使用 Helm 图表的 Vault 和 Prometheus

Question

我已经通过 Helm 图表安装了 Vault 和 Prometheus。我已初始化并启用 Vault vault.injector.metrics

如何配置 Prometheus 来抓取 Vault？我尝试了注释和 additionalScrapeConfigs 但没有成功。

Answer 1

使用官方 Helm 图表部署 Vault

config: |
        ui = true
        listener "tcp" {
          address = "[::]:8200"
          cluster_address = "[::]:8201"
          telemetry {
            unauthenticated_metrics_access = "true"
          }
          tls_cert_file = "/vault/userconfig/secret/server.crt"
          tls_key_file = "/vault/userconfig/secret/server.key"
          tls_ca_cert_file = "/vault/userconfig/secret/ca.crt"
        }

        telemetry {
          prometheus_retention_time = "30s"
          disable_hostname = true
        }

使用社区 Helm 图表部署 Prometheus

[https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml][1]

prometheus:
  prometheusSpec:
    additionalScrapeConfigs:
      - job_name: 'vault'
        metrics_path: '/v1/sys/metrics'
        params:
          format: ['prometheus']
        scheme: https
        tls_config:
          ca_file: '/etc/prometheus/secrets/my-secret/ca.crt'
          insecure_skip_verify: true
        kubernetes_sd_configs:
          - role: endpoints
        relabel_configs:
          - source_labels:
              [
                __meta_kubernetes_namespace,
                __meta_kubernetes_pod_container_port_number,
              ]
            action: keep
            regex: vault;8200

使用 Helm 图表的 Vault 和 Prometheus

Vault and Prometheus with Helm Charts

prometheus

hashicorp-vault