Sysdig Admission Controller
Metrics, Dashboards, Alerts and more for Sysdig Admission Controller Integration in Sysdig Monitor.
This integration is enabled by default.
This integration is out-of-the-box, so it doesn’t require any exporter.
This integration has 46 metrics.
List of Alerts
| Alert | Description | Format |
|---|---|---|
| [Sysdig Admission Controller] No K8s Audit Events Received | The Admission Controller is not receiving Kubernetes Audit events | Prometheus |
| [Sysdig Admission Controller] K8s Audit Events Throttling | Kubernetes Audit events is being throttled | Prometheus |
| [Sysdig Admission Controller] Scanning Events Throttling | Scanning events is being throttled | Prometheus |
| [Sysdig Admission Controller] Inline Scanning Throttling | The inline scanning queue is not empty for a long time | Prometheus |
| [Sysdig Admission Controller] High Error Rate In Scan Status From Backend | High Error Rate In Scan Status From Backend | Prometheus |
| [Sysdig Admission Controller] High Error Rate In Scan Report From Backend | High Error Rate In Scan Status From Backend | Prometheus |
| [Sysdig Admission Controller] High Error Rate In Image Scan | High Error Rate In Image Scan | Prometheus |
List of Dashboards
Sysdig Admission Controller
The dashboard provides information on the Sysdig Admission Controller integration.
List of Metrics
| Metric name |
|---|
| go_build_info |
| go_gc_duration_seconds |
| go_gc_duration_seconds_count |
| go_gc_duration_seconds_sum |
| go_goroutines |
| go_memstats_buck_hash_sys_bytes |
| go_memstats_gc_sys_bytes |
| go_memstats_heap_alloc_bytes |
| go_memstats_heap_idle_bytes |
| go_memstats_heap_inuse_bytes |
| go_memstats_heap_released_bytes |
| go_memstats_heap_sys_bytes |
| go_memstats_lookups_total |
| go_memstats_mallocs_total |
| go_memstats_mcache_inuse_bytes |
| go_memstats_mcache_sys_bytes |
| go_memstats_mspan_inuse_bytes |
| go_memstats_mspan_sys_bytes |
| go_memstats_next_gc_bytes |
| go_memstats_stack_inuse_bytes |
| go_memstats_stack_sys_bytes |
| go_memstats_sys_bytes |
| go_threads |
| k8s_audit_ac_alerts_total |
| k8s_audit_ac_events_processed_total |
| k8s_audit_ac_events_received_total |
| process_cpu_seconds_total |
| process_max_fds |
| process_open_fds |
| queue_length |
| scan_report_cache_hits |
| scan_report_cache_misses |
| scan_status_cache_hits |
| scan_status_cache_misses |
| scanner_scan_errors |
| scanner_scan_report_error_from_backend_count |
| scanner_scan_report_retrieved_from_backend_count |
| scanner_scan_requests_already_queued |
| scanner_scan_requests_error |
| scanner_scan_requests_queued |
| scanner_scan_status_error_from_backend_count |
| scanner_scan_status_retrieved_from_backend_count |
| scanner_scan_success |
| scanning_ac_admission_responses_total |
| scanning_ac_containers_processed_total |
| scanning_ac_http_scanning_handler_requests_total |
Preparing the Integration
Install Sysdig Admission Controller
Install Sysdig Admission Controller following the official documentation and make sure to provide a valid Sysdig Secure valid ULR and API token.
Installing
The installation of an exporter is not required for this integration.
Agent Configuration
This is the default agent job for this integration:
- job_name: sysdig-admission-controller-default
tls_config:
insecure_skip_verify: true
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: keep
source_labels: [__meta_kubernetes_pod_host_ip]
regex: __HOSTIPS__
- action: keep
source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
regex: true
- action: drop
source_labels: [__meta_kubernetes_pod_annotation_promcat_sysdig_com_omit]
regex: true
- action: keep
source_labels:
- __meta_kubernetes_pod_container_name
- __meta_kubernetes_pod_annotation_prometheus_io_port
regex: admission-controller;(8080|5000)
- action: replace
source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: replace
source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme]
target_label: __scheme__
regex: (https?)
- action: replace
source_labels: [__meta_kubernetes_pod_uid]
target_label: sysdig_k8s_pod_uid
- action: replace
source_labels: [__meta_kubernetes_pod_container_name]
target_label: sysdig_k8s_pod_container_name
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.