The Prometheus monitoring module: configuration

• Updates from version 1 to 2:

  Remove the .auth.password field. If the .auth object becomes empty after this change, delete it.

Schema version: 2

• settings

  object
  • settings.auth

    object

    Options related to authentication or authorization in the application.

    • settings.auth.allowedUserEmails

      array of strings

      An array of emails of users that can access module’s public web interfaces.

      This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.

    • settings.auth.allowedUserGroups

      array of strings

      An array of user groups that can access Grafana & Prometheus.

      This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.

      Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.

    • settings.auth.externalAuthentication

      object

      Parameters to enable external authentication based on the NGINX Ingress external-auth mechanism that uses the Nginx auth_request module.

      External authentication is enabled automatically if the user-authn module is enabled.

      • settings.auth.externalAuthentication.authSignInURL

        string

        The URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response code).

        Example:

        authSignInURL: https://example.com/dex/sign_in
        

      • settings.auth.externalAuthentication.authURL

        string

        The URL of the authentication service. If the user is authenticated, the service should return an HTTP 200 response code.

        Example:

        authURL: https://example.com/dex/auth
        

    • settings.auth.satisfyAny

      boolean

      Enables single authentication.

      If used together with the whitelistSourceRanges parameter, it authorizes all the users from above networks (no need to enter a username and password).

      Default: false

      Example:

      satisfyAny: true
      

    • settings.auth.whitelistSourceRanges

      array of strings

      An array if CIDRs that are allowed to authenticate in Grafana & Prometheus.

      Example:

      whitelistSourceRanges:
      - 1.1.1.1/32
      

  • settings.externalLabels

    object

    The set of external labels to add to the metrics.

    It’s possible to expand the environment variables of the config-reloader container in external labels such as:

    • HOSTNAME/POD_NAME - contains the name of the pod (for example prometheus-main-0, prometheus-main-1, etc.).
    • SHARD - contains the shard number.

    Example:

    externalLabels:
      prometheus_replica: "$(POD_NAME)"
      shard: "$(SHARD)"
      hostname: "$(HOSTNAME)"
    

  • settings.grafana

    object

    Grafana installation-related settings.

    • settings.grafana.customPlugins

      array of strings

      A list of custom Grafana plugins. Contains plugin names from the official repository.

      Here is how you can add custom plugins (in this case, clickhouse-datasource and flowcharting-panel plugins are used):

      grafana:
        customPlugins:
        - agenty-flowcharting-panel
        - vertamedia-clickhouse-datasource
      

      You can also install plugins from other sources by passing a link to the plugin zip archive in the format <url to plugin zip>;<plugin name>:

      grafana:
        customPlugins:
        - http://10.241.32.16:3000/netsage-bumpchart-panel-1.1.1.zip;netsage-bumpchart-panel
      

      Example:

      customPlugins:
      - agenty-flowcharting-panel
      - vertamedia-clickhouse-datasource
      

    • settings.grafana.enabled

      boolean

      Enables Grafana deploy in the cluster.

      Default: true

      Example:

      enabled: false
      

    • settings.grafana.useDarkTheme

      boolean

      The dark theme is enabled by default.

      Default: false

      Example:

      useDarkTheme: true
      

  • settings.highAvailability

    boolean

    Manually enable the high availability mode.

    By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.

    Example:

    highAvailability: true
    

  • settings.https

    object

    What certificate type to use with Grafana/Prometheus.

    This parameter completely overrides the global.modules.https settings.

    Examples:

    https:
      mode: CustomCertificate
      customCertificate:
        secretName: foobar
    

    https:
      mode: CertManager
      certManager:
        clusterIssuerName: letsencrypt
    

    • settings.https.certManager

      object
      • settings.https.certManager.clusterIssuerName

        string

        What ClusterIssuer to use for Grafana/Prometheus.

        Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

        Default: letsencrypt

    • settings.https.customCertificate

      object
      • settings.https.customCertificate.secretName

        string

        The name of the secret in the d8-system namespace to use with Grafana/Prometheus.

        This secret must have the kubernetes.io/tls format.

        Default: false

    • settings.https.mode

      string

      The HTTPS usage mode:

      • Disabled — Grafana/Prometheus will work over HTTP only;
      • CertManager — Grafana/Prometheus will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
      • CustomCertificate — Grafana/Prometheus will use HTTPS using the certificate from the d8-system namespace.
      • OnlyInURI — Grafana/Prometheus will work over HTTP (thinking that there is an external HTTPS load balancer in front that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme. Load balancer should provide a redirect from HTTP to HTTPS.

      Default: Disabled

      Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

  • settings.ingressClass

    string

    The class of the Ingress controller used for Grafana/Prometheus.

    An optional parameter. By default, the modules.ingressClass global value is used.

    Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

    Example:

    ingressClass: public
    

  • settings.longtermMaxDiskSizeGigabytes

    Deprecated

    integer

    Deprecated and will be removed. Doesn’t affect anything.

  • settings.longtermNodeSelector

    object

    The same as in the Pods’ spec.nodeSelector parameter in Kubernetes.

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    longtermNodeSelector:
      disktype: ssd
    

  • settings.longtermPodAntiAffinity

    string

    Defines the podAntiAffinity configuration for the Prometheus longterm instance relative to the Prometheus main instance.

    • Preferred — allows scheduling Prometheus longterm instance alongside the Prometheus main instance if it is not possible to place them on different nodes.
    • Required — does not allow scheduling Prometheus longterm instance on the same node as the Prometheus main instance.

    Default: Preferred

    Allowed values: Preferred, Required

  • settings.longtermRetentionDays

    integer

    How long to keep the data in longterm Prometheus.

    Setting this parameter to 0 will result in Longterm Prometheus not running in the cluster.

    Default: 1095

  • settings.longtermScrapeInterval

    string

    Sets the interval for making “data snapshots” of the main Prometheus by the longterm Prometheus.

    Default: 5m

  • settings.longtermStorageClass

    string

    The name of the StorageClass to use for Longterm Prometheus.

    If omitted, the StorageClass of the existing Longterm Prometheus PVC is used. If there is no PVC yet, the StorageClass will be used according to the global storageClass parameter setting.

    The global storageClass parameter is only considered when the module is enabled. Changing the global storageClass parameter while the module is enabled will not trigger disk re-provisioning.

    Warning. Specifying a value different from the one currently used (in the existing PVC) will result in disk re-provisioning and all data will be deleted.

    Warning. When migrating Prometheus with local storage to other nodes, the pod will hang in the Pending state. In this case, it will be necessary to save the Prometheus database, delete the old PVC and restart the pod manually. Local storage refers to a StorageClass that is associated not with network storage, but with a local volume on a node (for example, StorageClass created by the local-path-provider module).

    If false is specified, emptyDir will be forced to be used.

    Example:

    longtermStorageClass: ceph-ssd
    

  • settings.longtermTolerations

    array of objects

    The same as in the Pods’ spec.tolerations parameter in Kubernetes;

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    longtermTolerations:
    - key: key1
      operator: Equal
      value: value1
      effect: NoSchedule
    

    • settings.longtermTolerations.effect

      string
    • settings.longtermTolerations.key

      string
    • settings.longtermTolerations.operator

      string
    • settings.longtermTolerations.tolerationSeconds

      integer
    • settings.longtermTolerations.value

      string
  • settings.mainMaxDiskSizeGigabytes

    Deprecated

    integer

    Deprecated and will be removed. Doesn’t affect anything.

  • settings.nodeSelector

    object

    The same as in the Pods’ spec.nodeSelector parameter in Kubernetes.

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    nodeSelector:
      disktype: ssd
    

  • settings.retentionDays

    integer

    How long to keep the data.

    Default: 15

  • settings.scrapeInterval

    string

    Sets the interval for scraping metrics from targets.

    Evaluation Interval is always equal to scrapeInterval.

    Default: 30s

    Pattern: ^([\d]*y)?([\d]*w)?([\d]*d)?([\d]*h)?([\d]*m)?([\d]*s)?$

  • settings.storageClass

    string

    The name of the StorageClass to use for Longterm Prometheus.

    If omitted, the StorageClass of the existing Prometheus PVC is used. If there is no PVC yet, the StorageClass will be used according to the global storageClass parameter setting.

    The global storageClass parameter is only considered when the module is enabled. Changing the global storageClass parameter while the module is enabled will not trigger disk re-provisioning.

    Warning. Specifying a value different from the one currently used (in the existing PVC) will result in disk re-provisioning and all data will be deleted.

    If false is specified, emptyDir will be forced to be used.

    Examples:

    storageClass: ceph-ssd
    

    storageClass: 'false'
    

  • settings.tolerations

    array of objects

    The same as in the Pods’ spec.tolerations parameter in Kubernetes;

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    tolerations:
    - key: key1
      operator: Equal
      value: value1
      effect: NoSchedule
    

    • settings.tolerations.effect

      string
    • settings.tolerations.key

      string
    • settings.tolerations.operator

      string
    • settings.tolerations.tolerationSeconds

      integer
    • settings.tolerations.value

      string
  • settings.vpa

    object

    VPA settings for pods.

    Default: {"updateMode":"Initial"}

    Examples:

    vpa:
      updateMode: Initial
      longtermMaxCPU: '1'
      longtermMaxMemory: 1500Mi
      maxCPU: 1000m
      maxMemory: 1500Mi
    

    vpa:
      updateMode: 'Off'
    

    • settings.vpa.longtermMaxCPU

      The maximum value that the VPA can set for the Longterm Prometheus Pods.

      The default value is chosen automatically based on the maximum number of Pods that can be created in the cluster considering the current number of nodes and their settings. For more information, see the detect_vpa_max hook of the module.

      Example:

      longtermMaxCPU: 0.1
      

    • settings.vpa.longtermMaxMemory

      The maximum memory requests the VPA can set for the longterm Prometheus Pods.

      The default value is chosen automatically based on the maximum number of Pods that can be created in the cluster considering the current number of nodes and their settings. For more information, see the detect_vpa_max hook of the module.

      Example:

      longtermMaxMemory: 4Mi
      

    • settings.vpa.maxCPU

      The maximum value that the VPA can set for the CPU requests for the main Prometheus Pods.

      The default value is chosen automatically based on the maximum number of Pods that can be created in the cluster considering the current number of nodes and their settings. For more information, see the detect_vpa_max hook of the module.

      Example:

      maxCPU: '3'
      

    • settings.vpa.maxMemory

      The maximum memory requests the VPA can set for the main Prometheus Pods.

      The default value is chosen automatically based on the maximum number of Pods that can be created in the cluster considering the current number of nodes and their settings. For more information, see the detect_vpa_max hook of the module.

      Example:

      maxMemory: 3Mi
      

    • settings.vpa.updateMode

      string

      The VPA usage mode.

      Default: Initial

      Allowed values: Initial, Auto, Off