Application monitoring
To organize metrics collection from any applications in the cluster, you need to:
-
Enable the
monitoring-custom
module if it is not enabled.You can enable cluster monitoring in the web interface (Deckhouse Console), or using the following command:
d8 platform module enable monitoring-custom
The current platform user may not have rights to enable or disable modules. If there are no rights, you need to contact the platform administrator.
-
Make sure that the application from which metrics will be collected provides them in Prometheus format.
-
Set the
prometheus.deckhouse.io/custom-target
label on the Service or pod that needs to be connected to monitoring. The label value will determine the name in the list of Prometheus targets.Example:
labels: prometheus.deckhouse.io/custom-target: my-app
-
It is recommended to use the application name as the value of the
prometheus.deckhouse.io/custom-target
label, which allows it to be uniquely identified in the cluster.The label format must comply with Kubernetes requirements: no more than 63 characters, which can include alphanumeric characters (
[a-z0-9A-Z]
), as well as hyphens (-
), underscores (_
), dots (.
).If the application is deployed in the cluster more than once (staging, testing, etc.) or even deployed several times in one namespace, one common name is sufficient, since all metrics will have
namespace
,pod
labels anyway, and if access is through Service, theservice
label. This is the name that uniquely identifies the application in the cluster, not its single installation.
-
-
Specify the name
http-metrics
andhttps-metrics
for the port from which metrics need to be collected for HTTP or HTTPS connection respectively.If this is not possible (for example, the port is already defined and named differently), you need to use annotations:
prometheus.deckhouse.io/port: port_number
— to specify the port andprometheus.deckhouse.io/tls: "true"
— if metrics collection will be over HTTPS.When specifying an annotation on a Service, you must use
targetPort
as the port value. That is, the port that is open and listened to by the application, not the Service port.-
Example 1:
ports: - name: https-metrics containerPort: 443
-
Example 2:
annotations: prometheus.deckhouse.io/port: "443" prometheus.deckhouse.io/tls: "true" # If metrics are provided over HTTP, this annotation should not be specified.
-
-
When using service mesh Istio in STRICT mTLS mode, specify the following annotation for metrics collection on Service or Pod:
prometheus.deckhouse.io/istio-mtls: "true"
. It is important that application metrics should be exported over HTTP protocol without TLS.Example:
annotations: prometheus.deckhouse.io/istio-mtls: "true"
Example: Service
Below is an example of setting up metrics collection from a Service:
apiVersion: v1
kind: Service
metadata:
name: my-app
namespace: my-namespace
labels:
prometheus.deckhouse.io/custom-target: my-app
annotations:
prometheus.deckhouse.io/port: "8061" # By default, the service port with the name http-metrics or https-metrics will be used.
prometheus.deckhouse.io/path: "/my_app/metrics" # By default /metrics.
prometheus.deckhouse.io/query-param-format: "prometheus" # By default ''.
prometheus.deckhouse.io/allow-unready-pod: "true" # By default, pods NOT in Ready state are ignored.
prometheus.deckhouse.io/sample-limit: "5000" # By default, no more than 5000 metrics are accepted from one pod.
spec:
ports:
- name: my-app
port: 8060
- name: http-metrics
port: 8061
targetPort: 8061
selector:
app: my-app
Example: Deployment
Below is an example of setting up metrics collection from a Deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
labels:
app: my-app
spec:
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
prometheus.deckhouse.io/custom-target: my-app
annotations:
prometheus.deckhouse.io/sample-limit: "5000" # By default, no more than 5000 metrics are accepted from one pod.
spec:
containers:
- name: my-app
image: my-app:1.7.9
ports:
- name: https-metrics
containerPort: 443
Additional annotations for fine-tuning
For more precise application monitoring configuration, you can specify additional annotations for the pod or service for which monitoring is configured:
prometheus.deckhouse.io/path
: Path for metrics collection (default:/metrics
).prometheus.deckhouse.io/query-param-$name
: GET parameters that will be converted to a map of the form$name=$value
(default: ‘’). You can specify several such annotations. For example,prometheus.deckhouse.io/query-param-foo=bar
andprometheus.deckhouse.io/query-param-bar=zxc
will be converted to a request likehttp://...?foo=bar&bar=zxc
.prometheus.deckhouse.io/allow-unready-pod
: Allows metrics collection from pods in any state (by default, metrics are collected only from pods in Ready state). This option is useful in rare cases. For example, if your application starts very slowly (data is loaded into the database or caches are warmed up at startup), but useful metrics are already provided during startup that help monitor the application startup.prometheus.deckhouse.io/sample-limit
: How many samples are allowed to be collected from a pod (default 5000). The default value protects against situations where the application suddenly starts providing too many metrics, which can disrupt the entire monitoring system. The annotation must be placed on the same resource where theprometheus.deckhouse.io/custom-target
label is attached.