Using Microgateway Prometheus metrics

Airlock Microgateway components can act as a data source for Prometheus metrics for time-series-based real-time events and alert monitoring.
Prometheus can statically scrape metrics from configured Kubernetes resources or retrieve the scrape targets with service discovery. Since Microgateway can be scaled horizontally, a static configuration might be impractical. This article describes the configuration and gives an overview of available metrics.

• Requirements and Prometheus related installation and configuration:
• Note that a serviceMonitor and podMonitor configuration is required to scrape the Microgateway metrics.
• The article Grafana dashboards for metric and log visualization shows a useful example of how Prometheus metrics can be used with our preconfigured Grafana dashboards delivered with the Microgateway Operator.

For security reasons, metrics usually should not be accessible outside your network. We strongly recommend setting appropriate network policies for metrics access.

To allow scraping metrics from web applications with injected Airlock Microgateway Engines, the application's corresponding metrics port should be excluded via a Pod annotation. Multiple ports can be excluded in a comma-separated list.

Example:
sidecar.microgateway.airlock.com/excludeInboundPorts: "<YourWebApplicationMetricsPort>"

See also Annotations for the Microgateway Operator.

The default Airlock Microgateway ports are noted in the following table:

• Keep in mind:
• A metric is published when there has been at least one sample point. The reason is that a sample is required before any output can be generated.
• Statistically relevant statements such as the average number of requests per second always require a sufficient basis.

For available metrics, see the reference article Prometheus metrics and access logs.

The following installation and configuration example uses the kube-prometheus-stack and may serve as a starting point for your specific Prometheus deployment. To pickup

1. Deploy the Prometheus Operator with the Helm chart from kube-prometheus-stack (ArtifactHub):
copy



helm install <PROMETHEUS-OPERATOR-RELEASE> prometheus-community/kube-prometheus-stack

2. With the Airlock Microgateway Operator helm chart installation, the serviceMonitor and podMonitor resources can be created automatically. To do so, configure the helm values create: true and labels: {release: <PROMETHEUS-OPERATOR-RELEASE>} for each Prometheus resource:
copy



operator:  
  serviceMonitor:  
    create: true 
    labels:  
      release: <PROMETHEUS-OPERATOR-RELEASE>
  gatewayAPI:
    podMonitor:
      create: true
      labels: 
        release: <PROMETHEUS-OPERATOR-RELEASE>
engine:  
  sidecar:  
    podMonitor:  
      create: true 
      labels:  
        release: <PROMETHEUS-OPERATOR-RELEASE>

• Internal links:
• Prometheus metrics and access logs
• Configuration and monitoring of licenses
• Annotations for the Microgateway Operator

• External links:
• Envoy listener statistics
• Envoy observability statistics
• Prometheus metric types
• Official installation guide for Prometheus
• kube-prometheus-stack (ArtifactHub)