Available in:  CE, BE, SE, SE+, EE

The module lifecycle stagePreview
The module has requirements for installation

How to explicitly enable the module…

You may explicitly enable or disable the module in one of the following ways:

  • Via Deckhouse web UI. In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the observability module and enable (or disable) the “Module enabled” toggle. Save changes.

    Example:

    Module enable/disable interface

  • Via Deckhouse CLI (d8).

    Use the d8 system module enable command for enabling, or d8 system module disable command for disabling the module (you need Deckhouse CLI (d8), configured to work with the cluster).

    Example of enabling the module:

    d8 system module enable observability

  • Using ModuleConfig observability.

    Set spec.enabled to true or false in ModuleConfig observability (create it if necessary);

    Example of a manifest to enable module observability:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: observability
spec:
  enabled: true

How to configure the module…

You can configure the module in one of the following ways:

  • Via Deckhouse web UI.

    In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the observability module and enable the “Advanced Settings” switch. Fill in the required fields in the “Configuration” tab or specify the module settings in YAML format on the “YAML” tab, excluding the settings section. Save the changes.

    Example:

    Module Setup Interface

    You can also edit the ModuleConfig object observability on the “YAML” tab in the module settings window (“System” → “System Management” → “Deckhouse” → “Modules”, open the module observability) by specifying the schema version in the spec.version parameter and the necessary module parameters in the spec.settings section.

  • Via Deckhouse CLI (d8) (requires Deckhouse CLI (d8) configured to work with the cluster).

    Edit the existing ModuleConfig observability (for more details on configuring Deckhouse, see the documentation) by executing the following command:

    d8 k edit mc observability

    Make the necessary changes in the spec.settings section. If necessary, specify the schema version in the spec.version parameter. Save the changes.

    You can also create a file with manifest for ModuleConfig observability using the example below. Fill in the spec.settings section with the required module parameters. If necessary, specify the schema version in the spec.version parameter.

    Apply the manifest using the following command (indicate the manifest file name):

    d8 k apply -f <FILENAME>

    Example of a manifest for ModuleConfig observability:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: observability
spec:
  version: 1
  enabled: true
  settings: # Module parameters from the "Parameters" section below.

How to change the module release channel…

To change the module release channel, follow the instruction.

Requirements

To the Deckhouse version: 1.71 and above.

To the versions of other modules:

  • console: 1.41.1 and above.
  • operator-prometheus: any version.
  • prometheus: any version.

Parameters

Schema version: 1

  • settings
    object
    • settings.deadMansSwitch
      object
      Settings for the DeadMansSwitch alerting.

      Default: {}

      • settings.deadMansSwitch.enabled
        boolean

        Whether to enable DeadMansSwitch alert handling.

        When enabled (default), a DeadMansSwitch heartbeat alert is expected from Prometheus and a PrometheusUnavailable alert is generated if the heartbeat is missing. When disabled, neither DeadMansSwitch nor PrometheusUnavailable alerts are created.

        Default: true

    • settings.dop
      object
      Settings for integration with DOP (Deckhouse Observability Platform).

      Default: {}

      • settings.dop.destinations
        array of objects
        List of DOP destinations for metrics delivery. At least one destination is required.

        Example: 


        destinations:
- host: dop.flant.com
  token: your-api-token-here
        • settings.dop.destinations.host
          string
          DOP platform host address (must be a valid FQDN, e.g., dop.flant.com).

          Length: 1..253

          Pattern: ^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$

        • settings.dop.destinations.token
          string
          API token for the DOP platform (UUID format).

          Pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$

      • settings.dop.hostMetrics
        boolean
        Whether to enable nodes metrics collection with okagent.

        Default: true

      • settings.dop.nodeAffinity
        object

        Node affinity configuration for the okagent.

        Allows constraining which nodes the pod can be scheduled on.

        Default: {}

        • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
          object
          If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node.
          • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms
            array of objects
            A list of node selector terms. The terms are ORed.
            • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions
              array of objects
              A list of node selector requirements by node’s labels. The requirements are ANDed.
              • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.key
                string
                The label key that the selector applies to.
              • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.operator
                string
                Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist, Gt, and Lt.

                Allowed values: In, NotIn, Exists, DoesNotExist, Gt, Lt

              • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.values
                array of strings
                An array of string values for the operator to evaluate. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
            • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields
              array of objects
              A list of node selector requirements by node’s fields. The requirements are ANDed.
              • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.key
                string
                The node field key that the selector applies to.
              • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.operator
                string
                Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist, Gt, and Lt.

                Allowed values: In, NotIn, Exists, DoesNotExist, Gt, Lt

              • settings.dop.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.values
                array of strings
                An array of string values for the operator to evaluate.
    • settings.externalMetricsAccess
      object
      Settings for external access to metrics.

      Default: {}

      • settings.externalMetricsAccess.enabled
        boolean

        Whether to enable metrics external read access.

        If enabled, the observability module will expose the metrics via ingress for reading. Metrics can be read using the Prometheus-compatible API. Providing a valid ServiceAccount token via the Authorization: Bearer header is mandatory. See the documentation for more details.

        Default: false

      • settings.externalMetricsAccess.whitelistSourceRanges
        array of strings
        An array if CIDRs that are allowed to read metrics. If not specified, no restrictions are applied.

        Default: []

        Example: 


        whitelistSourceRanges:
- 1.1.1.1/32
    • settings.grafana
      object
      Grafana related settings.

      Default: {}

      • settings.grafana.customPlugins
        array of strings

        A list of custom Grafana plugins. Contains plugin names from the official repository.

        Here is how you can add custom plugins (in this case, clickhouse-datasource and flowcharting-panel plugins are used):

        grafana:
  customPlugins:
  - agenty-flowcharting-panel
  - vertamedia-clickhouse-datasource

        You can also install plugins from other sources by passing a link to the plugin zip archive in the format <url to plugin zip>;<plugin name>:

        grafana:
  customPlugins:
  - http://10.241.32.16:3000/netsage-bumpchart-panel-1.1.1.zip;netsage-bumpchart-panel

        Example: 


        customPlugins:
- agenty-flowcharting-panel
- vertamedia-clickhouse-datasource
    • settings.https
      object

      What certificate type to use with observability module.

      This parameter completely overrides the global.modules.https settings.

      Examples: 


      customCertificate:
  secretName: foobar
mode: CustomCertificate

      certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
      • settings.https.certManager
        object
        • settings.https.certManager.clusterIssuerName
          string

          What ClusterIssuer to use for the observability module.

          Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

          Default: letsencrypt

      • settings.https.customCertificate
        object

        Default: {}

        • settings.https.customCertificate.secretName
          string

          The name of the secret in the d8-system namespace to use with the observability module.

          This secret must have the kubernetes.io/tls format.

          Default: false

      • settings.https.mode
        string

        The HTTPS usage mode:

        • Disabled — the observability module will work over HTTP only;
        • CertManager — the observability module will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
        • CustomCertificate — the observability module will use HTTPS using the certificate from the d8-system namespace.
        • OnlyInURI — the observability module will work over HTTP (thinking that there is an external HTTPS load balancer in front that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme. Load balancer should provide a redirect from HTTP to HTTPS.

        Default: Disabled

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

    • settings.ingressClass
      string

      The ingress class to use for all ingress resources created by the observability module.

      This parameter completely overrides the global.modules.ingressClass settings. If not specified, the global ingress class configuration will be used.

      The value must be a valid Kubernetes resource name (lowercase alphanumeric characters or hyphens, must start and end with alphanumeric character).

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

      Examples: 


      ingressClass: nginx

      ingressClass: nginx-external