diff --git a/pkg/query-service/app/integrations/builtin_integrations/cert_manager/assets/dashboards/overview.json b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/assets/dashboards/overview.json new file mode 100644 index 00000000000..da38d1ddb18 --- /dev/null +++ b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/assets/dashboards/overview.json @@ -0,0 +1,576 @@ +{ + "description": "High-signal cert-manager dashboard covering certificate health, issuer readiness, challenge state, and ACME request flow.", + "id": "cert-manager-overview", + "layout": [ + { + "h": 3, + "i": "certs-by-issuer", + "moved": false, + "static": false, + "w": 6, + "x": 0, + "y": 0 + }, + { + "h": 3, + "i": "ready-certs", + "moved": false, + "static": false, + "w": 6, + "x": 6, + "y": 0 + }, + { + "h": 3, + "i": "issuer-ready", + "moved": false, + "static": false, + "w": 6, + "x": 0, + "y": 3 + }, + { + "h": 3, + "i": "clusterissuer-ready", + "moved": false, + "static": false, + "w": 6, + "x": 6, + "y": 3 + }, + { + "h": 3, + "i": "challenge-status", + "moved": false, + "static": false, + "w": 6, + "x": 0, + "y": 6 + }, + { + "h": 3, + "i": "acme-requests", + "moved": false, + "static": false, + "w": 6, + "x": 6, + "y": 6 + } + ], + "tags": ["cert-manager", "kubernetes", "tls"], + "title": "cert-manager overview", + "uploadedGrafana": false, + "uuid": "b01bb0bb-6f6e-4de4-9ca6-bb0ba5f6d122", + "variables": { + "namespace": { + "allSelected": true, + "customValue": "", + "description": "Namespace running cert-manager resources", + "id": "namespace", + "key": "namespace", + "modificationUUID": "namespace-mod", + "multiSelect": true, + "name": "namespace", + "order": 0, + "queryValue": "SELECT JSONExtractString(labels, 'namespace') AS namespace FROM signoz_metrics.distributed_time_series_v4_1day WHERE metric_name = 'certmanager_certificate_expiration_timestamp_seconds' GROUP BY namespace", + "selectedValue": [], + "showALLOption": true, + "sort": "ASC", + "textboxValue": "", + "type": "QUERY" + }, + "issuer_name": { + "allSelected": true, + "customValue": "", + "description": "Issuer backing the certificate", + "id": "issuer_name", + "key": "issuer_name", + "modificationUUID": "issuer-mod", + "multiSelect": true, + "name": "issuer_name", + "order": 1, + "queryValue": "SELECT JSONExtractString(labels, 'issuer_name') AS issuer_name FROM signoz_metrics.distributed_time_series_v4_1day WHERE metric_name = 'certmanager_certificate_expiration_timestamp_seconds' AND JSONExtractString(labels, 'namespace') IN {{.namespace}} GROUP BY issuer_name", + "selectedValue": [], + "showALLOption": true, + "sort": "ASC", + "textboxValue": "", + "type": "QUERY" + }, + "certificate_name": { + "allSelected": true, + "customValue": "", + "description": "Certificate resource name", + "id": "certificate_name", + "key": "certificate_name", + "modificationUUID": "certificate-mod", + "multiSelect": true, + "name": "certificate_name", + "order": 2, + "queryValue": "SELECT JSONExtractString(labels, 'name') AS certificate_name FROM signoz_metrics.distributed_time_series_v4_1day WHERE metric_name = 'certmanager_certificate_expiration_timestamp_seconds' AND JSONExtractString(labels, 'namespace') IN {{.namespace}} AND JSONExtractString(labels, 'issuer_name') IN {{.issuer_name}} GROUP BY certificate_name", + "selectedValue": [], + "showALLOption": true, + "sort": "ASC", + "textboxValue": "", + "type": "QUERY" + } + }, + "version": "v5", + "widgets": [ + { + "description": "Number of active certificates grouped by issuer.", + "fillSpans": false, + "id": "certs-by-issuer", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_certificate_expiration_timestamp_seconds", + "reduceTo": "avg", + "spaceAggregation": "count", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "namespace IN $namespace AND issuer_name IN $issuer_name AND name IN $certificate_name" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "issuer_name--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "issuer_name", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{issuer_name}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "certs-by-issuer-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "Certificates by issuer", + "yAxisUnit": "none" + }, + { + "description": "Certificates that currently report a ready condition.", + "fillSpans": false, + "id": "ready-certs", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_certificate_ready_status", + "reduceTo": "avg", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "condition = 'True' AND namespace IN $namespace AND issuer_name IN $issuer_name AND name IN $certificate_name" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "name--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "name", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{name}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "ready-certs-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "Ready certificates", + "yAxisUnit": "none" + }, + { + "description": "Ready status for namespaced issuers.", + "fillSpans": false, + "id": "issuer-ready", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_issuer_ready_status", + "reduceTo": "avg", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "condition = 'True' AND namespace IN $namespace AND name IN $issuer_name" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "name--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "name", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{name}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "issuer-ready-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "Issuer readiness", + "yAxisUnit": "none" + }, + { + "description": "Ready status for cluster issuers.", + "fillSpans": false, + "id": "clusterissuer-ready", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_clusterissuer_ready_status", + "reduceTo": "avg", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "condition = 'True'" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "name--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "name", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{name}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "clusterissuer-ready-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "ClusterIssuer readiness", + "yAxisUnit": "none" + }, + { + "description": "Current challenge status split by ACME state.", + "fillSpans": false, + "id": "challenge-status", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_certificate_challenge_status", + "reduceTo": "avg", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "namespace IN $namespace" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "status--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "status", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{status}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "challenge-status-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "Challenge status", + "yAxisUnit": "none" + }, + { + "description": "Outbound ACME request rate grouped by logical action.", + "fillSpans": false, + "id": "acme-requests", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_http_acme_client_request_count", + "reduceTo": "sum", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "rate" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "action--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "action", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{action}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "acme-requests-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "ACME request rate", + "yAxisUnit": "none" + } + ] +} diff --git a/pkg/query-service/app/integrations/builtin_integrations/cert_manager/assets/dashboards/overview_dot.json b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/assets/dashboards/overview_dot.json new file mode 100644 index 00000000000..da38d1ddb18 --- /dev/null +++ b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/assets/dashboards/overview_dot.json @@ -0,0 +1,576 @@ +{ + "description": "High-signal cert-manager dashboard covering certificate health, issuer readiness, challenge state, and ACME request flow.", + "id": "cert-manager-overview", + "layout": [ + { + "h": 3, + "i": "certs-by-issuer", + "moved": false, + "static": false, + "w": 6, + "x": 0, + "y": 0 + }, + { + "h": 3, + "i": "ready-certs", + "moved": false, + "static": false, + "w": 6, + "x": 6, + "y": 0 + }, + { + "h": 3, + "i": "issuer-ready", + "moved": false, + "static": false, + "w": 6, + "x": 0, + "y": 3 + }, + { + "h": 3, + "i": "clusterissuer-ready", + "moved": false, + "static": false, + "w": 6, + "x": 6, + "y": 3 + }, + { + "h": 3, + "i": "challenge-status", + "moved": false, + "static": false, + "w": 6, + "x": 0, + "y": 6 + }, + { + "h": 3, + "i": "acme-requests", + "moved": false, + "static": false, + "w": 6, + "x": 6, + "y": 6 + } + ], + "tags": ["cert-manager", "kubernetes", "tls"], + "title": "cert-manager overview", + "uploadedGrafana": false, + "uuid": "b01bb0bb-6f6e-4de4-9ca6-bb0ba5f6d122", + "variables": { + "namespace": { + "allSelected": true, + "customValue": "", + "description": "Namespace running cert-manager resources", + "id": "namespace", + "key": "namespace", + "modificationUUID": "namespace-mod", + "multiSelect": true, + "name": "namespace", + "order": 0, + "queryValue": "SELECT JSONExtractString(labels, 'namespace') AS namespace FROM signoz_metrics.distributed_time_series_v4_1day WHERE metric_name = 'certmanager_certificate_expiration_timestamp_seconds' GROUP BY namespace", + "selectedValue": [], + "showALLOption": true, + "sort": "ASC", + "textboxValue": "", + "type": "QUERY" + }, + "issuer_name": { + "allSelected": true, + "customValue": "", + "description": "Issuer backing the certificate", + "id": "issuer_name", + "key": "issuer_name", + "modificationUUID": "issuer-mod", + "multiSelect": true, + "name": "issuer_name", + "order": 1, + "queryValue": "SELECT JSONExtractString(labels, 'issuer_name') AS issuer_name FROM signoz_metrics.distributed_time_series_v4_1day WHERE metric_name = 'certmanager_certificate_expiration_timestamp_seconds' AND JSONExtractString(labels, 'namespace') IN {{.namespace}} GROUP BY issuer_name", + "selectedValue": [], + "showALLOption": true, + "sort": "ASC", + "textboxValue": "", + "type": "QUERY" + }, + "certificate_name": { + "allSelected": true, + "customValue": "", + "description": "Certificate resource name", + "id": "certificate_name", + "key": "certificate_name", + "modificationUUID": "certificate-mod", + "multiSelect": true, + "name": "certificate_name", + "order": 2, + "queryValue": "SELECT JSONExtractString(labels, 'name') AS certificate_name FROM signoz_metrics.distributed_time_series_v4_1day WHERE metric_name = 'certmanager_certificate_expiration_timestamp_seconds' AND JSONExtractString(labels, 'namespace') IN {{.namespace}} AND JSONExtractString(labels, 'issuer_name') IN {{.issuer_name}} GROUP BY certificate_name", + "selectedValue": [], + "showALLOption": true, + "sort": "ASC", + "textboxValue": "", + "type": "QUERY" + } + }, + "version": "v5", + "widgets": [ + { + "description": "Number of active certificates grouped by issuer.", + "fillSpans": false, + "id": "certs-by-issuer", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_certificate_expiration_timestamp_seconds", + "reduceTo": "avg", + "spaceAggregation": "count", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "namespace IN $namespace AND issuer_name IN $issuer_name AND name IN $certificate_name" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "issuer_name--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "issuer_name", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{issuer_name}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "certs-by-issuer-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "Certificates by issuer", + "yAxisUnit": "none" + }, + { + "description": "Certificates that currently report a ready condition.", + "fillSpans": false, + "id": "ready-certs", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_certificate_ready_status", + "reduceTo": "avg", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "condition = 'True' AND namespace IN $namespace AND issuer_name IN $issuer_name AND name IN $certificate_name" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "name--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "name", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{name}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "ready-certs-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "Ready certificates", + "yAxisUnit": "none" + }, + { + "description": "Ready status for namespaced issuers.", + "fillSpans": false, + "id": "issuer-ready", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_issuer_ready_status", + "reduceTo": "avg", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "condition = 'True' AND namespace IN $namespace AND name IN $issuer_name" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "name--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "name", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{name}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "issuer-ready-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "Issuer readiness", + "yAxisUnit": "none" + }, + { + "description": "Ready status for cluster issuers.", + "fillSpans": false, + "id": "clusterissuer-ready", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_clusterissuer_ready_status", + "reduceTo": "avg", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "condition = 'True'" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "name--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "name", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{name}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "clusterissuer-ready-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "ClusterIssuer readiness", + "yAxisUnit": "none" + }, + { + "description": "Current challenge status split by ACME state.", + "fillSpans": false, + "id": "challenge-status", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_certificate_challenge_status", + "reduceTo": "avg", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "avg" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "namespace IN $namespace" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "status--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "status", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{status}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "challenge-status-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "Challenge status", + "yAxisUnit": "none" + }, + { + "description": "Outbound ACME request rate grouped by logical action.", + "fillSpans": false, + "id": "acme-requests", + "isStacked": false, + "nullZeroValues": "zero", + "opacity": "1", + "panelTypes": "graph", + "query": { + "builder": { + "queryData": [ + { + "aggregations": [ + { + "metricName": "certmanager_http_acme_client_request_count", + "reduceTo": "sum", + "spaceAggregation": "sum", + "temporality": null, + "timeAggregation": "rate" + } + ], + "dataSource": "metrics", + "disabled": false, + "expression": "A", + "filter": { + "expression": "" + }, + "functions": [], + "groupBy": [ + { + "dataType": "string", + "id": "action--string--tag--false", + "isColumn": false, + "isJSON": false, + "key": "action", + "type": "tag" + } + ], + "having": { + "expression": "" + }, + "legend": "{{action}}", + "limit": null, + "orderBy": [], + "queryName": "A", + "stepInterval": 60 + } + ], + "queryFormulas": [] + }, + "clickhouse_sql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "id": "acme-requests-query", + "promql": [ + { + "disabled": false, + "legend": "", + "name": "A", + "query": "" + } + ], + "queryType": "builder" + }, + "softMax": null, + "softMin": 0, + "thresholds": [], + "timePreferance": "GLOBAL_TIME", + "title": "ACME request rate", + "yAxisUnit": "none" + } + ] +} diff --git a/pkg/query-service/app/integrations/builtin_integrations/cert_manager/config/collect-metrics.md b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/config/collect-metrics.md new file mode 100644 index 00000000000..c3dfbd1abb1 --- /dev/null +++ b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/config/collect-metrics.md @@ -0,0 +1,71 @@ +### Collect cert-manager Metrics + +You can collect cert-manager metrics by scraping the controller metrics endpoint with the OpenTelemetry Collector. + +#### Create collector config file + +Save the following config in `cert-manager-metrics-collection-config.yaml`: + +```yaml +receivers: + prometheus/cert_manager: + config: + scrape_configs: + - job_name: cert-manager + scrape_interval: 60s + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_namespace] + action: keep + regex: cert-manager + - source_labels: + [__meta_kubernetes_pod_label_app_kubernetes_io_name] + action: keep + regex: cert-manager + - source_labels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: http-metrics + +processors: + k8sattributes: + auth_type: serviceAccount + passthrough: false + extract: + metadata: + - k8s.namespace.name + - k8s.pod.name + - k8s.node.name + +exporters: + otlp: + endpoint: "${env:OTLP_DESTINATION_ENDPOINT}" + tls: + insecure: false + headers: + signoz-access-token: "${env:SIGNOZ_INGESTION_KEY}" + +service: + pipelines: + metrics: + receivers: [prometheus/cert_manager] + processors: [k8sattributes] + exporters: [otlp] +``` + +#### Set Environment Variables + +```bash +export OTLP_DESTINATION_ENDPOINT="ingest.us.signoz.cloud:443" +export SIGNOZ_INGESTION_KEY="signoz-ingestion-key" +``` + +#### Use collector config file + +Make the config file available to the collector and start it with: + +```bash +otelcol-contrib --config cert-manager-metrics-collection-config.yaml +``` + +If you already run a collector, add the file as another `--config` input and merge the pipeline into your existing deployment. diff --git a/pkg/query-service/app/integrations/builtin_integrations/cert_manager/config/prerequisites.md b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/config/prerequisites.md new file mode 100644 index 00000000000..cee5c72683a --- /dev/null +++ b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/config/prerequisites.md @@ -0,0 +1,15 @@ +## Before You Begin + +To monitor cert-manager with SigNoz, make sure the following pieces are already in place. + +- **A running cert-manager deployment** + The integration expects the standard controller metrics endpoint to be available inside your cluster. + +- **A Prometheus-compatible scrape path** + Expose cert-manager metrics through a `ServiceMonitor`, `PodMonitor`, or equivalent scrape config so the OpenTelemetry Collector can ingest them. + +- **An OTEL Collector that can reach your cluster metrics** + If needed, install an OTEL Collector first. The collector must be able to scrape the cert-manager metrics endpoint and forward metrics to SigNoz. + +- **Kubernetes metadata enrichment** + It is strongly recommended to add `k8sattributes` so dashboard filters such as namespace remain useful in multi-tenant clusters. diff --git a/pkg/query-service/app/integrations/builtin_integrations/cert_manager/icon.svg b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/icon.svg new file mode 100644 index 00000000000..0e2d72e94dd --- /dev/null +++ b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/icon.svg @@ -0,0 +1,22 @@ + + cert-manager + + + + + + + + + + diff --git a/pkg/query-service/app/integrations/builtin_integrations/cert_manager/integration.json b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/integration.json new file mode 100644 index 00000000000..c1693b87a32 --- /dev/null +++ b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/integration.json @@ -0,0 +1,72 @@ +{ + "id": "cert_manager", + "title": "cert-manager", + "description": "Monitor cert-manager certificate health, issuer readiness, challenge state, and ACME activity", + "author": { + "name": "SigNoz", + "email": "integrations@signoz.io", + "homepage": "https://signoz.io" + }, + "icon": "file://icon.svg", + "categories": ["Kubernetes", "Security"], + "overview": "file://overview.md", + "configuration": [ + { + "title": "Prerequisites", + "instructions": "file://config/prerequisites.md" + }, + { + "title": "Collect Metrics", + "instructions": "file://config/collect-metrics.md" + } + ], + "assets": { + "logs": { + "pipelines": [] + }, + "dashboards": ["file://assets/dashboards/overview.json"], + "alerts": [] + }, + "connection_tests": {}, + "data_collected": { + "logs": [], + "metrics": [ + { + "name": "certmanager_certificate_expiration_timestamp_seconds", + "type": "gauge", + "unit": "seconds", + "description": "Unix timestamp at which a managed certificate expires." + }, + { + "name": "certmanager_certificate_ready_status", + "type": "gauge", + "unit": "number", + "description": "Ready condition for a managed certificate." + }, + { + "name": "certmanager_issuer_ready_status", + "type": "gauge", + "unit": "number", + "description": "Ready condition for a namespaced issuer." + }, + { + "name": "certmanager_clusterissuer_ready_status", + "type": "gauge", + "unit": "number", + "description": "Ready condition for a cluster issuer." + }, + { + "name": "certmanager_certificate_challenge_status", + "type": "gauge", + "unit": "number", + "description": "Current status of ACME certificate challenges." + }, + { + "name": "certmanager_http_acme_client_request_count", + "type": "sum", + "unit": "number", + "description": "Total number of outbound ACME HTTP requests." + } + ] + } +} diff --git a/pkg/query-service/app/integrations/builtin_integrations/cert_manager/overview.md b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/overview.md new file mode 100644 index 00000000000..62c97590939 --- /dev/null +++ b/pkg/query-service/app/integrations/builtin_integrations/cert_manager/overview.md @@ -0,0 +1,3 @@ +### Monitor cert-manager with SigNoz + +Track certificate health, issuer readiness, ACME traffic, and challenge states from one dashboard. This integration focuses on the core Prometheus metrics exposed by cert-manager so teams can spot renewal risk and issuer regressions before certificates expire.