New to KubeVault? Please start here.
Monitoring Vault Server Using Prometheus Operator
CoreOS prometheus-operator provides simple and Kubernetes native way to deploy and configure Prometheus server. This tutorial will show you how to monitor Vault server using Prometheus via Prometheus Operator).
Monitor Vault server
To enable monitoring, configure spec.monitor
field in a VaultServer
custom resource. Below is an example:
apiVersion: kubevault.com/v1alpha1
kind: VaultServer
metadata:
name: vault
namespace: demo
spec:
replicas: 1
version: 1.2.0
serviceTemplates:
- alias: vault
metadata:
annotations:
name: vault
spec:
type: NodePort
- alias: stats
spec:
type: ClusterIP
backend:
inmem: {}
unsealer:
secretShares: 4
secretThreshold: 2
mode:
kubernetesSecret:
secretName: vault-keys
monitor:
agent: prometheus.io
prometheus:
exporter:
resources: {}
terminationPolicy: "WipeOut"
Here,
monitor.agent
indicates the monitoring agentcoreos-prometheus-operator
.monitor.prometheus
specifies the information for monitoring by Prometheus.prometheus.namespace
specifies the namespace where ServiceMonitor is created.prometheus.labels
specifies the labels applied to ServiceMonitor.prometheus.port
indicates the port for Vault statsd exporter endpoint (default is56790
)prometheus.interval
indicates the scraping interval (eg, ’10s')
Now create Vault server with the monitoring spec
$ kubectl create -f https://github.com/kubevault/kubevault/raw/v2024.9.30/docs/examples/monitoring/vault-server/vault-server-coreos.yaml
KubeVault operator will create a ServiceMonitor object once the Vault server is successfully running.
$ kubectl get servicemonitor -n demo
NAME AGE
vault-demo-exampleco 23s
Now, if you go the Prometheus Dashboard, you should see that this Vault endpoint as one of the targets.
Cleaning up
To cleanup the Kubernetes resources created by this tutorial, run:
$ kubectl delete -n demo vs/coreos-prom-postgres
$ kubectl delete ns demo