New to KubeVault? Please start here.
KubeVault operator has native support for monitoring via Prometheus. You can use builtin Prometheus scraper or Prometheus Operator to monitor KubeVault operator. This tutorial will show you how this monitoring works with KubeVault operator and how to enable them.
By default the KubeVault operator will configure each vault pod to publish statsd metrics. The KubeVault operator runs a statsd-exporter container as sidecar to convert and expose those metrics in Prometheus format. Following diagram shows the logical structure of KubeVault operator monitoring flow.
Each pod provides metrics at
/metrics endpoint on port
9102. Following metrics are available for Vault server.
You can enable monitoring for the KubeVault operator while installing or upgrading the operator. You can chose which monitoring agent to use for monitoring. KubeVault operator will configure respective resources accordingly. Here are the list of available flags and their usage:
|Script Flag||Helm Values||Acceptable Values||Default||Description|
|Specify which monitoring agent to use for monitoring KubeVault operator.|
|Specify whether to monitor KubeVault operator.|
|any namespace||same namespace as KubeVault operator||Specify the namespace where Prometheus server is running or will be deployed|
|any label||For Helm installation, ||Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is |