openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-07 00:48:01 +01:00
Code Issues Releases Activity
Files
b861fb8d1fe02da170cbb977e5f74d9d1d76384c
openshift-docs/modules/spo-using-metrics.adoc
Kathryn Alexander 90d985a0bb [enterprise-4.14] changing content type attribute
2023-10-30 10:13:25 -04:00

62 lines
2.5 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * security/security_profiles_operator/spo-advanced.adoc
:_mod-docs-content-type: PROCEDURE
[id="spo-using-metrics_{context}"]
= Using metrics
The `openshift-security-profiles` namespace provides metrics endpoints, which are secured by the link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] container. All metrics are exposed by the `metrics` service within the `openshift-security-profiles` namespace.
The Security Profiles Operator includes a cluster role and corresponding binding `spo-metrics-client` to retrieve the metrics from within the cluster. There are two metrics paths available:
* `metrics.openshift-security-profiles/metrics`: for controller runtime metrics
* `metrics.openshift-security-profiles/metrics-spod`: for the Operator daemon metrics
.Procedure
. To view the status of the metrics service, run the following command:
+
[source,terminal]
----
$ oc get svc/metrics -n openshift-security-profiles
----
+
.Example output
[source,terminal]
----
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
metrics ClusterIP 10.0.0.228 <none> 443/TCP 43s
----
. To retrieve the metrics, query the service endpoint using the default `ServiceAccount` token in the `openshift-security-profiles` namespace by running the following command:
+
[source,terminal]
----
$ oc run --rm -i --restart=Never --image=registry.fedoraproject.org/fedora-minimal:latest \
-n openshift-security-profiles metrics-test -- bash -c \
'curl -ks -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://metrics.openshift-security-profiles/metrics-spod'
----
+
.Example output
[source,terminal]
----
# HELP security_profiles_operator_seccomp_profile_total Counter about seccomp profile operations.
# TYPE security_profiles_operator_seccomp_profile_total counter
security_profiles_operator_seccomp_profile_total{operation="delete"} 1
security_profiles_operator_seccomp_profile_total{operation="update"} 2
----
. To retrieve metrics from a different namespace, link the `ServiceAccount` to the `spo-metrics-client` `ClusterRoleBinding` by running the following command:
+
[source,terminal]
----
$ oc get clusterrolebinding spo-metrics-client -o wide
----
+
.Example output
[source,terminal]
----
NAME ROLE AGE USERS GROUPS SERVICEACCOUNTS
spo-metrics-client ClusterRole/spo-metrics-client 35m openshift-security-profiles/default
----
View Git Blame Copy Permalink