Skip to main content
Version: v2.5

Enable Monitoring

As an administrator or cluster owner, you can configure Rancher to deploy Prometheus to monitor your Kubernetes cluster.

This page describes how to enable monitoring and alerting within a cluster using the new monitoring application.

You can enable monitoring with or without SSL.

Requirements

  • Make sure that you are allowing traffic on port 9796 for each of your nodes because Prometheus will scrape metrics from here.
  • Make sure your cluster fulfills the resource requirements. The cluster should have at least 1950Mi memory available, 2700m CPU, and 50Gi storage. A breakdown of the resource limits and requests is here.
  • When installing monitoring on an RKE cluster using RancherOS or Flatcar Linux nodes, change the etcd node certificate directory to /opt/rke/etc/kubernetes/ssl.
  • For clusters provisioned with the RKE CLI and the address is set to a hostname instead of an IP address, set rkeEtcd.clients.useLocalhost to true during the Values configuration step of the installation. The YAML snippet will look like the following:
rkeEtcd:
  clients:
    useLocalhost: true

Note: If you want to set up Alertmanager, Grafana or Ingress, it has to be done with the settings on the Helm chart deployment. It's problematic to create Ingress outside the deployment.

Setting Resource Limits and Requests

The resource requests and limits can be configured when installing rancher-monitoring. To configure Prometheus resources from the Rancher UI, click Apps & Marketplace > Monitoring in the upper left corner.

For more information about the default limits, see this page.

Install the Monitoring Application

Enable Monitoring for use without SSL

  1. In the Rancher UI, go to the cluster where you want to install monitoring and click Cluster Explorer.
  2. Click Apps.
  3. Click the rancher-monitoring app.
  4. Optional: Click Chart Options and configure alerting, Prometheus and Grafana. For help, refer to the configuration reference.
  5. Scroll to the bottom of the Helm chart README and click Install.

Result: The monitoring app is deployed in the cattle-monitoring-system namespace.

Enable Monitoring for use with SSL

  1. Follow the steps on this page to create a secret in order for SSL to be used for alerts.
  • The secret should be created in the cattle-monitoring-system namespace. If it doesn't exist, create it first.
  • Add the ca, cert, and key files to the secret.
  1. In the Rancher UI, go to the cluster where you want to install monitoring and click Cluster Explorer.
  2. Click Apps.
  3. Click the rancher-monitoring app.
  4. Click Alerting.
  5. Click Additional Secrets and add the secrets created earlier.

Result: The monitoring app is deployed in the cattle-monitoring-system namespace.

When creating a receiver, SSL-enabled receivers such as email or webhook will have a SSL section with fields for CA File Path, Cert File Path, and Key File Path. Fill in these fields with the paths to each of ca, cert, and key. The path will be of the form /etc/alertmanager/secrets/name-of-file-in-secret.

For example, if you created a secret with these key-value pairs:

ca.crt=`base64-content`
cert.pem=`base64-content`
key.pfx=`base64-content`

Then Cert File Path would be set to /etc/alertmanager/secrets/cert.pem.