Monitoring the Webhook with Grafana and Prometheus
To monitor the webhook with Prometheus and Grafana, complete the following steps.
Prerequisites
- An already deployed and configured mutating webhook. For details, see Secret injection webhook.
Steps
-
Install the Prometheus Operator Bundle:
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/master/bundle.yaml
-
Install the webhook with monitoring and Prometheus Operator ServiceMonitor enabled:
helm upgrade --wait --install vault-secrets-webhook \ oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-webhook \ --namespace vault-infra \ --set metrics.enabled=true \ --set metrics.serviceMonitor.enabled={}
-
Create a Prometheus instance which monitors the components of Bank-Vaults:
kubectl apply -f https://raw.githubusercontent.com/bank-vaults/vault-operator/main/test/prometheus.yaml
-
Create a Grafana instance and expose it:
kubectl create deployment grafana --image grafana/grafana kubectl expose deployment grafana --port 3000 --type LoadBalancer
-
Fetch the external IP address of the Grafana instance, and open it in your browser on port 3000.
kubectl get service grafana
-
Create a Prometheus Data Source in this Grafana instance which grabs data from http://prometheus-operated:9090/.
-
Import the Kubewebhook admission webhook dashboard to Grafana (created by Xabier Larrakoetxea).
-
Select the previously created Data Source to feed this dashboard.
Last modified September 29, 2024: chore(deps): Bump actions/checkout from 4.1.7 to 4.2.0 (#242) (3c174cd)