Configure Customer's Prometheus to pull metrics from Privacera¶

If the customer wishes to pull Privacera metrics from their self-hosted Prometheus, they must add the following jobs to the prometheus.yml file on their Prometheus server.

Update your prometheus.yml with the follow code snippet

YAML
- job_name: 'privacera-service-endpoints'
  honor_labels: true

  tls_config:
    insecure_skip_verify: true

  kubernetes_sd_configs:
    - role: endpoints

  relabel_configs:
    - source_labels: [__meta_kubernetes_service_annotation_privacera_prometheus_io_scrape]
      action: keep
      regex: true
    - source_labels: [__meta_kubernetes_service_annotation_privacera_prometheus_io_scheme]
      action: replace
      target_label: __scheme__
      regex: (https?)
    - source_labels: [__meta_kubernetes_service_annotation_privacera_prometheus_io_path]
      action: replace
      target_label: __metrics_path__
      regex: (.+)
    - source_labels: [__address__, __meta_kubernetes_service_annotation_privacera_prometheus_io_port]
      action: replace
      target_label: __address__
      regex: (.+?)(?::\d+)?;(\d+)
      replacement: $1:$2
    - action: labelmap
      regex: __meta_kubernetes_service_annotation_privacera_prometheus_io_param_(.+)
      replacement: __param_$1
    - action: labelmap
      regex: __meta_kubernetes_service_label_(.+)
    - source_labels: [__meta_kubernetes_namespace]
      action: replace
      target_label: namespace
    - source_labels: [__meta_kubernetes_service_name]
      action: replace
      target_label: service
    - source_labels: [__meta_kubernetes_pod_node_name]
      action: replace
      target_label: node
    - source_labels: [__meta_kubernetes_pod_name]
      action: replace
      target_label: pod

- job_name: 'privacera-pods'
  honor_labels: true
  tls_config:
    insecure_skip_verify: true
  kubernetes_sd_configs:
    - role: pod
  relabel_configs:
    - source_labels: [__meta_kubernetes_pod_annotation_privacera_prometheus_io_scrape]
      action: keep
      regex: true
    - source_labels: [__meta_kubernetes_pod_annotation_privacera_prometheus_io_scheme]
      action: replace
      regex: (https?)
      target_label: __scheme__
    - source_labels: [__meta_kubernetes_pod_annotation_privacera_prometheus_io_path]
      action: replace
      target_label: __metrics_path__
      regex: (.+)
    - source_labels: [__meta_kubernetes_pod_annotation_privacera_prometheus_io_port, __meta_kubernetes_pod_ip]
      action: replace
      regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})
      replacement: '[$2]:$1'
      target_label: __address__
    - source_labels: [__meta_kubernetes_pod_annotation_privacera_prometheus_io_port, __meta_kubernetes_pod_ip]
      action: replace
      regex: (\d+);((([0-9]+?)(\.|$)){4})
      replacement: $2:$1
      target_label: __address__
    - action: labelmap
      regex: __meta_kubernetes_pod_annotation_privacera_prometheus_io_param_(.+)
      replacement: __param_$1
    - action: labelmap
      regex: __meta_kubernetes_pod_label_(.+)
    - source_labels: [__meta_kubernetes_namespace]
      action: replace
      target_label: namespace
    - source_labels: [__meta_kubernetes_pod_name]
      action: replace
      target_label: pod
    - source_labels: [__meta_kubernetes_pod_phase]
      regex: Pending|Succeeded|Failed|Completed
      action: drop
    - source_labels: [__meta_kubernetes_pod_node_name]
      action: replace
      target_label: node

If you are also using Prometheus BlackBox Exporter then they need to add the below jobs as well in prometheus.yml file.

Snippet to update your `prometheus.yml

YAML
- job_name: "blackbox-kubernetes-ingresses"
  metrics_path: /probe
  params:
    module: [http_2xx]
  kubernetes_sd_configs:
    - role: ingress
  relabel_configs:
    - source_labels: [__meta_kubernetes_ingress_annotation_privacera_prometheus_io_health_probe]
      action: keep
      regex: true
    - source_labels:
        [
          __meta_kubernetes_ingress_scheme,
          __address__,
          __meta_kubernetes_ingress_path,
        ]
      regex: (.+);(.+);(.+)
      replacement: ${1}://${2}${3}
      target_label: __param_target
    - target_label: __address__
      replacement: prometheus-blackbox-exporter:9115
    - source_labels: [__param_target]
      target_label: instance
    - action: labelmap
      regex: __meta_kubernetes_ingress_label_(.+)
    - source_labels: [__meta_kubernetes_namespace]
      target_label: kubernetes_namespace
    - source_labels: [__meta_kubernetes_ingress_name]
      target_label: ingress_name
    - source_labels: [__meta_kubernetes_ingress_host]
      regex: .*portal.*|.*ranger.*|.*solr.*
      action: keep

- job_name: "blackbox-kubernetes-services"
  metrics_path: /probe
  params:
    module: [http_2xx]
  kubernetes_sd_configs:
    - role: service
  relabel_configs:
    - source_labels: [__meta_kubernetes_service_annotation_privacera_prometheus_io_health_probe]
      action: keep
      regex: true
    - source_labels:
        [
          __meta_kubernetes_service_annotation_privacera_prometheus_io_health_scheme,
          __address__,
          __meta_kubernetes_service_annotation_privacera_prometheus_io_health_path,
        ]
      regex: (.+);(.+);(.+)
      replacement: ${1}://${2}${3}
      target_label: __param_target
    - target_label: __address__
      replacement:  prometheus-blackbox-exporter:9115
    - source_labels: [__param_target]
      target_label: instance
    - action: labelmap
      regex: __meta_kubernetes_service_label_(.+)
    - source_labels: [__meta_kubernetes_namespace]
      target_label: kubernetes_namespace
    - source_labels: [__meta_kubernetes_service_name]
      target_label: kubernetes_service_name

Prev Advanced Configuration

Configure Customer's Prometheus to pull metrics from Privacera¶

Comments