This repo contains helm charts to deploy Prometheus and Grafana to your
Kubernetes cluster. The Prometheus helm chart deploys the node_exporter
and
kube-state-metrics
to expose cluster metrics. The Grafana helm chart comes
with useful dashboards preconfigured. It also contains Pod Security Policies
and is intended to work with no additional configuration for version of
Pivotal Container Services 1.4+. It will also work with clusters from all
major cloud providers.
The following commands may need to be executed for helm to function correctly.
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule \
--clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller
cd ~/workspace/charts-grafana
helm install . --name cluster-health --namespace observability
Grafana
- Retrieve the grafana dashboard password by running the following
# Assuming you are on a Mac OSX kubectl get secret cluster-health-grafana --namespace observability --output json | jq -r '.data."admin-password"' | base64 --decode
- Create the port forward to the Grafana dashboard
kubectl port-forward deployment/cluster-health-grafana 3000:3000 --namespace observability
- Open your browser window and go to http://localhost:3000
- Enter the username
admin
and the previously retrieved password.
Prometheus
- Create the port forward to the Prometheus dashboard
kubectl port-forward deployment/cluster-health-prometheus-server 9090:9090 --namespace observability
- Open your browser window and go to http://localhost:9090
Prometheus includes a few deployments, such as the prometheus server, alertmanager, node exporter daemonset, and kube-state-metrics. Grafana includes a deployment as well. You should consider this when deploying this chart and sizing your cluster.
The chart has PodSecurityPolicy
enabled by default. See here for more
information.
The grafana deployment uses PodSecurityContext to configure the grafana
container to run with user id 472. This means that the grafana deployment
will fail on any cluster with SecurityContextDeny
enabled.