Once the deployed prometheus-exporter operator is up and running and watching for any PrometheusExporter resource type, you can setup any prometheus exporter following the next examples:
- Official doc: https://github.com/prometheus/memcached_exporter
- Create
memcached-exporterexample (example-DB, example-CR):
$ make memcached-create- Once tested, delete created objects:
$ make memcached-delete- Official doc: https://github.com/oliver006/redis_exporter
- Create
redis-exporterexample (example-DB, example-CR, example-CR-2):
$ make redis-create- Once tested, delete created objects:
$ make redis-delete- Official doc: https://github.com/prometheus/mysqld_exporter
- The Secret should have been previously created as the operator expects it:
- mysql-secret-example (Remember to set object name on CR field
dbConnectionStringSecretName)
- mysql-secret-example (Remember to set object name on CR field
- In addition, a database user with specific grants is needed (this is just an example, go to the official doc for the latest information):
CREATE USER 'exporter'@'%' IDENTIFIED BY 'XXXXXXXX' WITH MAX_USER_CONNECTIONS 3;
GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO 'exporter'@'%';NOTE
It is recommended to set a max connection limit for the user to avoid overloading the server with monitoring scrapes under heavy load.
- Create
mysql-exporterexample (example-secret, example-DB, example-CR):
$ make mysql-create- Once tested, delete created objects:
$ make mysql-delete- Official doc: https://github.com/wrouesnel/postgres_exporter
- The Secret should have been previously created as the operator expects it:
- postgresql-secret-example (Remember to set the object name on the CR field
dbConnectionStringSecretName)
- postgresql-secret-example (Remember to set the object name on the CR field
- In addition, a database user with specific grants is needed*(this is just an example, go to official doc for latest information)*. To be able to collect metrics from
pg_stat_activityandpg_stat_replicationasnon-superuseryou have to create views as asuperuser, and assign permissions separately to those. In PostgreSQL, views run with the permissions of the user that created them so they can act as security barriers (this is just an example, go to official doc for latest information):
CREATE USER postgres_exporter PASSWORD 'password';
ALTER USER postgres_exporter SET SEARCH_PATH TO postgres_exporter,pg_catalog;
-- If deploying as non-superuser (for example in AWS RDS), uncomment the GRANT
-- line below and replace <MASTER_USER> with your root user.
-- GRANT postgres_exporter TO <MASTER_USER>
CREATE SCHEMA postgres_exporter AUTHORIZATION postgres_exporter;
CREATE VIEW postgres_exporter.pg_stat_activity
AS
SELECT * from pg_catalog.pg_stat_activity;
GRANT SELECT ON postgres_exporter.pg_stat_activity TO postgres_exporter;
CREATE VIEW postgres_exporter.pg_stat_replication AS
SELECT * from pg_catalog.pg_stat_replication;
GRANT SELECT ON postgres_exporter.pg_stat_replication TO postgres_exporter;NOTE
Remember to usepostgresdatabase name in the connection string:DATA_SOURCE_NAME=postgresql://postgres_exporter:password@localhost:5432/postgres?sslmode=disable
- Create
postgresql-exporterexample (example-secret, example-DB, example-CR):
$ make postgresql-create- Once tested, delete created objects:
$ make postgresql-delete- Official doc: https://github.com/foxdalas/sphinx_exporter
- Make sure you have a Sphinx instance available, and dbHost/dbPort are correctly set on CR example file
- Create
sphinx-exporterexample (example-CR):
$ make sphinx-create- Once tested, delete created objects:
$ make sphinx-delete- Official doc: https://github.com/justwatchcom/elasticsearch_exporter
- Make sure you have an Elasticsearch cluster available and that dbHost/dbPort are correctly set on CR example file
- Create
elasticsearch-exporterexample (example-CR):
$ make elasticsearch-create- Once tested, delete created objects:
$ make elasticsearch-delete- Official doc: https://github.com/prometheus/cloudwatch_exporter
NOTE
The metrics from some services likeAWSClientVPNare reported to AWS CloudWatch every 5 minutes (instead of default 1 minute), because they are not critical services like databases (RDS/EC) where details are more important. So on thoses cases, scrapping AWS Cloudwatch metrics every 1 minute makes no sense, so it is better to specify the varperiod_seconds: 300(instead of defaultperiod_seconds: 60) in the metric definition in the configmap. In addition, for those cases reporting metrics every 5 minutes, empty spaces (null values) could appear empty in the prometheus time series database, so in order to configure alerts, you can use queries likemax_over_time(aws_clientvpn_crl_days_to_expiry_average[10m]) < 2, which takes max value within last 10 minutes, so we guarantee there is always a value that can fire an alert that won't disappear from time to time although alert might not be really recovered.
- The Secret/ConfigMap should have been previously created as the operator expects them:
- cw-secret-example (Remember to set the object name on the CR field
awsCredentialsSecretName) - cw-configmap-example (Remember to set the object name on the CR field
configurationConfigmapName)
- cw-secret-example (Remember to set the object name on the CR field
- In addition, the created IAM user requires some specific IAM permissions:
cloudwatch:ListMetricscloudwatch:GetMetricStatisticstag:GetResources
- Create
cloudwatch-exporterexample (example-secret, example-configmap, example-CR):
$ make cloudwatch-create- Once tested, delete the created objects:
$ make cloudwatch-delete- Official doc: https://github.com/prometheus/blackbox_exporter
- The ConfigMap should have been previously created as the operator expects it:
- probe-configmap-example (Remember to set the object name on the CR field
configurationConfigmapName)
- probe-configmap-example (Remember to set the object name on the CR field
- The optional Secret (replacing previous ConfigMap) should have been previously created as the operator expects it (in case config includes sensitive data and so you prefer to use a Secret
- probe-secret-example (Remember to set the object name on the CR field
configurationSecretNamereplacing previousconfigurationConfigmapName)
- probe-secret-example (Remember to set the object name on the CR field
NOTE
To deploy a probe exporter (blackbox exporter) it is just needed the configmap (or secret) with blackbox modules configuration, and a singlePrometheusExportercustom resource of typeprobe. But then, in order to be able to scrape different targets, you need to deploy for every endpoint that you want to monitor, a prometheusServiceMonitorresource with theselector.matchLabelspointing to the deployed probe exporterapp: prometheus-exporter-probe-${CR_NAME}, and then configure the specific module and target, with a proper relabeling of source label__param_targetinto target labeltarget(which is used in the deployed grafana dashboard and possible prometheus alerts).
- probe-target-service-monitor-example (Remember to set the
selector.matchLabelspointing to the deployed probe exporterapp: prometheus-exporter-probe-${CR_NAME})
- Create
probe-exporterexample (example-configmap, example-CR, example-target-service-monitor):
$ make probe-create- Once tested, delete the created objects:
$ make probe-delete- Official doc: https://github.com/chatwork/sendgrid-stats-exporter
- The Secret should have been previously created as the operator expects it:
- sendgrid-secret-example (Remember to set the object name on the CR field
sendgridCredentialsSecretName)
- sendgrid-secret-example (Remember to set the object name on the CR field
- Create
sendgrid-exporterexample (example-secret, example-CR):
$ make sendgrid-create- Once tested, delete the created objects:
$ make sendgrid-delete