugin service on port 9443. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.7. openshift-monitoring/node-exporter
Expose the /metrics endpoint on port 9100. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.8. openshift-monitoring/openshift-state-metrics
Expose openshift-state-metrics /metrics endpoints within the cluster on the following ports:
- Port 8443 provides access to the OpenShift resource metrics. This port is for internal use, and no other usage is guaranteed.
-
Port 9443 provides access to the internal
openshift-state-metricsmetrics. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.9. openshift-monitoring/prometheus-k8s
Expose the Prometheus web server within the cluster on the following ports:
-
Port 9091 provides access to all the Prometheus endpoints. Granting access requires binding a user to the
cluster-monitoring-viewcluster role. -
Port 9092 provides access to the
/metricsand/federateendpoints only. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.10. openshift-user-workload-monitoring/prometheus-operator
Expose the /metrics endpoint on port 8443. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.11. openshift-monitoring/prometheus-operator
Expose the /metrics endpoint on port 8443. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.12. openshift-user-workload-monitoring/prometheus-user-workload
Expose the Prometheus web server within the cluster on the following ports:
-
Port 9091 provides access to the
/metricsendpoint only. This port is for internal use, and no other usage is guaranteed. -
Port 9092 provides access to the
/federateendpoint only. Granting access requires binding a user to thecluster-monitoring-viewcluster role.
This also exposes the /metrics endpoint of the Thanos sidecar web server on port 10902. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.13. openshift-monitoring/telemeter-client
Expose the /metrics endpoint on port 8443. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.14. openshift-monitoring/thanos-querier
Expose the Thanos Querier web server within the cluster on the following ports:
-
Port 9091 provides access to all the Thanos Querier endpoints. Granting access requires binding a user to the
cluster-monitoring-viewcluster role. -
Port 9092 provides access to the
/api/v1/query,/api/v1/query_range/,/api/v1/labels,/api/v1/label/*/values, and/api/v1/seriesendpoints restricted to a given project. Granting access requires binding a user to theviewcluster role in the project. -
Port 9093 provides access to the
/api/v1/alerts, and/api/v1/rulesendpoints restricted to a given project. Granting access requires binding a user to themonitoring-rules-edit,monitoring-edit, ormonitoring-rules-viewcluster role in the project. -
Port 9094 provides access to the
/metricsendpoint only. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.15. openshift-user-workload-monitoring/thanos-ruler
Expose the Thanos Ruler web server within the cluster on the following ports:
-
Port 9091 provides access to all Thanos Ruler endpoints. Granting access requires binding a user to the
cluster-monitoring-viewcluster role. -
Port 9092 provides access to the
/metricsendpoint only. This port is for internal use, and no other usage is guaranteed.
This also exposes the gRPC endpoints on port 10901. This port is for internal use, and no other usage is guaranteed.
4.3.5.2.16. openshift-monitoring/cluster-monitoring-operator
Expose the /metrics and /validate-webhook endpoints on port 8443. This port is for internal use, and no other usage is guaranteed.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}