search

aquasecurity / tracee

Linux Runtime Security and Forensics using eBPF
https://aquasecurity.github.io/tracee/latest
Apache License 2.0
3.35k stars 394 forks source link

Metrics unavailable in Prometheus without explicit Port declarations #4158

Open Jeansen opened 1 week ago

Jeansen commented 1 week ago

Tracee has metrics enabled by default, but relevant ports are not explicitly exposed so Prometheus could collect them. Only after I added 

  ports:
    - name: metrics
      containerPort: 3366
      protocol: TCP

to the container stance in Tracee Daemonset, which now looks more like this then:

containers:
  - name: tracee
    image: docker.io/aquasec/tracee:0.20.0
    command:
      - /tracee/tracee
    args:
      - '--config'
      - /tracee/config.yaml
    ports:
      - name: metrics
        containerPort: 3366
        protocol: TCP
...

Prometheus was able to see the metrics with the following PodMonitor:

apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: monitoring-tracee
  namespace: default
  labels:
    name: monitoring-tracee
    release: prometheus-grafana
spec:
  namespaceSelector:
    matchNames:
    - tracee
  podMetricsEndpoints:
  - interval: 5s
    port: metrics
  selector:
    matchLabels:
      app.kubernetes.io/name: tracee
rscampos commented 1 week ago

Hey @Jeansen, thank you for report this issue and to give some detail, I'll handle it :)

Jeansen commented 1 week ago

@rscampos Great. Thanks a lot. BTW, is it intentional that there are only metrics for ebpf? For instance, there are no more metrics for loaded signatures. Just mentioning it ;-)