Sysdig Admission Controller
Metrics, Dashboards, Alerts and more for Sysdig Admission Controller Integration in Sysdig Monitor.
This integration is enabled by default.
This integration is out-of-the-box, so it doesn’t require any exporter.
This integration has 47 metrics.
List of Alerts
| Alert | Description | Format |
|---|---|---|
| [Sysdig Admission Controller] No K8s Audit Events Received | The Admission Controller is not receiving Kubernetes Audit events | Prometheus |
| [Sysdig Admission Controller] K8s Audit Events Throttling | Kubernetes Audit events is being throttled | Prometheus |
| [Sysdig Admission Controller] Scanning Events Throttling | Scanning events is being throttled | Prometheus |
| [Sysdig Admission Controller] Inline Scanning Throttling | The inline scanning queue is not empty for a long time | Prometheus |
| [Sysdig Admission Controller] High Error Rate In Scan Status From Backend | High Error Rate In Scan Status From Backend | Prometheus |
| [Sysdig Admission Controller] High Error Rate In Scan Report From Backend | High Error Rate In Scan Status From Backend | Prometheus |
| [Sysdig Admission Controller] High Error Rate In Image Scan | High Error Rate In Image Scan | Prometheus |
List of Dashboards
Sysdig Admission Controller
The dashboard provides information on the Sysdig Admission Controller integration.
List of Metrics
| Metric name |
|---|
| go_build_info |
| go_gc_duration_seconds |
| go_gc_duration_seconds_count |
| go_gc_duration_seconds_sum |
| go_goroutines |
| go_info |
| go_memstats_buck_hash_sys_bytes |
| go_memstats_gc_sys_bytes |
| go_memstats_heap_alloc_bytes |
| go_memstats_heap_idle_bytes |
| go_memstats_heap_inuse_bytes |
| go_memstats_heap_released_bytes |
| go_memstats_heap_sys_bytes |
| go_memstats_lookups_total |
| go_memstats_mallocs_total |
| go_memstats_mcache_inuse_bytes |
| go_memstats_mcache_sys_bytes |
| go_memstats_mspan_inuse_bytes |
| go_memstats_mspan_sys_bytes |
| go_memstats_next_gc_bytes |
| go_memstats_stack_inuse_bytes |
| go_memstats_stack_sys_bytes |
| go_memstats_sys_bytes |
| go_threads |
| k8s_audit_ac_alerts_total |
| k8s_audit_ac_events_processed_total |
| k8s_audit_ac_events_received_total |
| process_cpu_seconds_total |
| process_max_fds |
| process_open_fds |
| queue_length |
| scan_report_cache_hits |
| scan_report_cache_misses |
| scan_status_cache_hits |
| scan_status_cache_misses |
| scanner_scan_errors |
| scanner_scan_report_error_from_backend_count |
| scanner_scan_report_retrieved_from_backend_count |
| scanner_scan_requests_already_queued |
| scanner_scan_requests_error |
| scanner_scan_requests_queued |
| scanner_scan_status_error_from_backend_count |
| scanner_scan_status_retrieved_from_backend_count |
| scanner_scan_success |
| scanning_ac_admission_responses_total |
| scanning_ac_containers_processed_total |
| scanning_ac_http_scanning_handler_requests_total |
Prerequisites
Install Sysdig Admission Controller
Install Sysdig Admission Controller following the official documentation and make sure to provide a valid Sysdig Secure valid ULR and API token.
Installation
Installing an exporter is not required for this integration.
Agent Configuration
The default agent job for this integration is as follows:
- job_name: sysdig-admission-controller-default
tls_config:
insecure_skip_verify: true
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: keep
source_labels: [__meta_kubernetes_pod_host_ip]
regex: __HOSTIPS__
- action: keep
source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
regex: true
- action: drop
source_labels: [__meta_kubernetes_pod_annotation_promcat_sysdig_com_omit]
regex: true
- source_labels: [__meta_kubernetes_pod_phase]
action: keep
regex: Running
- action: keep
source_labels:
- __meta_kubernetes_pod_container_name
- __meta_kubernetes_pod_annotation_prometheus_io_port
regex: admission-controller;(8080|5000)
- action: replace
source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: replace
source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme]
target_label: __scheme__
regex: (https?)
- action: replace
source_labels: [__meta_kubernetes_pod_uid]
target_label: sysdig_k8s_pod_uid
- action: replace
source_labels: [__meta_kubernetes_pod_container_name]
target_label: sysdig_k8s_pod_container_name
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.