Grafana CloudMonitor infrastructureGrafana integrationsIntegrations referenceCert ManagerCert Manager integration for Grafana Cloud
cert-manager is a native Kubernetes certificate management controller. It can help with issuing certificates from a variety of sources, such as Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair, or self signed.
This integration includes 4 useful alerts and 1 pre-built dashboard to help monitor and visualize Cert Manager metrics.
Grafana Alloy configuration
Before you begin
Cert-manager exposes a prometheus metrics endpoint that is enabled by default.
Install Cert Manager integration for Grafana Cloud
- In your Grafana Cloud stack, click Connections in the left-hand menu.
- Find Cert Manager and click its tile to open the integration.
- Review the prerequisites in the Configuration Details tab and set up Grafana Agent to send Cert Manager metrics to your Grafana Cloud instance.
- Click Install to add this integration’s pre-built dashboard and alerts to your Grafana Cloud instance, and you can start monitoring your Cert Manager setup.
Configuration snippets for Grafana Alloy
Simple mode
These snippets are configured to scrape a single Cert Manager instance running locally with default ports.
Copy and paste the following snippets into your Grafana Alloy configuration file.
Metrics snippets
discovery.relabel "metrics_integrations_integrations_cert_manager" {
targets = [{
__address__ = "localhost:9402",
}]
rule {
target_label = "instance"
replacement = constants.hostname
}
}
prometheus.scrape "metrics_integrations_integrations_cert_manager" {
targets = discovery.relabel.metrics_integrations_integrations_cert_manager.output
forward_to = [prometheus.remote_write.metrics_service.receiver]
job_name = "integrations/cert-manager"
}Advanced mode
The following snippets provide examples to guide you through the configuration process.
To instruct Grafana Alloy to scrape your Cert Manager instances, copy and paste the snippets to your configuration file and follow subsequent instructions.
Advanced metrics snippets
discovery.relabel "metrics_integrations_integrations_cert_manager" {
targets = [{
__address__ = "localhost:9402",
}]
rule {
target_label = "instance"
replacement = constants.hostname
}
}
prometheus.scrape "metrics_integrations_integrations_cert_manager" {
targets = discovery.relabel.metrics_integrations_integrations_cert_manager.output
forward_to = [prometheus.remote_write.metrics_service.receiver]
job_name = "integrations/cert-manager"
}To monitor your Cert Manager instance, you must use a discovery.relabel component to discover your Cert Manager Prometheus endpoint and apply appropriate labels, followed by a prometheus.scrape component to scrape it.
Configure the following properties within each discovery.relabel component:
__address__: The address to your Cert Manager Prometheus metrics endpoint.instancelabel:constants.hostnamesets theinstancelabel to your Grafana Alloy server hostname. If that is not suitable, change it to a value uniquely identifies this Cert Manager instance.
If you have multiple Cert Manager servers to scrape, configure one discovery.relabel for each and scrape them by including each under targets within the prometheus.scrape component.
Grafana Agent configuration
Before you begin
Cert-manager exposes a prometheus metrics endpoint that is enabled by default.
Install Cert Manager integration for Grafana Cloud
- In your Grafana Cloud stack, click Connections in the left-hand menu.
- Find Cert Manager and click its tile to open the integration.
- Review the prerequisites in the Configuration Details tab and set up Grafana Agent to send Cert Manager metrics to your Grafana Cloud instance.
- Click Install to add this integration’s pre-built dashboard and alerts to your Grafana Cloud instance, and you can start monitoring your Cert Manager setup.
Post-install configuration for the Cert Manager integration
You should instruct Grafana Agent to scrape your cert-manager nodes.
Cert-manager exposes a /metrics endpoint. To scrape it, add the provided snippet to your agent configuration file.
Make sure to change targets in the snippet according to your environment.
Configuration snippets for Grafana Agent
Below metrics.configs.scrape_configs, insert the following lines and change the URLs according to your environment:
- job_name: "integrations/cert-manager"
static_configs:
- targets: ['localhost:9402']
relabel_configs:
- action: replace
replacement: '<your-instance-name>'
target_label: instanceFull example configuration for Grafana Agent
Refer to the following Grafana Agent configuration for a complete example that contains all the snippets used for the Cert Manager integration. This example also includes metrics that are sent to monitor your Grafana Agent instance.
integrations:
prometheus_remote_write:
- basic_auth:
password: <your_prom_pass>
username: <your_prom_user>
url: <your_prom_url>
agent:
enabled: true
relabel_configs:
- action: replace
source_labels:
- agent_hostname
target_label: instance
- action: replace
target_label: job
replacement: "integrations/agent-check"
metric_relabel_configs:
- action: keep
regex: (prometheus_target_sync_length_seconds_sum|prometheus_target_scrapes_.*|prometheus_target_interval.*|prometheus_sd_discovered_targets|agent_build.*|agent_wal_samples_appended_total|process_start_time_seconds)
source_labels:
- __name__
# Add here any snippet that belongs to the `integrations` section.
# For a correct indentation, paste snippets copied from Grafana Cloud at the beginning of the line.
logs:
configs:
- clients:
- basic_auth:
password: <your_loki_pass>
username: <your_loki_user>
url: <your_loki_url>
name: integrations
positions:
filename: /tmp/positions.yaml
scrape_configs:
# Add here any snippet that belongs to the `logs.configs.scrape_configs` section.
# For a correct indentation, paste snippets copied from Grafana Cloud at the beginning of the line.
metrics:
configs:
- name: integrations
remote_write:
- basic_auth:
password: <your_prom_pass>
username: <your_prom_user>
url: <your_prom_url>
scrape_configs:
# Add here any snippet that belongs to the `metrics.configs.scrape_configs` section.
# For a correct indentation, paste snippets copied from Grafana Cloud at the beginning of the line.
- job_name: "integrations/cert-manager"
static_configs:
- targets: ['localhost:9402']
relabel_configs:
- action: replace
replacement: '<your-instance-name>'
target_label: instance
global:
scrape_interval: 60s
wal_directory: /tmp/grafana-agent-walDashboards
The Cert Manager integration installs the following dashboards in your Grafana Cloud instance to help monitor your system.
- Cert Manager
Alerts
The Cert Manager integration includes the following useful alerts:
cert-manager
| Alert | Description |
|---|---|
| CertManagerAbsent | Critical: Cert Manager has disappeared from Prometheus service discovery. |
certificates
| Alert | Description |
|---|---|
| CertManagerCertExpirySoon | Warning: The cert is nearing expiry, it should have renewed over a week ago. |
| CertManagerCertNotReady | Critical: The cert is not ready to serve traffic. |
| CertManagerHittingRateLimits | Critical: Cert manager hitting LetsEncrypt rate limits. |
Metrics
The most important metrics provided by the Cert Manager integration, which are used on the pre-built dashboard and Prometheus alerts, are as follows:
- certmanager_certificate_expiration_timestamp_seconds
- certmanager_certificate_ready_status
- certmanager_clock_time_seconds
- certmanager_controller_sync_call_count
- certmanager_http_acme_client_request_count
- certmanager_http_acme_client_request_duration_seconds_count
- certmanager_http_acme_client_request_duration_seconds_sum
- container_cpu_cfs_periods_total
- container_cpu_cfs_throttled_periods_total
- container_cpu_usage_seconds_total
- container_memory_usage_bytes
- container_network_receive_bytes_total
- container_network_transmit_bytes_total
- kube_pod_container_resource_limits_cpu_cores
- kube_pod_container_resource_limits_memory_bytes
- kube_pod_container_resource_requests_cpu_cores
- kube_pod_container_resource_requests_memory_bytes
- up
Changelog
# 1.0.0 - February 2024
* Update mixin to replace all Angular panels with React based panels.
# 0.0.5 - September 2023
* New Filter Metrics option for configuring the Grafana Agent, which saves on metrics cost by dropping any metric not used by this integration. Beware that anything custom built using metrics that are not on the snippet will stop working.
* New hostname relabel option, which applies the instance name you write on the text box to the Grafana Agent configuration snippets, making it easier and less error prone to configure this mandatory label.
# 0.0.4 - March 2023
* Enable cluster template variable
* Add support for kubernetes via Grafana Agent Operator
# 0.0.3 - June 2022
* Unify job name across instructions and alert definition
# 0.0.2 - October 2021
* Update to latest upstream mixin
* Update all rate queries to use `$__rate_interval`, so they respect the default resolution
# 0.0.1 - January 2021
* Initial releaseCost
By connecting your Cert Manager instance to Grafana Cloud, you might incur charges. To view information on the number of active series that your Grafana Cloud account uses for metrics included in each Cloud tier, see Active series and dpm usage and Cloud tier pricing.
Was this page helpful?
Related resources from Grafana Labs
