Kuma facilitates consistent traffic metrics across all data plane proxies in your mesh.
You add metrics to a mesh configuration, or to an individual Dataplane configuration if you need, for example, to override the default metrics port that's already in use on the specified machine.
Kuma provides full integration with Prometheus:
Each proxy can expose its metrics in Prometheus format.
Because metrics are part of the mesh configuration, Prometheus can automatically find every proxy in the mesh.
To collect metrics from Kuma, you need to first expose metrics from proxies and then configure Prometheus to collect them.
apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:name: default
spec:metrics:enabledBackend: prometheus-1backends:-name: prometheus-1type: prometheus
conf:skipMTLS:falseport:5670path: /metrics
tags:# tags that can be referred in Traffic Permission when metrics are secured by mTLS kuma.io/service: dataplane-metrics
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
type: Mesh
name: default
metrics:enabledBackend: prometheus-1backends:-name: prometheus-1type: prometheus
conf:skipMTLS:true# by default mTLS metrics are also protected by mTLS. Scraping metrics with mTLS without transparent proxy is not supported at the moment.
1 2 3 4 5 6 7 8 9
which is a convenient shortcut for
type: Mesh
name: default
metrics:enabledBackend: prometheus-1backends:-name: prometheus-1type: prometheus
conf:skipMTLS:trueport:5670path: /metrics
tags:# tags that can be referred in Traffic Permission when metrics are secured by mTLS kuma.io/service: dataplane-metrics
1 2 3 4 5 6 7 8 9 10 11 12 13
This tells Kuma to configure every proxy in the default mesh to expose an HTTP endpoint with Prometheus metrics on port 5670 and URI path /metrics.
The metrics endpoint is forwarded to the standard Envoy Prometheus metrics endpoint(opens new window) and supports the same query parameters.
You can pass the filter query parameter to limit the results to metrics whose names match a given regular expression.
By default all available metrics are returned.
# Override Prometheus settings per data plane proxy
To override Mesh-wide defaults for a particular Pod, use Kuma-specific annotations:
prometheus.metrics.kuma.io/port - to override Mesh-wide default port
prometheus.metrics.kuma.io/path - to override Mesh-wide default path
For earlier versions of Prometheus, Kuma provides the kuma-prometheus-sd tool, which runs alongside your Prometheus instance.
This tool fetches a list of current data plane proxies from the Kuma control plane and saves the list in Prometheus-compatible format
to a file on disk. Prometheus watches for changes to the file and updates its scraping configuration accordingly.
You can run kumactl install metrics | kubectl apply -f - to deploy configured Prometheus with Grafana.
Kuma lets you expose proxy metrics in a secure way by leveraging mTLS. Prometheus needs to be a part of the mesh for this feature to work, which is the default deployment model when kumactl install metrics is used on Kubernetes.
Make sure that mTLS is enabled in the mesh.
apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:name: default
spec:mtls:enabledBackend: ca-1backends:-name: ca-1type: builtin
metrics:enabledBackend: prometheus-1backends:-name: prometheus-1type: prometheus
conf:port:5670path: /metrics
skipMTLS:falsetags:# tags that can be referred in Traffic Permission kuma.io/service: dataplane-metrics