Install Prometheus in Workload Clusters Deployed by a Supervisor

This topic explains how to deploy Prometheus to Tanzu Kubernetes Grid (TKG) workload clusters deployed to vSphere by a vSphere with Tanzu Supervisor.

Prometheus is a system and service monitoring system. Prometheus collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and triggers alerts if conditions are met. Alertmanager handles alerts generated by Prometheus and routes them to their receiving endpoints.

You can install Prometheus on a workload cluster in two ways:

• Using the Tanzu CLI
• Using kubectl

Install Prometheus Using the Tanzu CLI

Prerequisites

Adhere to the following prerequisites.

• Prepare to Install Tanzu Packages.
• Install Cert Manager Using the Tanzu CLI.
• Install Contour Using the Tanzu CLI (Contour with Envoy is required to access the Prometheus dashboard).

Reference

Refer to the following topic as needed.

• Prometheus, Alertmanager, and Grafana Components, Configuration, Data Values.

Install Prometheus with Alertmanager

Complete these steps to install the Prometheus package.

1. Create the namespace.

   kubectl create ns tanzu-system-monitoring
   

2. Get the latest Prometheus package version for your repository.

   kubectl -n tkg-system get packages
   

   For example, the latest version is 2.37.0+vmware.3-tkg.1 which is what we will install.

   prometheus.tanzu.vmware.com.2.27.0+vmware.1-tkg.1                    prometheus.tanzu.vmware.com                    2.27.0+vmware.1-tkg.1   49m9s
   prometheus.tanzu.vmware.com.2.27.0+vmware.2-tkg.1                    prometheus.tanzu.vmware.com                    2.27.0+vmware.2-tkg.1   49m9s
   prometheus.tanzu.vmware.com.2.36.2+vmware.1-tkg.1                    prometheus.tanzu.vmware.com                    2.36.2+vmware.1-tkg.1   49m9s
   prometheus.tanzu.vmware.com.2.37.0+vmware.1-tkg.1                    prometheus.tanzu.vmware.com                    2.37.0+vmware.1-tkg.1   49m9s
   prometheus.tanzu.vmware.com.2.37.0+vmware.2-tkg.1                    prometheus.tanzu.vmware.com                    2.37.0+vmware.2-tkg.1   49m9s
   prometheus.tanzu.vmware.com.2.37.0+vmware.3-tkg.1                    prometheus.tanzu.vmware.com                    2.37.0+vmware.3-tkg.1   49m9s
   

3. Create the prometheus-data-values.yaml file using either of the following methods:

   1. Copy the example provided. See Prometheus with Alertmanager Components, Configuration, Data Values.

   2. Or, generate the file prometheus-default-values.yaml using the following command:

      tanzu package available get prometheus.tanzu.vmware.com/2.37.0+vmware.3-tkg.1 --default-values-file-output prometheus-data-values.yaml
      

4. Edit the prometheus-data-values.yaml file and configure the following values. These values are required to access the Prometheus dashboard.

   Parameter	Description
   ingress.tlsCertificate.tls.crt	A self-signed TLS cert is generated for ingress. Optionally you can override and provide your own.
   ingress.tlsCertificate.tls.key	A self-signed TLS private key is generated for ingress. Optionally you can override and provide your own.
   ingress.enabled	Set the value to true (default is false).
   ingress.virtual_host_fqdn	Set the value to prometheus.<your.domain> (default is prometheus.system.tanzu).
   alertmanager.pvc.storageClassName	Enter the name of the vSphere storage policy.
   prometheus.pvc.storageClassName	Enter the name of the vSphere storage policy.

   See Prometheus with Alertmanager Components, Configuration, Data Values for a full list of all available configuration parameters.

5. Install the Prometheus package.

   tanzu package install prometheus -p prometheus.tanzu.vmware.com -v 2.37.0+vmware.3-tkg.1 --values-file prometheus-data-values.yaml -n tanzu-system-monitoring
   

6. Verify Prometheus installation using the Tanzu CLI.

   tanzu package installed list -n tanzu-system-monitoring
   
   NAME        PACKAGE-NAME                 PACKAGE-VERSION        STATUS
   prometheus  prometheus.tanzu.vmware.com  2.37.0+vmware.3-tkg.1  Reconcile succeeded
   

   tanzu package installed get prometheus -n tanzu-system-monitoring
   
   NAME:                    prometheus
   PACKAGE-NAME:            prometheus.tanzu.vmware.com
   PACKAGE-VERSION:         2.37.0+vmware.3-tkg.1
   STATUS:                  Reconcile succeeded
   

7. Verify Prometheus installation using Kubectl.

   kubectl -n tanzu-system-monitoring get all
   

   kubectl -n tanzu-system-monitoring get pvc
   
   NAME                STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
   alertmanager        Bound    pvc-a53f7091-9823-4b70-a9b4-c3d7a1e27a4b   2Gi        RWO            k8s-policy     2m30s
   prometheus-server   Bound    pvc-41745d1d-9401-41d7-b44d-ba430ecc5cda   20Gi       RWO            k8s-policy     2m30s
   

Troubleshoot Prometheus Installation

If the tanzu package install prometheus operation returns the error “Failed to get final advertise address: No private IP address found, and explicit IP not provided,” apply a package overlay to reconfigure the alertmanager component.

1. Create the file overlay-alertmanager.yaml.

   ---
   #@ load("@ytt:overlay", "overlay")
   
   #@overlay/match by=overlay.and_op(overlay.subset({"kind": "Deployment"}), overlay.subset({"metadata": {"name": "alertmanager"}}))
   ---
   spec:
     template:
       spec:
         containers:
           #@overlay/match by="name",expects="0+"
           - name: alertmanager
             args:
               - --cluster.listen-address=
   

2. Use Kubectl to create a secret from the file overlay-alertmanager.yaml.

   kubectl create secret generic alertmanager-overlay -n tkg-system -o yaml --dry-run=client --from-file=overlay-alertmanager.yaml | kubectl apply -f -
   

3. Use Kubectl to annotate the Prometheus package with the overlay secret.

   kubectl annotate PackageInstall prometheus -n tkg-system ext.packaging.carvel.dev/ytt-paths-from-secret-name.1=alertmanager-overlay
   

4. Run the installation command again.

   tanzu package install prometheus -p prometheus.tanzu.vmware.com -v 2.37.0+vmware.3-tkg.1 --values-file prometheus-data-values.yaml -n tanzu-system-monitoring
   

Access the Prometheus Dashboard

Once Prometheus is installed, complete the following steps to access the Prometheus dashboard.

1. Ensure that the ingress section of the prometheus-data-values.yaml file is populated with all required fields.

   ingress:
     enabled: true
     virtual_host_fqdn: "prometheus.system.tanzu"
     prometheus_prefix: "/"
     alertmanager_prefix: "/alertmanager/"
     prometheusServicePort: 80
     alertmanagerServicePort: 80
     #! [Optional] The certificate for the ingress if you want to use your own TLS certificate.
     #! We will issue the certificate by cert-manager when it's empty.
     tlsCertificate:
       #! [Required] the certificate
       tls.crt:
       #! [Required] the private key
       tls.key:
       #! [Optional] the CA certificate
       ca.crt:
   

2. Get the public (external) IP address of the Contour with Envoy load balancer.

   See Install Contour Using the Tanzu CLI.

3. Create a DNS record that maps the Prometheus FQDN you used (default is prometheus.system.tanzu) to the IP address of the Envoy load balancer.

4. Access the Prometheus dashboard by navigating to the Prometheus FQDN using a browser.

Install Prometheus Using Kubectl

Prometheus is a system and service monitoring system. Install the Prometheus package to monitor and collect metrics for TKG clusters on Supervisor.

Prerequisites

Adhere to the following prerequisites before you install the Prometheus package.

• Prepare to Install Tanzu Packages
• Install Cert Manager Using Kubectl
• Install Contour Using Kubectl

Reference

Refer to the following topic as needed.

• Prometheus, Alertmanager, and Grafana Components, Configuration, Data Values.

Install Prometheus

Install the Prometheus package using Kubectl.

1. List the available Prometheus package versions in the repository.

   kubectl get packages -n tkg-system
   

   The most current version is prometheus.tanzu.vmware.com.2.37.0+vmware.3-tkg.1.

2. Create the Prometheus namespace.

   kubectl create ns prometheus-monitoring
   

3. Create prometheus-data-values.yaml.

   Start by copying the contents from prometheus-data-values.yaml. Update values accordingly. See Prometheus with Alertmanager Components, Configuration, Data Values.

4. Create the secret named prometheus-data-values using the prometheus-data-values.yaml file as input.

   Note: Because prometheus-data-values is large, it is less error prone to create the secret separately rather than try to include it in the Prometheus specification.

   kubectl create secret generic prometheus-data-values --from-file=values.yaml=prometheus-data-values.yaml -n tkg-system
   

   secret/prometheus-data-values created
   

5. Verify the secret.

   kubectl get secrets -A
   

   kubectl describe secret prometheus-data-values -n tkg-system
   

6. Customize the prometheus-data-values as needed for your environment.

   Refer to Prometheus with Alertmanager Components, Configuration, Data Values.

   If you update the data values, update the secret with the following command.

   kubectl create secret generic prometheus-data-values --from-file=values.yaml=prometheus-data-values.yaml -n tkg-system -o yaml --dry-run=client | kubectl replace -f-
   

   secret/prometheus-data-values replaced
   

7. Create the prometheus.yaml specification.

   The spec references the prometheus-data-values secret.

   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: prometheus-sa
     namespace: tkg-system
   ---
   # temp
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: prometheus-role-binding
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: cluster-admin
   subjects:
     - kind: ServiceAccount
       name: prometheus-sa
       namespace: tkg-system
   ---
   apiVersion: packaging.carvel.dev/v1alpha1
   kind: PackageInstall
   metadata:
     name: prometheus
     namespace: tkg-system
   spec:
     serviceAccountName: prometheus-sa
     packageRef:
       refName: prometheus.tanzu.vmware.com
       versionSelection:
         constraints: 2.37.0+vmware.3-tkg.1
     values:
     - secretRef:
         name: prometheus-data-values
   
   

8. Install the Prometheus package.

   kubectl apply -f prometheus.yaml
   

   serviceaccount/prometheus-sa created
   clusterrolebinding.rbac.authorization.k8s.io/prometheus-role-binding created
   packageinstall.packaging.carvel.dev/prometheus created
   

9. Verify Prometheus installation.

   kubectl get all -n prometheus-monitoring
   

    kubectl get all -n prometheus-monitoring
   NAME                                                 READY   STATUS    RESTARTS   AGE
   pod/alertmanager-757ffd8c6c-97kqd                    1/1     Running   0          87s
   pod/prometheus-kube-state-metrics-67b965c5d8-8mf4k   1/1     Running   0          87s
   pod/prometheus-node-exporter-4spk9                   1/1     Running   0          87s
   pod/prometheus-node-exporter-6k2rh                   1/1     Running   0          87s
   pod/prometheus-node-exporter-7z9s8                   1/1     Running   0          87s
   pod/prometheus-node-exporter-9d6ss                   1/1     Running   0          87s
   pod/prometheus-node-exporter-csbwc                   1/1     Running   0          87s
   pod/prometheus-node-exporter-qdb72                   1/1     Running   0          87s
   pod/prometheus-pushgateway-dff459565-wfrz5           1/1     Running   0          86s
   pod/prometheus-server-56c68567f-bjcn5                2/2     Running   0          87s
   
   NAME                                    TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
   service/alertmanager                    ClusterIP   10.109.54.17     <none>        80/TCP          88s
   service/prometheus-kube-state-metrics   ClusterIP   None             <none>        80/TCP,81/TCP   88s
   service/prometheus-node-exporter        ClusterIP   10.104.132.133   <none>        9100/TCP        88s
   service/prometheus-pushgateway          ClusterIP   10.109.80.171    <none>        9091/TCP        88s
   service/prometheus-server               ClusterIP   10.103.252.220   <none>        80/TCP          87s
   
   NAME                                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
   daemonset.apps/prometheus-node-exporter   6         6         6       6            6           <none>          88s
   
   NAME                                            READY   UP-TO-DATE   AVAILABLE   AGE
   deployment.apps/alertmanager                    1/1     1            1           88s
   deployment.apps/prometheus-kube-state-metrics   1/1     1            1           88s
   deployment.apps/prometheus-pushgateway          1/1     1            1           87s
   deployment.apps/prometheus-server               1/1     1            1           88s
   
   NAME                                                       DESIRED   CURRENT   READY   AGE
   replicaset.apps/alertmanager-757ffd8c6c                    1         1         1       88s
   replicaset.apps/prometheus-kube-state-metrics-67b965c5d8   1         1         1       88s
   replicaset.apps/prometheus-pushgateway-dff459565           1         1         1       87s
   replicaset.apps/prometheus-server-56c68567f                1         1         1       88s
   

   kubectl get pvc -n prometheus-monitoring
   NAME                STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS             AGE
   alertmanager        Bound    pvc-5781956b-abc4-4646-b54c-a3eda1bf140c   2Gi        RWO            vsphere-default-policy   53m
   prometheus-server   Bound    pvc-9d45d7cb-6754-40a6-a4b6-f47cf6c949a9   20Gi       RWO            vsphere-default-policy   53m
   

10. Launch the Prometheus web interface.

    kubectl get httpproxy -n prometheus-monitoring
    

    NAME                   FQDN                      TLS SECRET       STATUS   STATUS DESCRIPTION
    prometheus-httpproxy   prometheus.system.tanzu   prometheus-tls   valid    Valid  HTTPProxy
    

    The FQDN should be available at the public IP address for the Envoy service. See Install Contour Using Kubectl.

Access the Prometheus Dashboard

Once Prometheus is installed, complete the following steps to access the Prometheus dashboard.

1. Ensure that the ingress section of the prometheus-data-values.yaml file is populated with all required fields.

   ingress:
     enabled: true
     virtual_host_fqdn: "prometheus.system.tanzu"
     prometheus_prefix: "/"
     alertmanager_prefix: "/alertmanager/"
     prometheusServicePort: 80
     alertmanagerServicePort: 80
     #! [Optional] The certificate for the ingress if you want to use your own TLS certificate.
     #! We will issue the certificate by cert-manager when it's empty.
     tlsCertificate:
       #! [Required] the certificate
       tls.crt:
       #! [Required] the private key
       tls.key:
       #! [Optional] the CA certificate
       ca.crt:
   

2. Get the public (external) IP address of the Contour with Envoy load balancer.

   See Install Contour Using Kubectl.

3. Create a DNS record that maps the Prometheus FQDN you used (default is prometheus.system.tanzu) to the IP address of the Envoy load balancer.

4. Access the Prometheus dashboard by navigating to the Prometheus FQDN using a browser.