Prometheus
In a containerized deployment, Prometheus is configured and run from a Prometheus image.
Configuring Prometheus
Prometheus is configured by the prometheus.yml
file. A prometheus.yml
template is shipped with the product.
To modify the prometheus.yml
, you can modify the template inside your configuration folder.
For more information about the file, see Configuration file.
Running a Prometheus container
A Prometheus container uses a Prometheus image maintained by i2 Group on Docker Hub.
The container will run with a User ID and Group ID of 1000
. All files in mounted directories will be created with these IDs. If files are manipulated externally these IDs must be retained or the container will not function correctly.
For more information about the command, see docker run reference.
Docker run command
The following docker run
command runs a Prometheus container:
docker run -d \
--name "prometheus" \
--net "eia" \
--net-alias "prometheus.eia" \
-p "9090:9090" \
-v "/home/<user-name>/analyze-deployment-tooling/examples/pre-prod/prometheus/web-config.yml:/etc/prometheus/web-config.yml" \
-v "/home/<user-name>/analyze-deployment-tooling/examples/pre-prod/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml" \
-v "prometheus_data:/prometheus" \
-v "/environment-secrets/simulated-secret-store/prometheus:/run/secrets" \
"i2group/i2eng-prometheus:2.40"
For an example of the docker run
command, see utils/server_functions.sh
script. The run_prometheus
function does not take any arguments.
Storage
A named volume or a bind mount can be used to persist data and logs that are generated and used in the Prometheus container.
To configure the Prometheus container to use the volume, specify the -v
option with the name of the volume and the path where the directory is mounted in the container. By setting -v
option in the docker run command, a named volume is created. For Prometheus, the directory that must be mounted is /prometheus
.
For example:
-v prometheus_data:/prometheus \
-v /environment-secrets/simulated-secret-store/prometheus:/run/secrets
For more information, see Volumes & bind mount.
Secrets:
A directory that contains all of the secrets that this tool requires. Specifically this includes credentials to access liberty and certificates used in SSL.
The directory is mounted to /run/secrets
inside the container. In a production environment, the orchestration environment needs to provide the secrets to the file system. The mechanism that is used here simulates the orchestration system providing the secrets as files.
Liberty authentication
The prometheus.yml
file contains a scrape config section with the user, password and certificates to communicate with Liberty. In our example the job name is liberty
and the user Jenny
is the administrator.
For more information about configuring Prometheus to scrape targets, see <scrape_config>
Prometheus SSL
The web-config.yml
file contains the configuration to secure Prometheus.
For more information about configuring HTTPS and authentication in Prometheus, see HTTPS and authentication.
Environment variables
The following table describes the supported environment variables that you can use:
Environment variable | Description |
---|---|
PROMETHEUS_USERNAME |
The Prometheus username. |
PROMETHEUS_PASSWORD |
The password used by the Prometheus user. |
LIBERTY_ADMIN_USERNAME |
The user that is used to access Liberty. |
LIBERTY_ADMIN_PASSWORD |
The password for the Liberty user. |
LIBERTY_SCHEME |
The URL scheme used to connect to Liberty. E.g. http or https . |
PROMETHEUS_SCHEME |
The URL scheme used to connect to Prometheus. E.g. http or https . |
Security environment variables:
Environment variable | Description |
---|---|
SSL_PRIVATE_KEY |
See Secure Environment variables. |
SSL_CERTIFICATE |
See Secure Environment variables. |
SSL_CA_CERTIFICATE |
See Secure Environment variables. |