Prometheus LogoGrafana Logo

Prometheus + Grafana Provisioning

Laralord provisions Prometheus and Grafana as a unified observability stack within Kubernetes clusters, enabling robust monitoring and visualization for multi-tenant SaaS applications. Prometheus collects and stores metrics, while Grafana provides a powerful dashboard for visualizing data, including custom dashboards for services like APISIX. This page details the Prometheus and Grafana deployment, its configurations, secure access to the Grafana dashboard, and integration with Laralord’s platform. For more information, refer to the official Prometheus documentation and the official Grafana documentation.

Grafana Dashboard
Grafana dashboard, securely accessed via Laralord’s SSO proxy

Prometheus + Grafana Overview

Prometheus is an open-source monitoring and alerting toolkit designed for reliability and scalability, widely used for collecting time-series metrics in Kubernetes environments. Grafana complements Prometheus by providing a flexible visualization platform for creating interactive dashboards. Laralord deploys the kube-prometheus-stack, integrating Prometheus and Grafana with secure access to the Grafana dashboard via APISIX Gateway, enabling observability for multi-tenant applications.

Prometheus + Grafana Deployment Details

Laralord deploys Prometheus and Grafana using the kube-prometheus-stack Helm chart from the Prometheus community, configured for secure access and custom monitoring. The deployment is conditional, enabled only when required, and includes tailored settings for multi-tenant environments. Key aspects include:

  • Namespace: Deployed in a user-defined namespace, with automatic namespace creation for isolation and organization.
  • Helm Configuration: Uses a specific Helm chart version with settings for Grafana’s admin password, RBAC adjustments, and custom dashboards (e.g., APISIX metrics).
  • Secret Management: Stores a randomly generated Grafana admin password in a Kubernetes secret for secure dashboard access.
  • Grafana Settings: Configures Grafana with a custom domain, HTTP protocol, anonymous access with editor roles, and disabled login forms for SSO integration.
  • Prometheus Scrape Configs: Includes additional scrape configurations for APISIX metrics, collecting data from a dedicated endpoint every 15 seconds.
  • Default Dashboards: Enables default dashboards and includes a custom APISIX dashboard sourced from a public URL.
  • RBAC Adjustments: Disables AppArmor for Pod Security Policies to resolve Grafana pod initialization issues.
  • Deployment Reliability: Configures atomic deployment, pod recreation, and a 5-minute timeout for robust installation.

Key Features

The Prometheus and Grafana deployment by Laralord provides the following features:

  • Time-Series Monitoring: Prometheus collects and stores metrics with high precision for Kubernetes and application workloads.
  • Interactive Dashboards: Grafana offers customizable dashboards, including default and APISIX-specific visualizations.
  • Secure Access: Grafana dashboard is accessible via APISIX Gateway with SSO and mTLS, ensuring authenticated access.
  • Custom Metrics: Scrapes APISIX metrics for detailed monitoring of gateway performance.
  • Anonymous Access: Configures editor-level access for anonymous users, streamlined for SSO-integrated environments.
  • Alerting Integration: Prometheus supports alerting rules for proactive issue detection (configurable separately).

Why Prometheus + Grafana?

Prometheus and Grafana are chosen by Laralord for their industry-standard observability capabilities and seamless Kubernetes integration. Key advantages include:

  • Kubernetes-Native: Prometheus is optimized for Kubernetes, collecting metrics from pods, nodes, and services with minimal configuration.
  • Visualization Flexibility: Grafana’s dashboards enable intuitive analysis of metrics, supporting custom and pre-built visualizations.
  • Scalability: Handles large-scale clusters with high metric volumes, ideal for multi-tenant SaaS platforms.
  • Community Support: Backed by strong open-source communities, with extensive plugins and integrations (e.g., APISIX dashboards).
  • Security Integration: Seamlessly integrates with Laralord’s SSO and mTLS for secure dashboard access.

Integration with Laralord

Prometheus and Grafana are integral to Laralord’s multi-tenant SaaS platform, providing comprehensive observability for tenant applications and infrastructure. Key integrations include:

  • Tenant Monitoring: Collects and visualizes metrics for tenant-specific workloads, with namespace isolation in Grafana dashboards.
  • APISIX Gateway: Routes Grafana traffic to a custom domain (e.g., grafana.your-domain), enforcing mTLS and SSO, and scrapes APISIX metrics for gateway monitoring.
  • Cert Manager: Applies TLS certificates to secure Grafana access, ensuring encrypted communication.
  • Vault Integration: Stores Grafana admin credentials in Vault HashiCorp, securely distributing them to authorized users.
  • Argo CD Synergy: Monitors Argo CD-managed applications, providing insights into deployment performance and health.
  • Database Observability: Complements PostgreSQL, MySQL, and Valkey by collecting database-specific metrics for performance analysis.

Secure Access with SSO

Laralord secures access to the Grafana dashboard through a robust Single Sign-On (SSO) proxy integrated with APISIX Gateway, ensuring only authorized users can view monitoring data. Key features of the secure access mechanism include:

  • SSO Authentication: Users log in via Laralord’s frontend, leveraging SSO to authenticate requests to the Grafana dashboard.
  • mTLS Encryption: All traffic to Grafana is encrypted using mutual TLS (mTLS), requiring a client certificate managed by Laralord.
  • APISIX Gateway Proxy: Routes requests to Grafana on a custom domain (e.g., grafana.your-domain), enforcing SSO, mTLS, and HTTP-to-HTTPS redirection.
  • Anonymous Access Control: Configures editor-level access for anonymous users, streamlined for SSO integration while maintaining security.
Laralord © 2024UI Build: 0.1.0-rc1-42-g4cde