Documentation survey

This is unreleased documentation for Policy Manager 1.29-next.

Monitoring

Rancher has a Cluster Tool for monitoring that leverages Grafana and Prometheus. You can use this tool, integrating it with SUSE® Admission Policy Manager, to view overall metrics for a Policy Server or metrics for a given policy.

You need a cluster with at least 4 cores to install the Monitoring tool.

Prerequisites

You need the Prometheus Operator. Follow these instructions to install it.

Install

Create the ServiceMonitors

  • Import the manifest to create the ServiceMonitors.

  • You need to specify the SUSE® Admission Policy Manager installation namespace

These steps are an adpatation from the telemetry metrics instructions.

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: kubewarden-controller
  namespace: cattle-kubewarden-system
spec:
  endpoints:
    - interval: 10s
      port: metrics
  namespaceSelector:
    matchNames:
      - cattle-kubewarden-system
  selector:
    matchLabels:
      app.kubernetes.io/name: kubewarden-controller
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: kubewarden-policy-server
  namespace: cattle-kubewarden-system
spec:
  endpoints:
    - interval: 10s
      port: metrics
  namespaceSelector:
    matchNames:
      - cattle-kubewarden-system
  selector:
    matchLabels:
      app: kubewarden-policy-server-default

Enable telemetry for your rancher-kubewarden-controller resource

  • Navigate to Apps & Marketplace → Installed Apps.

  • Select the Edit/Upgrade action for your rancher-kubewarden-controller resource.

  • Edit the YAML for telemetry to be enabled: "true" and verify that the metrics port is correct.

telemetry:
  metrics: true
  mode: sidecar
  sidecar:
    metrics:
      port: 8080

You may need to redeploy your Monitoring resources for the new ConfigMap to load. You can do this from Workloads → Deployments. Select all the resources in the cattle-monitoring-system namespace and select the Redeploy action.

Create the Grafana dashboard ConfigMap for Policies and Policy Server

This method is suitable for air-gapped installations.

The dashboards are unique between Policy Server and Policies, so you need to separate creation.

Within the detail view for a Policy Server or a specific Policy:

  • Navigate to the "Metrics" tab.

  • Follow the prompt to create the ConfigMap.

  • Reload the page to update the Grafana view (Grafana may be slow to acknowledge the new dashboard).

You should be able to view the metrics for a Policy Server, or any given Policy on the detail page for each respective resource. You can also view the SUSE® Admission Policy Manager dashboards within the Grafana UI, or the events from the Prometheus UI.