DocumentationGrafana CloudMonitor infrastructureGrafana integrationsIntegrations referenceCert Manager

Cert Manager integration for Grafana Cloud

cert-manager is a native Kubernetes certificate management controller. It can help with issuing certificates from a variety of sources, such as Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair, or self signed.

This integration includes 4 useful alerts and 1 pre-built dashboard to help monitor and visualize Cert Manager metrics.

Before you begin

Cert-manager exposes a prometheus metrics endpoint that is enabled by default.

Install Cert Manager integration for Grafana Cloud

1. In your Grafana Cloud stack, click Connections in the left-hand menu.
2. Find Cert Manager and click its tile to open the integration.
3. Review the prerequisites in the Configuration Details tab and set up Grafana Agent to send Cert Manager metrics to your Grafana Cloud instance.
4. Click Install to add this integration’s pre-built dashboard and alerts to your Grafana Cloud instance, and you can start monitoring your Cert Manager setup.

Configuration snippets for Grafana Alloy

Simple mode

These snippets are configured to scrape a single Cert Manager instance running locally with default ports.

First, manually copy and append the following snippets into your alloy configuration file.

Metrics snippets

alloy Copy

discovery.relabel "metrics_integrations_integrations_cert_manager" {
	targets = [{
		__address__ = "localhost:9402",
	}]

	rule {
		target_label = "instance"
		replacement  = constants.hostname
	}
}

prometheus.scrape "metrics_integrations_integrations_cert_manager" {
	targets    = discovery.relabel.metrics_integrations_integrations_cert_manager.output
	forward_to = [prometheus.remote_write.metrics_service.receiver]
	job_name   = "integrations/cert-manager"
}

Advanced mode

The following snippets provide examples to guide you through the configuration process.

To instruct Grafana Alloy to scrape your Cert Manager instances, manually copy and append the snippets to your alloy configuration file, then follow subsequent instructions.

Advanced metrics snippets

alloy Copy

discovery.relabel "metrics_integrations_integrations_cert_manager" {
	targets = [{
		__address__ = "localhost:9402",
	}]

	rule {
		target_label = "instance"
		replacement  = constants.hostname
	}
}

prometheus.scrape "metrics_integrations_integrations_cert_manager" {
	targets    = discovery.relabel.metrics_integrations_integrations_cert_manager.output
	forward_to = [prometheus.remote_write.metrics_service.receiver]
	job_name   = "integrations/cert-manager"
}

To monitor your Cert Manager instance, you must use a discovery.relabel component to discover your Cert Manager Prometheus endpoint and apply appropriate labels, followed by a prometheus.scrape component to scrape it.

Configure the following properties within each discovery.relabel component:

• __address__: The address to your Cert Manager Prometheus metrics endpoint.
• instance label: constants.hostname sets the instance label to your Grafana Alloy server hostname. If that is not suitable, change it to a value uniquely identifies this Cert Manager instance.

If you have multiple Cert Manager servers to scrape, configure one discovery.relabel for each and scrape them by including each under targets within the prometheus.scrape component.

Grafana Agent static configuration (deprecated)

The following section shows configuration for running Grafana Agent in static mode which is deprecated. You should use Grafana Alloy for all new deployments.

Instructions for Grafana Agent static

Dashboards

The Cert Manager integration installs the following dashboards in your Grafana Cloud instance to help monitor your system.

• Cert Manager

Alerts

The Cert Manager integration includes the following useful alerts:

cert-manager

certificates

Metrics

The most important metrics provided by the Cert Manager integration, which are used on the pre-built dashboard and Prometheus alerts, are as follows:

• certmanager_certificate_expiration_timestamp_seconds
• certmanager_certificate_ready_status
• certmanager_clock_time_seconds
• certmanager_controller_sync_call_count
• certmanager_http_acme_client_request_count
• certmanager_http_acme_client_request_duration_seconds_count
• certmanager_http_acme_client_request_duration_seconds_sum
• container_cpu_cfs_periods_total
• container_cpu_cfs_throttled_periods_total
• container_cpu_usage_seconds_total
• container_memory_usage_bytes
• container_network_receive_bytes_total
• container_network_transmit_bytes_total
• kube_pod_container_resource_limits_cpu_cores
• kube_pod_container_resource_limits_memory_bytes
• kube_pod_container_resource_requests_cpu_cores
• kube_pod_container_resource_requests_memory_bytes
• up

Changelog

md Copy

# 1.0.0 - February 2024

* Update mixin to replace all Angular panels with React based panels.

# 0.0.5 - September 2023

* New Filter Metrics option for configuring the Grafana Agent, which saves on metrics cost by dropping any metric not used by this integration. Beware that anything custom built using metrics that are not on the snippet will stop working.
* New hostname relabel option, which applies the instance name you write on the text box to the Grafana Agent configuration snippets, making it easier and less error prone to configure this mandatory label.

# 0.0.4 - March 2023

* Enable cluster template variable
* Add support for kubernetes via Grafana Agent Operator

# 0.0.3 - June 2022

* Unify job name across instructions and alert definition

# 0.0.2 - October 2021

* Update to latest upstream mixin
* Update all rate queries to use `$__rate_interval`, so they respect the default resolution

# 0.0.1 - January 2021

* Initial release

Cost

By connecting your Cert Manager instance to Grafana Cloud, you might incur charges. To view information on the number of active series that your Grafana Cloud account uses for metrics included in each Cloud tier, see Active series and dpm usage and Cloud tier pricing.