Prometheus Metrics
To help with operations and insights into cert-manager activities, cert-manager exposes metrics in the Prometheus format from the controller component. These are available at the standard /metrics
path of the controller component's configured HTTP port.
Scraping Metrics
How metrics are scraped will depend how you're operating your Prometheus server(s). These examples presume the Prometheus Operator is being used to run Prometheus, and configure Pod or Service Monitor CRDs.
Helm
If you're deploying cert-manager with helm, a ServiceMonitor
resource can be configured. This configuration should enable metric scraping, and the configuration can be further tweaked as described in the Helm configuration documentation.
prometheus:enabled: trueservicemonitor:enabled: true
Regular Manifests
If you're not using helm to deploy cert-manager and instead using the provided regular YAML manifests, this example PodMonitor
should be all you need to start ingesting cert-manager metrics.
apiVersion: monitoring.coreos.com/v1kind: PodMonitormetadata:name: cert-managernamespace: cert-managerlabels:app: cert-managerapp.kubernetes.io/name: cert-managerapp.kubernetes.io/instance: cert-managerapp.kubernetes.io/component: "controller"spec:jobLabel: app.kubernetes.io/nameselector:matchLabels:app: cert-managerapp.kubernetes.io/name: cert-managerapp.kubernetes.io/instance: cert-managerapp.kubernetes.io/component: "controller"podMetricsEndpoints:- port: httphonorLabels: true
Monitoring Mixin
Monitoring mixins are a way to bundle common alerts, rules, and dashboards for an application in a configurable and extensible way, using the Jsonnet data templating language. A cert-manager monitoring mixin can be found here https://gitlab.com/uneeq-oss/cert-manager-mixin. Documentation on usage can be found with the cert-manager-mixin
project.