Grafana Cloud Grafana Kubernetes Monitoring Other configuration methods Use remote_write to ship Prometheus metrics Configure remote_write with Prometheus Operator

Configure remote_write with Prometheus Operator

In this guide, you’ll learn how to configure Prometheus Operator to scrape an endpoint, and ship scraped metrics to Grafana Cloud.

Prometheus Operator implements the Kubernetes Operator pattern for managing a Prometheus-based Kubernetes monitoring stack. A Kubernetes Operator consists of Kubernetes custom resources and controller code that abstract away the management and implementation details of running a given service on Kubernetes. To learn more about Kubernetes Operators, see Operator pattern from the Kubernetes docs.

The Prometheus Operator provides a set of Kubernetes Custom Resources that simplify Prometheus, Grafana and Alertmanager deployment and configuration. For example, using the ServiceMonitor custom resource, you can configure how to monitor groups of Kubernetes services in YAML manifests. The Operator controller then communicates with the Kubernetes API server to monitor service endpoints and automatically generate the required Prometheus scrape configurations for the configured services. To learn more about Prometheus Operator, refer to the Prometheus Operator GitHub repository.

kube-prometheus configures Prometheus Operator with a default Prometheus-Alertmanager-Grafana stack and sets up preconfigured Grafana dashboards and Alertmanager alerts. It also configures a set of Prometheus scrape targets and sets up node-exporter and kube-state-metrics.

Before you begin

This guide assumes you have either Prometheus Operator or kube-prometheus installed and running in your Kubernetes cluster. Prometheus Operator is a sub-component of the kube-prometheus stack.

• To learn how to install Prometheus Operator, see the Prometheus Operator GitHub repository.
• To learn how to install kube-prometheus, see kube-prometheus.

If you used the Helm package manager to install either of these components, see the relevant guide:

• Configure remote_write with Helm and Prometheus
• Configure remote_write with Helm and kube-prometheus-stack

Create a Kubernetes Secret to store Grafana Cloud credentials

To begin, you’ll create a Kubernetes Secret to store your Grafana Cloud Metrics username and password.

To create your Kubernetes Secret:

1. Find your username by navigating to your stack in the Cloud Portal and clicking Details next to the Prometheus panel.

   Your password corresponds to an API key that you can generate by clicking Generate now in the same panel. To learn how to create a Grafana Cloud API key, see Create a Grafana Cloud API key

2. Once you’ve noted your Cloud Prometheus username and password, run the following command to create a Secret, in this example, kubepromsecret:

   kubectl create secret generic kubepromsecret \
     --from-literal=username=<your_grafana_cloud_prometheus_username>\
    --from-literal=password='<your_grafana_cloud_API_key>'\
    -n default
   

   Note: If you deployed your monitoring stack in a namespace other than default, change the -n monitoring flag to the appropriate namespace in the above command. To learn more about this command, see Managing Secrets using kubectl from the official Kubernetes docs.

   Instead of creating the secret directly as in this example, alternatively you can use a manifest file. To learn more about Kubernetes Secrets, refer to Secrets from the Kubernetes docs.

Now that you’ve created a Secret to store your Grafana Cloud credentials, you can move on to modifying your Prometheus configuration.

Modify the Prometheus manifest configuration

1. Locate the manifest file for the Prometheus custom resource running in your cluster.

   • If you’re using kube-prometheus and deployed its default stack, this will be prometheus-prometheus.yaml in the manifests directory of the kube-prometheus GitHub repo.
   • If you’re using Prometheus Operator, you have to first define and deploy one or more Prometheus instances using the Prometheus Custom Resource Definition (CRD) created by Prometheus Operator. You can use the Prometheus manifest from kube-prometheus to help you begin. Installing and configuring Prometheus in your cluster is beyond the scope of this guide.

2. Once you’ve located the file, open it in an editor. You should see something like the following:

   apiVersion: monitoring.coreos.com/v1
   kind: Prometheus
   metadata:
     labels:
       prometheus: k8s
     name: k8s
     namespace: monitoring
   spec:
     alerting:
       alertmanagers:
       - name: alertmanager-main
         namespace: monitoring
         port: web
     image: quay.io/prometheus/prometheus:v2.22.1
     nodeSelector:
       kubernetes.io/os: linux
     podMonitorNamespaceSelector: {}
     podMonitorSelector: {}
     probeNamespaceSelector: {}
     probeSelector: {}
     replicas: 2
     resources:
       requests:
         memory: 400Mi
     ruleSelector:
       matchLabels:
         prometheus: k8s
         role: alert-rules
     securityContext:
       fsGroup: 2000
       runAsNonRoot: true
       runAsUser: 1000
     serviceAccountName: prometheus-k8s
     serviceMonitorNamespaceSelector: {}
     serviceMonitorSelector: {}
     version: v2.22.1
   

   The manifest file may vary depending on your specific Prometheus deployment.

3. Edit and append the following remote_write configuration block after the version parameter:

     version: v2.22.1
     remoteWrite:
     - url: "<Your Metrics instance remote_write endpoint>"
       basicAuth:
         username:
           name: kubepromsecret
           key: username
         password:
           name: kubepromsecret
           key: password
   

   Make the following edits:

   • Set the remote_write URL to Grafana Cloud’s Prometheus metrics endpoint. You can find the /api/prom/push URL, username, and password for your metrics endpoint by clicking on Details in the Prometheus card of the Cloud Portal.
   • Update the basicAuth username and password fields based on the Secret you created in the previous step (named kubepromsecret in the example). Enter the username and password keys for the Secret.

4. Save and close the file when you’re done editing.

5. Roll out the changes using the following command:

   kubectl apply -f prometheus-prometheus.yaml -n monitoring
   

   Replace prometheus-prometheus.yaml with the appropriate filename and monitoring with the namespace into which the Prometheus stack has been installed.

   You should see the following output:

   prometheus.monitoring.coreos.com/k8s configured
   

Verify your updates

At this point, you’ve successfully configured your Prometheus instances to remote_write scraped metrics to Grafana Cloud. You can verify that your changes have propagated to your running Prometheus instances using port-forward.

To verify your changes:

1. Use port-forward by running this command:

   kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090
   

   Replace namespace with the appropriate namespace, and prometheus-k8s with the Prometheus service name.

2. Navigate to http://localhost:9090 in your browser, and then Status and Configuration.

3. Verify that the remote_write block you appended above has propagated to your running Prometheus instances.

4. Finally, log in to your Grafana instance to begin querying your cluster data.

   You can use the Billing/Usage dashboard to inspect incoming data rates in the last 5 minutes to confirm the flow of data to Grafana Cloud.