Prometheus is an open-source monitoring and alerting platform. You can use it to monitor health and availability of Central and Sensor components of Red Hat Advanced Cluster Security for Kubernetes.

Enabling monitoring

Before you can monitor Red Hat Advanced Cluster Security for Kubernetes, you must enable monitoring.

Procedure
  1. Patch the services to expose the port number 9090.

    1. Patch the Sensor service:

      $ oc -n stackrox patch svc/sensor -p '{"spec":{"ports":[{"name":"monitoring","port":9090,"protocol":"TCP","targetPort":9090}]}}' (1)
      1 Use kubectl instead of oc if you are using Kubernetes.
    2. Patch the Central service:

      $ oc -n stackrox patch svc/central -p '{"spec":{"ports":[{"name":"monitoring","port":9090,"protocol":"TCP","targetPort":9090}]}}'
  2. Modify network policies to allow ingress.

    $ oc apply -f - <<EOF (1)
    apiVersion: networking.k8s.io/v1
    kind: NetworkPolicy
    metadata:
      labels:
        app.kubernetes.io/name: stackrox
      name: allow-monitoring
      namespace: stackrox
    spec:
      ingress:
      - ports:
        - port: 9090
          protocol: TCP
      podSelector:
        matchExpressions:
        - {key: app, operator: In, values: [central, sensor, collector]}
      policyTypes:
      - Ingress
    EOF
    1 Use kubectl instead of oc if you are using Kubernetes.

Customizing the default port

To customize the port used for Prometheus metrics in Red Hat Advanced Cluster Security for Kubernetes Central and Sensor, you can use the ROX_METRICS_PORT environment variable.

Procedure
  • Set the ROX_METRICS_PORT environment variable:

    $ oc -n stackrox set env deploy/central ROX_METRICS_PORT=<value> (1)
    1 Use kubectl instead of oc if you are using Kubernetes.

You can specify the <value> for the ROX_METRICS_PORT environment variable as:

  • disabled to disable monitoring.

  • <port_number> to bind it to a wildcard address.

  • <address>:<port_number> to use specific address and port number. You can also specify an IPv6 address by using square brackets, for example, [2001:db8::1234]:9090.