Skip to main content

Prometheus

Prometheus is an open-source software application used for event monitoring and alerting. It records real-time metrics in a time series database built using an HTTP pull model, with flexible query language and real-time alerting.

Scope of Support

Currently, Prometheus integration supports Agent configuration only.

Authentication

Prometheus does not provide an authentication layer, the Nobl9 Agent only collects the URL for the Prometheus integration definition. Authentication is up to the user. Operators are expected to run an authenticating reverse proxy in front of their services, such as NGINX using basic auth or an OAuth2 proxy.

URL

Prometheus Agent makes requests to Range Queries | Prometheus Documentation API endpoint in the form /api/v1/query_range. For example:

GET /api/v1/query_range
POST /api/v1/query_range

Hence, do not include the above API path in the URL. Specify only the base URL for the Prometheus server. For example, if your Prometheus server is available under <http://prometheus.example.com> and you access API via <http://prometheus.example.com/api/v1>, use only <http://prometheus.example.com>.

Other APIs or Web UIs have similar path endings, which should also be omitted, for example, the /graph part of the path.

The Prometheus integration does not integrate directly with data exposed from services in the Prometheus Format | Prometheus Documentation, usually under /metrics path. Do not set the URL to metrics exposed directly from such a service.

Authenticating Prometheus Agent with the basic_auth Proxy

Since Prometheus does not provide an authentication layer, the authentication method is up to the users. Normally, Loki's users are expected to run an authenticating reverse proxy in front of their services, such as NGINX using basic_auth proxy.

If that's the method you use, the Nobl9 Agent version equal to or higher than 0.40.0, allows you to send an additional Authorization request header with the basic_auth. Refer to the section below for more details.

Authenticating Prometheus Agent with the bearer_token Method

You can also choose to authenticate the Nobl9 Prometheus Agent with bearer_token. If you choose this method, you need to specify the variables for AUTH_METHOD and BEARER_TOKEN when deploying your Prometheus agent in Docker or Kubernetes. Refer to the section below for more details.

Adding Prometheus as a Data Source in the UI

To add Prometheus as a data source in Nobl9 using the Agent connection method, follow these steps:

  1. Navigate to Integrations > Sources.
  2. Click the button.
  3. Click the relevant Source icon.
  4. Choose a relevant connection method (Agent or Direct), then configure the source as described below.

Prometheus Agent

Agent Configuration in the UI

Follow the instructions below to create your Prometheus Agent connection:

  1. Add the URL to connect to your data source (mandatory).
    Refer to the Authentication section for more details.
  1. Select a Project.
    Specifying a Project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank then object is assigned to project default.
  2. Enter a Display Name.
    You can enter a friendly name with spaces in this field.
  3. Enter a Name.
    The name is mandatory and can only contain lowercase, alphanumeric characters and dashes (for example, my-project-name). This field is populated automatically when you enter a display name, but you can edit the result.
  4. Enter a Description.
    Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it.
  5. Enter a Maximum Period for Historical Data Retrieval.
    • This value defines how far back in the past your data will be retrieved.
    • The value for the Maximum period of data retrieval depends on the Source. Check the Replay documentation for details.
    • Entering a more extended Period might slow down the loading time when creating an SLO.
      • The value must be a positive integer.
  6. Enter a Default Period for Historical Data Retrieval.
    • It is the Period that will be used by the SLO connected to this data source.
    • The value must be a positive integer or 0.
    • By default, this value is set to 0. If you set it to >0, you will create an SLO with Replay.
  7. Click the Add Data Source button.

Agent Using CLI - YAML

The YAML for setting up an Agent connection to Prometheus looks like this:

apiVersion: n9/v1alpha
kind: Agent
metadata:
name: prometheus-agent
displayName: Prometheus Agent # optional
project: default
spec:
description: Agent settings for Prometheus datasource # optional
sourceOf:
- Metrics
- Services
prometheus:
url: http://prometheus.example.com
historicalDataRetrieval:
maxDuration:
value: 30 # integer greater than or equal to 0
unit: Day # accepted values: Minute, Hour, Day
defaultDuration: # value must be less than or equal to value of maxDuration
value: 0 # integer greater than or equal to 0
unit: Day # accepted values: Minute, Hour, Day

Important notes:

Agent specification for Prometheus has one field:

warning

You can deploy only one Agent in one YAML file by using the sloctl apply command.

Deploying Prometheus Agent

When you add the data source, Nobl9 automatically generates a Kubernetes configuration and a Docker command line for you to use to deploy the Agent. Both of these are available in the web UI, under the Agent Configuration section. Be sure to swap in your credentials.

If you use Kubernetes, you can apply the supplied YAML config file to a Kubernetes cluster to deploy the Agent. It will look something like this:

# DISCLAIMER: This deployment description contains only the fields necessary for the purpose of this demo.
# It is not a ready-to-apply k8s deployment description, and the client_id and client_secret are only exemplary values.

apiVersion: v1
kind: Secret
metadata:
name: nobl9-agent-nobl9-dev-default-name
namespace: default
type: Opaque
stringData:
client_id: "unique_client_id"
client_secret: "unique_client_secret"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nobl9-agent-nobl9-dev-default-name
namespace: default
spec:
replicas: 1
selector:
matchLabels:
nobl9-agent-name: "prometheus-agent"
nobl9-agent-project: "default"
nobl9-agent-organization: "nobl9-dev"
template:
metadata:
labels:
nobl9-agent-name: "prometheus-agent"
nobl9-agent-project: "default"
nobl9-agent-organization: "nobl9-dev"
spec:
containers:
- name: agent-container
image: nobl9/agent:latest
resources:
requests:
memory: "350Mi"
cpu: "0.1"
env:
- name: N9_CLIENT_ID
valueFrom:
secretKeyRef:
key: client_id
name: nobl9-agent-nobl9-dev-default-name
- name: N9_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client_secret
name: nobl9-agent-nobl9-dev-default-name
# The N9_METRICS_PORT is a variable specifying the port to which the /metrics and /health endpoints are exposed.
# The 9090 is the default value and can be changed.
# If you don’t want the metrics to be exposed, comment out or delete the N9_METRICS_PORT variable.
- name: N9_METRICS_PORT
value: "9090"

Deploying Prometheus Agent with basic_auth Method

To enable basic auth for an Agent it is needed to pass optional environmental variables to an Agent:

  • AUTH_METHOD: basic_auth - is a fixed value but it must be passed to let know Agent that basic_auth will be used.

    • USERNAME: REDACTED - username for basic_auth.

    • PASSWORD: REDACTED - password for basic_auth.

If you use Kubernetes, you can apply the supplied YAML config file to a Kubernetes cluster to deploy the Agent using basic_auth method. It will look something like this:

# DISCLAIMER: This deployment description contains only the fields necessary for the purpose of this demo.
# It is not a ready-to-apply k8s deployment description, and the client_id and client_secret are only exemplary values.

apiVersion: v1
kind: Secret
metadata:
name: nobl9-agent-nobl9-dev-stable-prometheus
namespace: default
type: Opaque
stringData:
client_id: "REDACTED"
client_secret: "REDACTED"
basic_auth_username: "REDACTED"
basic_auth_password: "REDACTED"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nobl9-agent-nobl9-dev-stable-prometheus
namespace: default
spec:
replicas: 1
selector:
matchLabels:
nobl9-agent-name: "prometheus"
nobl9-agent-project: "prometheus"
nobl9-agent-organization: "nobl9-dev-stable"
template:
metadata:
labels:
nobl9-agent-name: "prometheus"
nobl9-agent-project: "prometheus"
nobl9-agent-organization: "nobl9-dev-stable"
spec:
containers:
- name: agent-container
image: nobl9/agent:latest
resources:
requests:
memory: "350Mi"
cpu: "0.1"
env:
- name: N9_CLIENT_ID
valueFrom:
secretKeyRef:
key: client_id
name: nobl9-agent-nobl9-dev-stable-prometheus
- name: N9_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client_secret
name: nobl9-agent-nobl9-dev-stable-prometheus
- name: AUTH_METHOD
value: "basic_auth"
- name: USERNAME
valueFrom:
secretKeyRef:
key: basic_auth_username
name: nobl9-agent-nobl9-dev-prometheus-with-basic-auth
- name: PASSWORD
valueFrom:
secretKeyRef:
key: basic_auth_password
name: nobl9-agent-nobl9-dev-prometheus-with-basic-auth
# The N9_METRICS_PORT is a variable specifying the port to which the /metrics and /health endpoints are exposed.
# The 9090 is the default value and can be changed.
# If you don’t want the metrics to be exposed, comment out or delete the N9_METRICS_PORT variable.
- name: N9_METRICS_PORT
value: "9090"

Deploying Prometheus Agent with bearer_token Method

If you use Kubernetes, you can apply the supplied YAML config file to a Kubernetes cluster to deploy the Agent using bearer_token method. It will look something like this:

# DISCLAIMER: This deployment description contains only the fields necessary for the purpose of this demo.
# It is not a ready-to-apply k8s deployment description, and the client_id and client_secret are only exemplary values.

apiVersion: v1
kind: Secret
metadata:
name: nobl9-agent-nobl9-dev-stable-prometheus
namespace: default
type: Opaque
stringData:
client_id: "REDACTED"
client_secret: "REDACTED"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nobl9-agent-nobl9-dev-stable-prometheus
namespace: default
spec:
replicas: 1
selector:
matchLabels:
nobl9-agent-name: "prometheus"
nobl9-agent-project: "prometheus"
nobl9-agent-organization: "nobl9-dev-stable"
template:
metadata:
labels:
nobl9-agent-name: "prometheus"
nobl9-agent-project: "prometheus"
nobl9-agent-organization: "nobl9-dev-stable"
spec:
containers:
- name: agent-container
image: nobl9/agent:latest
resources:
requests:
memory: "350Mi"
cpu: "0.1"
env:
- name: N9_CLIENT_ID
valueFrom:
secretKeyRef:
key: client_id
name: nobl9-agent-nobl9-dev-stable-prometheus
- name: N9_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client_secret
name: nobl9-agent-nobl9-dev-stable-prometheus
- name: AUTH_METHOD
value: "bearer_token"
- name: BEARER_TOKEN
value: "/path/to/file"
# The N9_METRICS_PORT is a variable specifying the port to which the /metrics and /health endpoints are exposed.
# The 9090 is the default value and can be changed.
# If you don’t want the metrics to be exposed, comment out or delete the N9_METRICS_PORT variable.
- name: N9_METRICS_PORT
value: "9090"

Creating SLOs with Prometheus

Creating SLOs in the UI

Follow the instructions below to create your SLOs with Prometheus in the UI:

  1. Navigate to Service Level Objectives.

  2. Click the button.
  3. In step 1 of the SLO wizard, select the Service the SLO will be associated with.

  4. In step 2, select Prometheus as the Data Source for your SLO, then specify the Metric. You can choose either a Threshold Metric, where a single time series is evaluated against a threshold or a Ratio Metric, which allows you to enter two time series to compare (for example, a count of good requests and total requests).

    note

    For the Ratio Metric, you can choose the Data Count Method:

    • For the Non-incremental method, we expect it to be the components of the sum.
    • For the Incremental method, we expect the value of a metric to be the current sum of some numerator.

    For more information, refer to the SLO Calculations Guide.

  5. Enter a Query, or Good Query and Total Query for the metric you selected. The following are query examples:

    • Threshold metric for Prometheus:
      Query: myapp_server_requestMsec{host="*",job="nginx"}

    • Ratio metric for Prometheus:
      Good Query: sum(production_http_response_time_seconds_hist_bucket{method=~"GET|POST",status=~"2..|3..",le="1"})

      Total Query: sum(production_http_response_time_seconds_hist_bucket{method=~"GET|POST",le="+Inf"})

  6. In step 3, define a Time Window for the SLO.

  7. In step 4, specify the Error Budget Calculation Method and your Objective(s).

  8. In step 5, add a Name, Description, and other details about your SLO. You can also select Alert Policies and Labels on this screen.

  9. When you’re done, click Create SLO.

SLOs Using Prometheus - YAML samples

Here’s an example of Prometheus using a rawMetric (Threshold metric):

apiVersion: n9/v1alpha
kind: SLO
metadata:
displayName: prometheus-calendar-occurrences-threshold
name: prometheus-calendar-occurrences-threshold
project: my-prometheus
spec:
budgetingMethod: Occurrences
description: ""
indicator:
metricSource:
name: prometheus
service: my-prometheus-slo
objectives:
- target: 0.8
op: lte
rawMetric:
query:
prometheus:
promql: myapp_server_requestMsec{host="*",job="nginx"}
displayName: average
value: 200
- target: 0.5
op: lte
rawMetric:
query:
prometheus:
promql: myapp_server_requestMsec{host="*",job="nginx"}
displayName: so-so
value: 150
timeWindows:
- calendar:
startTime: "2020-11-14 11:00:00"
timeZone: Etc/UTC
count: 1
isRolling: false
unit: Day

Specification for metric from Prometheus always has one mandatory field:

  • promql – a Prometheus query in the language called PromQL | Prometheus Documentation (Prometheus Query Language) that lets the user select and aggregate time series data in real time.

Querying the Prometheus Server

The Nobl9 agent leverages the Prometheus API parameters. It pulls data at a per-minute interval from the Prometheus server.

Cortex Support with Nobl9 Prometheus Agent

Cortex | Cortex Documentation is a database based on Prometheus with compatible API. Therefore, it is possible to use Cortex with the Nobl9 Prometheus Agent.

Cortex cluster setup is out of the scope of this document and is described in the Cortex documentation. Cortex deployment can be simplified with the official Helm chart.

As described in Cortex Architecture | Cortex Documentation, Prometheus API is exposed by the Nginx under default address <http://cortex-nginx/prometheus.> This address can be used as Prometheus URL in the Agent configuration panel. The default Prometheus endpoint can be changed according to the API documentation | Cortex Documentation. In that case, the Agent needs to access the /api/v1/query_range endpoint.

Grafana Cloud Support with Nobl9 Prometheus Agent

Grafana Cloud is an observability platform that leverages Prometheus by directly interacting with the Prometheus HTTP API | Prometheus Documentation. Therefore, it is possible to use Grafana Cloud solution with the Nobl9 Prometheus Agent.

To use Grafana Cloud with Prometheus, you must authenticate your Prometheus Agent with the basic_auth proxy. Refer to the section above for more details.

As described in Analyzing metrics usage with the Prometheus API | Grafana Cloud Documentation, Prometheus API is exposed through the /api/prom/api/v1/query_range endpoint which is accessed by the Nobl9 agent.

To use Grafana Cloud with Nobl9, you need to append /api/prom/ to the end of the URL you configure your Grafana Source in the UI wizard for a regular Prometheus data integration. Thus, instead of http://HOST/, you need to enter http://HOST/api/prom/ in the Source Creation Wizard.

For more details, check Grafana Cloud Documentation.

Thanos Support with Nobl9 Prometheus Agent

Thanos is High Availability Prometheus setup and can be used with Nobl9 Prometheus Agent.

Thanos cluster setup is out of the scope of this document and is described in the Thanos Components Documentation.

Thanos exposes Prometheus API using Querier. Querier address must be used as Prometheus URL in Nobl9 Agent configuration.

Other

Setting up a Prometheus SLO with NOBL9 (video)

Agent Metrics | Nobl9 Documentation

Creating SLOs via Terraform | Nobl9 Terraform Documentation

Creating Agents via Terraform | Nobl9 Terraform Documentation