Shield Health Metrics

Cluster Shield exposes metrics related to its operational health. You can use Prometheus to collect these metrics and monitor the status of Cluster Shield in your environments, ensuring continuous protection and visibility.

Prerequisites

Cluster Shield 1.9.0 or later installed. See Kubernetes. Earlier version of Cluster Shield do not expose health metrics.
In the shield Helm chart, set cluster.enable_prometheus_scraping to true. It is true by default.
Ensure Prometheus is enabled in your values.yaml file to automatically send metrics to your Cluster-Shield Monitoring dashboard on Sysdig Monitor.

features:
   monitor:
     prometheus:
       enabled: true

Health Metrics Available

At the /metrics endpoint on port 8080, Cluster Shield exposes health metrics such as:

sysdig_cluster_shield_component_health_status is a boolean, where:
- 1 indicates Cluster Shield is healthy.
- 0 indicates Cluster Shield is unhealthy.

Collect Health Metrics

To enable Prometheus to scrape health metrics from Cluster Shield, use the following annotation in the values.yaml configuration file:

cluster:
  pod_annotations:
    prometheus.io/scrape: 'true'
    prometheus.io/port: '8080'
    prometheus.io/path: '/metrics'

Once the annotation is applied, Prometheus scrapes these metrics using the specified endpoint and port.

View Metrics

Sysdig Monitor

To view Cluster Shield health metrics, and check Prometheus is successfully scraping the metrics:

Log in to Monitor.
Go to Dashboards > Dashboards Manager.
Locate the dashboard Cluster-Shield Monitoring. You can utilize the search bar.
Select the dashboard.
The panel Feature Health tracks the metric sysdig_cluster_shield_component_health_status.

You could also search the metric sysdig_cluster_shield_component_health_status in Explore > Metrics Explorer.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.