Prometheus

In a containerized deployment, Prometheus is configured and run from a Prometheus image.

Configuring Prometheus

Prometheus is configured by the prometheus.yml file. A prometheus.yml template is shipped with the product.

To modify the prometheus.yml, you can modify the template inside your configuration folder.

For more information about the file, see Configuration file.

Running a Prometheus container

A Prometheus container uses a Prometheus image maintained by i2 Group on Docker Hub.

The container will run with a User ID and Group ID of 1000. All files in mounted directories will be created with these IDs. If files are manipulated externally these IDs must be retained or the container will not function correctly.

For more information about the command, see docker run reference.

Docker run command

The following docker run command runs a Prometheus container:

docker run -d \
   --name "prometheus" \
   --net "eia" \
   --net-alias "prometheus.eia" \
    -p "9090:9090" \
    -v "/home/<user-name>/analyze-deployment-tooling/examples/pre-prod/prometheus/web-config.yml:/etc/prometheus/web-config.yml" \
    -v "/home/<user-name>/analyze-deployment-tooling/examples/pre-prod/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml" \
    -v "prometheus_data:/prometheus" \
    -v "/environment-secrets/simulated-secret-store/prometheus:/run/secrets" \
    "i2group/i2eng-prometheus:2.40"

For an example of the docker run command, see utils/server_functions.sh script. The run_prometheus function does not take any arguments.

Storage

A named volume or a bind mount can be used to persist data and logs that are generated and used in the Prometheus container.

To configure the Prometheus container to use the volume, specify the -v option with the name of the volume and the path where the directory is mounted in the container. By setting -v option in the docker run command, a named volume is created. For Prometheus, the directory that must be mounted is /prometheus. For example:

-v prometheus_data:/prometheus \
-v /environment-secrets/simulated-secret-store/prometheus:/run/secrets

For more information, see Volumes & bind mount.

Secrets:
A directory that contains all of the secrets that this tool requires. Specifically this includes credentials to access liberty and certificates used in SSL.
The directory is mounted to /run/secrets inside the container. In a production environment, the orchestration environment needs to provide the secrets to the file system. The mechanism that is used here simulates the orchestration system providing the secrets as files.

Liberty authentication

The prometheus.yml file contains a scrape config section with the user, password and certificates to communicate with Liberty. In our example the job name is liberty and the user Jenny is the administrator.

For more information about configuring Prometheus to scrape targets, see <scrape_config>

Prometheus SSL

The web-config.yml file contains the configuration to secure Prometheus.

For more information about configuring HTTPS and authentication in Prometheus, see HTTPS and authentication.

Environment variables

The following table describes the supported environment variables that you can use:

Environment variable	Description
`PROMETHEUS_USERNAME`	The Prometheus username.
`PROMETHEUS_PASSWORD`	The password used by the Prometheus user.
`LIBERTY_ADMIN_USERNAME`	The user that is used to access Liberty.
`LIBERTY_ADMIN_PASSWORD`	The password for the Liberty user.
`LIBERTY_SCHEME`	The URL scheme used to connect to Liberty. E.g. `http` or `https`.
`PROMETHEUS_SCHEME`	The URL scheme used to connect to Prometheus. E.g. `http` or `https`.

Security environment variables:

Environment variable	Description
`SSL_PRIVATE_KEY`	See Secure Environment variables.
`SSL_CERTIFICATE`	See Secure Environment variables.
`SSL_CA_CERTIFICATE`	See Secure Environment variables.