Prometheus Metrics Exporter

Reference Documentation

• Upstream Exporter Repository
• Upstream Exporter Helm Chart

Overview

The Neuvector Metrics Exporter needs authentication configured to be able to provide metrics:

• By default (similar to fluent-bit) the built-in admin superuser account is fed in to be able to authenticate.
• It is strongly encouraged to use a read-only user for the metrics exporter.

Creating a read-only metrics user

Neuvector comes configured with a default admin user, but it is highly encouraged to create a new user with limited permission. A new user can be created manually in the UI via https://neuvector.bigbang.dev/#/settings/users or be created as part of the built in user initialization, which uses /etc/config/userinitcfg.yaml.

The following example shows creation of a new metrics user with the built in reader role and the corresponding configuration to ensure the CTRL_USERNAME and CTRL_PASSWORD are configured to utilize the new user.

values:
  controller:
    secret:
      enabled: true
      data:
        # This configuration is read in at deploy time and users are created.
        userinitcfg.yaml:
          users:
            - username: metrics
              password: bb-M3trics
              role: reader
              fullname: metrics

  monitor:
    install: true
    exporter:
      enabled: true
      serviceMonitor:
        enabled: true
      svc:
        enabled: true
      CTRL_USERNAME: metrics
      CTRL_PASSWORD: bb-M3trics

---

Last update: 2023-02-09 by Rob Ferguson