diff --git a/designs/expose-metrics.md b/designs/expose-metrics.md index 0fb8b41b29d6..b1974f7449ef 100644 --- a/designs/expose-metrics.md +++ b/designs/expose-metrics.md @@ -28,6 +28,7 @@ Exposing metrics securely for the following components: * kube-controller-manager * kube-scheduler * kube-proxy +* etcd 2. EKS Anywhere components @@ -149,6 +150,13 @@ data: default_backend kube-scheduler backend kube-scheduler server kube-scheduler 127.0.0.1:10259 ssl verify none check + + frontend etcd + bind \${NODE_IP}:2381 + http-request deny if !{ path /metrics } + default_backend etcd + backend etcd + server etcd 127.0.0.1:2381 check ``` 4. Create a Daemonset object to deploy the proxy so that metrics are exposed on all the nodes @@ -192,6 +200,8 @@ spec: containerPort: 10257 - name: kube-scheduler containerPort: 10259 + - name: etcd + containerPort: 2381 volumeMounts: - mountPath: "/usr/local/etc/haproxy" name: haproxy-config diff --git a/designs/images/expose-metrics.png b/designs/images/expose-metrics.png index 7bb1f8ddec65..6fe4889c193b 100644 Binary files a/designs/images/expose-metrics.png and b/designs/images/expose-metrics.png differ diff --git a/docs/content/en/docs/clustermgmt/observability/expose-metrics.md b/docs/content/en/docs/clustermgmt/observability/expose-metrics.md index a1951b2258cc..b055d27857b9 100644 --- a/docs/content/en/docs/clustermgmt/observability/expose-metrics.md +++ b/docs/content/en/docs/clustermgmt/observability/expose-metrics.md @@ -7,7 +7,7 @@ description: > Expose metrics for EKS Anywhere components --- -Some Kubernetes system components like kube-controller-manager, kube-scheduler and kube-proxy expose metrics only on the localhost by default. In order to expose metrics for these components so that other monitoring systems like Prometheus can scrape them, you can deploy a proxy as a Daemonset on the host network of the nodes. The proxy pods also need to be configured with control plane tolerations so that they can be scheduled on the control plane nodes. +Some Kubernetes system components like kube-controller-manager, kube-scheduler, kube-proxy and etcd (Stacked) expose metrics only on the localhost by default. In order to expose metrics for these components so that other monitoring systems like Prometheus can scrape them, you can deploy a proxy as a Daemonset on the host network of the nodes. The proxy pods also need to be configured with control plane tolerations so that they can be scheduled on the control plane nodes. For Unstacked/External etcd, metrics are already exposed on `https://:2379/metrics` endpoint and can be scraped by Prometheus directly without deploying anything. ### Configure Proxy @@ -51,6 +51,13 @@ To configure a proxy for exposing metrics on an EKS Anywhere cluster, you can pe default_backend kube-scheduler backend kube-scheduler server kube-scheduler 127.0.0.1:10259 ssl verify none check + + frontend etcd + bind \${NODE_IP}:2381 + http-request deny if !{ path /metrics } + default_backend etcd + backend etcd + server etcd 127.0.0.1:2381 check EOF ``` @@ -93,6 +100,8 @@ To configure a proxy for exposing metrics on an EKS Anywhere cluster, you can pe containerPort: 10257 - name: kube-scheduler containerPort: 10259 + - name: etcd + containerPort: 2381 volumeMounts: - mountPath: "/usr/local/etc/haproxy" name: haproxy-config @@ -172,4 +181,5 @@ To configure a proxy for exposing metrics on an EKS Anywhere cluster, you can pe curl -H "Authorization: Bearer ${TOKEN}" "http://${NODE_IP}:10257/metrics" curl -H "Authorization: Bearer ${TOKEN}" "http://${NODE_IP}:10259/metrics" curl -H "Authorization: Bearer ${TOKEN}" "http://${NODE_IP}:10249/metrics" + curl -H "Authorization: Bearer ${TOKEN}" "http://${NODE_IP}:2381/metrics" ``` \ No newline at end of file