This is unreleased documentation for Policy Manager 1.29-next. |
Monitoring
Rancher has a Cluster Tool for monitoring that leverages Grafana and Prometheus. You can use this tool, integrating it with SUSE® Admission Policy Manager, to view overall metrics for a Policy Server or metrics for a given policy.
You need a cluster with at least 4 cores to install the Monitoring tool. |
Prerequisites
You need the Prometheus Operator. Follow these instructions to install it.
Install
Create the ServiceMonitors
-
Import the manifest to create the ServiceMonitors.
-
You need to specify the SUSE® Admission Policy Manager installation namespace
These steps are an adpatation from the telemetry metrics instructions.
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: kubewarden-controller
namespace: cattle-kubewarden-system
spec:
endpoints:
- interval: 10s
port: metrics
namespaceSelector:
matchNames:
- cattle-kubewarden-system
selector:
matchLabels:
app.kubernetes.io/name: kubewarden-controller
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: kubewarden-policy-server
namespace: cattle-kubewarden-system
spec:
endpoints:
- interval: 10s
port: metrics
namespaceSelector:
matchNames:
- cattle-kubewarden-system
selector:
matchLabels:
app: kubewarden-policy-server-default
Enable telemetry for your rancher-kubewarden-controller
resource
-
Navigate to Apps & Marketplace → Installed Apps.
-
Select the
Edit/Upgrade
action for yourrancher-kubewarden-controller
resource. -
Edit the YAML for
telemetry
to beenabled: "true"
and verify that the metrics port is correct.
telemetry:
metrics: true
mode: sidecar
sidecar:
metrics:
port: 8080
You may need to redeploy your Monitoring resources for the new ConfigMap to
load. You can do this from Workloads → Deployments. Select all the resources in
the |
Create the Grafana dashboard ConfigMap for Policies and Policy Server
This method is suitable for air-gapped installations. |
The dashboards are unique between Policy Server and Policies, so you need to separate creation.
Within the detail view for a Policy Server or a specific Policy:
-
Navigate to the "Metrics" tab.
-
Follow the prompt to create the ConfigMap.
-
Reload the page to update the Grafana view (Grafana may be slow to acknowledge the new dashboard).
You should be able to view the metrics for a Policy Server, or any given Policy on the detail page for each respective resource. You can also view the SUSE® Admission Policy Manager dashboards within the Grafana UI, or the events from the Prometheus UI.