How to configure the Prometheus exporter for SUSE NeuVector

This document (000021217) is provided subject to the disclaimer at the end of this document.

Situation

Since Prometheus is the most used monitoring system on Kubernetes, it’s essential to know how to get NeuVector to send metrics to it.

The Prometheus exporter is the object used for exporting existing metrics from third-party systems as Prometheus metrics.

NeuVector's Prometheus Exporter is available here.

Resolution

Download repository

git clone git@github.com:neuvector/prometheus-exporter.git

Pay attention to:

./prometheus-exporter/nv_exporter.yml
1. Namespace -> The default configured namespace is neuvector, so replace it with the correct namespace where you installed NeuVector if it doesn’t match (lines 5 and 20).
2. CTRL_API_SERVICE environment variable -> As with the previous point, if the namespace is different, the DNS name of the neuvector-svc-controller service also changes (line 37).
Example:

            - name: CTRL_API_SERVICE
              value: neuvector-svc-controller.<NAMESPACE_WHERE_NV_HAS_BEEN_INSTALLED>:10443

3. CTRL_PASSWORD environment variable -> Replace the value with your NeuVector Admin password (line 41).
4. ENFORCER_STATS environment variable -> Add this environment variable with the value true if you want to collect Enforcers metrics.
Example:

            - name: ENFORCER_STATS
              value: "true"

NB: If you want to create the variables described above as configMap or Secret, use the file ./prometheus-exporter/nv_exporter_secret.yml.

./prometheus-exporter/prom-config.yml
1. Namespace -> If the namespace used for installing NeuVector differs from neuvector, change the target of the nv-exporter scrape job (line 9).
Example:

        - targets: ["neuvector-svc-prometheus-exporter. <NAMESPACE_WHERE_NV_HAS_BEEN_INSTALLED>:8068"]


./prometheus-exporter/prometheus.yml
1. This file is only needed if a Prometheus has not already been installed in NeuVector's cluster.
2. Namespace -> The default configured namespace is default, so replace it with the correct namespace where you want to install Prometheus (lines 5 and 34).

Install NV Prometheus exporter

kubectl create -f ./prometheus-exporter/nv_exporter.yml
kubectl create cm prometheus-cm --from-file ./prometheus-exporter/prom-config.yml
kubectl create -f ./prometheus-exporter/prometheus.yml

Refer here.

Get all NeuVector (nv) metrics from Prometheus API

kubectl -n <NAMESPACE_WHERE_PROMETHEUS_HAS_BEEN_INSTALLED > exec -it prometheus-deployment-<DEPLOYMENT_HASH> -- wget -q -O - localhost:9090/api/v1/label/__name__/values | jq -r ".data[]" | sort | grep -i nv

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021217
  • Creation Date: 28-Sep-2023
  • Modified Date:18-Oct-2023
    • SUSE NeuVector

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center