-
Notifications
You must be signed in to change notification settings - Fork 97
Monitoring
Andreas Auernhammer edited this page Mar 11, 2022
·
2 revisions
The KES server provides a metrics
API endpoint that exposes various server metrics in the
Prometheus exposition format.
1. Generate Prometheus Credentials
The Prometheus server has to authenticate to KES, and therefore, needs access credentials.
$ kes identity new --key client.key --cert client.crt prometheus
Private key: client.key
Certificate: client.crt
Identity: 2169daa644eb18b41d85214a20f7272d449e85ef4f1bf3e2609fbe3fa7ca00cd2. Create KES Policy
At the KES server, we need to create a policy that allows Prometheus to scrape the metrics.
policy:
prometheus:
allow:
- /v1/metrics
identities:
- 2169daa644eb18b41d85214a20f7272d449e85ef4f1bf3e2609fbe3fa7ca00cd # Use the identity of your client.crtThe KES server needs to be restarted after its configuration file has been modified.
3. Create Prometheus Scrape Config
As the last step we have to configure Prometheus to use the TLS client certificate when scraping the KES metrics. Therefore, we use the following Prometheus scrape config:
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: KES
scheme: https
tls_config:
cert_file: client.crt
key_file: client.key
# ca_file: public.crt # Optionally, specify the KES server CA certificate or the self-signed KES server certificate.
metrics_path: /v1/metrics
static_configs:
- targets: ['localhost:7373'] # Specify KES endpoint.Once the KES server and the Prometheus server has been started, Prometheus should detect and display a new KES target.