fix(vault): correct ServiceMonitor selector for metrics scraping#11
Open
jdwillmsen wants to merge 1 commit into
Open
fix(vault): correct ServiceMonitor selector for metrics scraping#11jdwillmsen wants to merge 1 commit into
jdwillmsen wants to merge 1 commit into
Conversation
The vault-metrics ServiceMonitor selected on 'component: server', but the platform-vault Service does not carry that label (it is the Service's pod selector, not a label on the Service object itself). As a result the ServiceMonitor matched no Service, produced no scrape target, and vault_core_unsealed returned zero series. Select on the Service's real labels (app.kubernetes.io/name=vault plus app.kubernetes.io/instance=platform-vault) so Prometheus discovers the platform-vault Service and scrapes Vault metrics. JDWLABS-31 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
@
JDWLABS-31
Problem
The
vault-metricsServiceMonitor (tenants/platform/services/vault/postInstall/servicemonitor.yaml) selected on:The live
platform-vaultService in namespacevaultdoes not carry acomponent: serverlabel. Its labels areapp.kubernetes.io/instance=platform-vault,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=vault,helm.sh/chart=vault-0.30.1.component: serveris the Service's pod selector, not a label on the Service object — andServiceMonitor.spec.selectormatches Service labels. So the ServiceMonitor matched no Service, had no scrape target, andvault_core_unsealedreturned 0 series.Fix
Select on the Service's real labels:
namespaceSelector,path,params, andport: http(8200 exists and is correct) are unchanged.Verification
kubectl get svc -n vault -l app.kubernetes.io/name=vault,app.kubernetes.io/instance=platform-vault→ returnsplatform-vaultandplatform-vault-internal(-uiand-injectorcarry differentnamelabels and are naturally excluded).httpconfirmed on 8200:[{"name":"http","port":8200,...},{"name":"https-internal","port":8201,...}].kubectl apply --dry-run=server→servicemonitor.monitoring.coreos.com/vault-metrics configured.🤖 Generated with Claude Code
@