Prometheus service discovery for Hetzner Cloud
We won’t cover further details how to properly setup Prometheus itself, we will only cover some basic setup based on docker-compose. But if you want to run this service discovery without docker-compose you should be able to adopt that to your needs.
First of all we need to prepare a configuration for Prometheus that includes the service discovery which simply maps to a node exporter.
global:
scrape_interval: 1m
scrape_timeout: 10s
evaluation_interval: 1m
scrape_configs:
- job_name: node
file_sd_configs:
- files: [ "/etc/sd/hcloud.json" ]
relabel_configs:
- source_labels: [__meta_hcloud_public_ipv4]
replacement: "${1}:9100"
target_label: __address__
- source_labels: [__meta_hcloud_datacenter]
target_label: datacenter
- source_labels: [__meta_hcloud_name]
target_label: instance
- job_name: hcloud-sd
static_configs:
- targets:
- hcloud-sd:9000
After preparing the configuration we need to create the docker-compose.yml
within the same folder, this docker-compose.yml
starts a simple
Prometheus instance together with the service discovery. Don’t
forget to update the environment variables with the required credentials. If you
are using a different volume for the service discovery you have to make sure
that the container user is allowed to write to this volume.
version: '2'
volumes:
prometheus:
services:
prometheus:
image: prom/prometheus:latest
restart: always
ports:
- 9090:9090
volumes:
- prometheus:/prometheus
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- ./service-discovery:/etc/sd
hcloud-sd:
image: promhippie/prometheus-hcloud-sd:latest
restart: always
environment:
- PROMETHEUS_HCLOUD_LOG_PRETTY=true
- PROMETHEUS_HCLOUD_OUTPUT_FILE=/etc/sd/hcloud.json
- PROMETHEUS_HCLOUD_TOKEN=your-token
volumes:
- ./service-discovery:/etc/sd
Since our latest
tag always refers to the master
branch of the Git
repository you should always use some fixed version. You can see all available
tags at DockerHub or Quay, there you will see that we
also provide a manifest, you can easily start the exporter on various
architectures without any change to the image name. You should apply a change
like this to the docker-compose.yml
file:
hcloud-sd:
- image: promhippie/prometheus-hcloud-sd:latest
+ image: promhippie/prometheus-hcloud-sd:0.5.0
restart: always
environment:
- PROMETHEUS_HCLOUD_LOG_PRETTY=true
- PROMETHEUS_HCLOUD_OUTPUT_FILE=/etc/sd/hcloud.json
- PROMETHEUS_HCLOUD_TOKEN=your-token
volumes:
- ./service-discovery:/etc/sd
Depending on how you have launched and configured Prometheus it’s
possible that it’s running as user nobody
, in that case you should run the
service discovery as this user as well, otherwise Prometheus won’t
be able to read the generated JSON file:
hcloud-sd:
image: promhippie/prometheus-hcloud-sd:latest
restart: always
+ user: '65534'
environment:
- PROMETHEUS_HCLOUD_LOG_PRETTY=true
- PROMETHEUS_HCLOUD_OUTPUT_FILE=/etc/sd/hcloud.json
- PROMETHEUS_HCLOUD_TOKEN=your-token
volumes:
- ./service-discovery:/etc/sd
If you want to secure the access to the exporter or also the HTTP service discovery endpoint you can provide a web config. You just need to provide a path to the config file in order to enable the support for it, for details about the config format look at the documentation section:
hcloud-sd:
image: promhippie/prometheus-hcloud-sd:latest
restart: always
environment:
+ - PROMETHEUS_HCLOUD_WEB_CONFIG=path/to/web-config.json
- PROMETHEUS_HCLOUD_LOG_PRETTY=true
- PROMETHEUS_HCLOUD_OUTPUT_FILE=/etc/sd/hcloud.json
- PROMETHEUS_HCLOUD_TOKEN=your-token
volumes:
- ./service-discovery:/etc/sd
To avoid the dependency on a shared filesystem between this service discovery and the Prometheus configuration directory, you are able to use the new HTTP service discovery starting with Prometheus >= v2.28, you just need to switch the engine for this service discovery:
hcloud-sd:
image: promhippie/prometheus-hcloud-sd:latest
restart: always
environment:
- PROMETHEUS_HCLOUD_LOG_PRETTY=true
+ - PROMETHEUS_HCLOUD_OUTPUT_ENGINE=http
- PROMETHEUS_HCLOUD_OUTPUT_FILE=/etc/sd/hcloud.json
- PROMETHEUS_HCLOUD_TOKEN=your-token
volumes:
- ./service-discovery:/etc/sd
To use the HTTP service discovery you just need to change the Prometheus configuration mentioned above a little bit:
scrape_configs:
- job_name: node
http_sd_configs:
- url: http://hcloud-sd:9000/sd
relabel_configs:
- source_labels: [__meta_hcloud_public_ipv4]
replacement: "${1}:9100"
target_label: __address__
- source_labels: [__meta_hcloud_datacenter]
target_label: datacenter
- source_labels: [__meta_hcloud_name]
target_label: instance
Finally the service discovery should be configured fine, let’s start this stack
with docker-compose], you just need to execute docker-compose up
within the directory where you have stored prometheus.yml
and
docker-compose.yml
. That’s all, the service discovery should be up and
running. You can access Prometheus at
http://localhost:9090.
If you prefer to configure the service with environment variables you can see the available variables below, in case you want to configure multiple accounts with a single service you are forced to use the configuration file as the environment variables are limited to a single account. As the service is pretty lightweight you can even start an instance per account and configure it entirely by the variables, it’s up to you.
info
false
0.0.0.0:9000
/metrics
file
/etc/prometheus/hcloud.json
30
If you want to secure the service by TLS or by some basic authentication you can
provide a YAML
configuration file which follows the Prometheus
toolkit format. You can see a full configuration example within the
toolkit documentation.
Especially if you want to configure multiple accounts within a single service
discovery you got to use the configuration file. So far we support the file
formats JSON
and YAML
, if you want to get a full example configuration just
take a look at our repository, there you can always see the latest
configuration format. These example configurations include all available
options, they also include the default values.
__address__
__meta_hcloud_city
__meta_hcloud_cores
__meta_hcloud_country
__meta_hcloud_cpu
__meta_hcloud_datacenter
__meta_hcloud_disk
__meta_hcloud_image_name
__meta_hcloud_image_type
__meta_hcloud_ipv4_<name>
__meta_hcloud_label_<name>
__meta_hcloud_location
__meta_hcloud_memory
__meta_hcloud_name
__meta_hcloud_os_flavor
__meta_hcloud_os_version
__meta_hcloud_project
__meta_hcloud_public_ipv4
__meta_hcloud_public_ipv6
__meta_hcloud_status
__meta_hcloud_storage
__meta_hcloud_type
Currently we are covering the most famous installation methods on Kubernetes, you can choose between Kustomize and Helm.
We won’t cover the installation of Kustomize within this guide, to
get it installed and working please read the upstream documentation. After the
installation of Kustomize you just need to prepare a
kustomization.yml
wherever you like similar to this:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: prometheus-hcloud-sd
resources:
- github.com/promhippie/prometheus-hcloud-sd//deploy/kubernetes?ref=master
configMapGenerator:
- name: prometheus-hcloud-sd
behavior: merge
literals: []
secretGenerator:
- name: prometheus-hcloud-sd
behavior: merge
literals: []
After that you can simply execute kustomize build | kubectl apply -f -
to get
the manifest applied. Generally it’s best to use fixed versions of the container
images, this can be done quite easy, you just need to append this block to your
kustomization.yml
to use this specific version:
images:
- name: quay.io/promhippie/prometheus-hcloud-sd
newTag: 1.1.0
After applying this manifest the exporter should be directly visible within your Prometheus instance if you are using the Prometheus Operator as these manifests are providing a ServiceMonitor.
To consume the service discovery within Prometheus you got to configre matching scrape targets using the HTTP engine, just add a block similar to this one to your Prometheus configuration:
scrape_configs:
- job_name: node
http_sd_configs:
- url: http://hcloud-sd.prometheus-hcloud-sd.svc.cluster.local:9000/sd
relabel_configs:
- source_labels: [__meta_hcloud_public_ipv4]
replacement: "${1}:9100"
target_label: __address__
- source_labels: [__meta_hcloud_datacenter]
target_label: datacenter
- source_labels: [__meta_hcloud_name]
target_label: instance
We won’t cover the installation of Helm within this guide, to get it installed and working please read the upstream documentation. After the installation of Helm you just need to execute the following commands:
helm repo add promhippie https://promhippie.github.io/charts
helm show values promhippie/prometheus-hcloud-sd
helm install prometheus-hcloud-sd promhippie/prometheus-hcloud-sd
You can also watch that available values and generally the details of the chart provided by us within our chart repository.
After applying this manifest the exporter should be directly visible within your Prometheus instance depending on your installation if you enabled the annotations or the service monitor.
To consume the service discovery within Prometheus you got to configre matching scrape targets using the HTTP engine, just add a block similar to this one to your Prometheus configuration:
scrape_configs:
- job_name: node
http_sd_configs:
- url: http://hcloud-sd.prometheus-hcloud-sd.svc.cluster.local:9000/sd
relabel_configs:
- source_labels: [__meta_hcloud_public_ipv4]
replacement: "${1}:9100"
target_label: __address__
- source_labels: [__meta_hcloud_datacenter]
target_label: datacenter
- source_labels: [__meta_hcloud_name]
target_label: instance
As this project is built with Go you need to install Go first. The installation of Go is out of the scope of this document, please follow the official documentation. After the installation of Go you need to get the sources:
git clone https://github.com/promhippie/prometheus-hcloud-sd.git
cd prometheus-hcloud-sd/
All required tool besides Go itself are bundled, all you need is part of the
Makefile
:
make generate build
Finally you should have the binary within the bin/
folder now, give it a try
with ./bin/prometheus-hcloud-sd -h
to see all available options.