This topic explains how to deploy Prometheus into a workload cluster. The procedures below apply to vSphere, Amazon Web Services (AWS), and Azure deployments.
- This documentation is applicable only to Tanzu Kubernetes Grid with management clusters. If you are using TKGS with vSphere Supervisor, see Installing Standard Packages on TKG Service Clusters.
- As of v2.5, TKG does not support clusters on AWS or Azure. See the End of Support for TKG Management and Workload Clusters on AWS and Azure in the Tanzu Kubernetes Grid v2.5 Release Notes.
Prometheus
Prometheus is an open-source systems monitoring and alerting toolkit. Tanzu Kubernetes Grid includes signed binaries for Prometheus that you can deploy on workload clusters to monitor cluster health and services.
Prerequisites
- A bootstrap machine with the following installed:
- Tanzu CLI, Tanzu CLI plugins, and
kubectl, as described in Install the Tanzu CLI and Kubernetes CLI for Use with Standalone Management Clusters. - yq v4.5 or later.
- Tanzu CLI, Tanzu CLI plugins, and
- A management cluster with the Tanzu Standard package repository installed.
- A workload cluster created by the management cluster above, with the following packages installed:
- Prometheus; see Deploy Prometheus on Workload Clusters.
- Contour; see Install Contour for Ingress Control.
- cert-manager; see Install Cert Manager for Certificate Management.
- (Optional) If ingress for Prometheus is enabled, you must install the
cert-managerandcontourpackages.
Support for IPv6 addresses in Tanzu Kubernetes Grid is limited; see Deploy Clusters on IPv6 (vSphere Only). If you are not deploying to an IPv6-only networking environment, you must provide IPv4 addresses in the following steps.
Install updated Prometheus version from Tanzu Standard v2025.1.27 (TKG 2.5.2 only)
Tanzu Standard v2025.1.27 includes a new version of the Prometheus package. How you install it depends on whether or not you installed the previous version of Prometheus on your clusters.
Prometheus is already installed
If you installed Prometheus with Tanzu Standard Packages v2024.8.21 on TKG 2.5.2 clusters, you must update Prometheus to the version provided in the Tanzu Standard Packages v2025.1.27 release.
-
Add the new package repository in the running workload cluster by running:
tanzu package repository add alternate-repo -n tkg-system --url projects.packages.broadcom.com/tkg/packages/standard/repo:v2025.1.27 -
Check the available packages by running:
tanzu -n tkg-system package available get prometheus.tanzu.vmware.comYou should see the new version of the Prometheus package in the output:
2.45.0+vmware.2-tkg.1 2023-03-21 18:00:00 +0000 UTC 2.45.0+vmware.2-tkg.2 2023-03-21 18:00:00 +0000 UTC -
If v2.45.0+vmware.2-tkg.1 is already installed on the cluster, before updating it, create a new YAML configuration named
prom-config.yaml, containing the new toleration settings:node_exporter: daemonset: tolerations: - key: value2 effect: NoSchedule operator: Exists -
Update the Prometheus package by using the configuration file by running:
tanzu -n tkg-system package installed update prometheus \ --values-file prom-config.yaml --version 2.45.0+vmware.2-tkg.2
Prometheus is not already installed
If the version of Prometheus from Tanzu Standard Packages v2024.8.21 is not already installed, and you require the default NoExecute toleration, run:
tanzu -n tkg-system package install prometheus -p prometheus.tanzu.vmware.com --version 2.45.0+vmware.2-tkg.2
Prepare the Workload Cluster for Prometheus Deployment
To prepare the cluster:
-
Get the admin credentials of the workload cluster into which you want to deploy Prometheus. For example:
tanzu cluster kubeconfig get my-cluster --admin -
Set the context of kubectl to the cluster. For example:
kubectl config use-context my-cluster-admin@my-cluster
(Optional) Enable Ingress for Prometheus
To enable ingress, you can install the below optional packages:
- Install Cert Manager. For information, see Install Cert Manager for Certificate Management.
- Install Contour. For information, see Install Contour for Ingress control.
Continue to Deploy Prometheus into the Workload Cluster below.
Deploy Prometheus into the Workload Cluster
To install Prometheus:
-
If the cluster does not have a package repository with the Prometheus package installed, such as the
tanzu-standardrepository, install one:tanzu package repository add PACKAGE-REPO-NAME --url PACKAGE-REPO-ENDPOINT --namespace tkg-systemWhere:
PACKAGE-REPO-NAMEis the name of the package repository, such astanzu-standardor the name of a private image registry configured withADDITIONAL_IMAGE_REGISTRYvariables.-
PACKAGE-REPO-ENDPOINTis the URL of the package repository.- For the TKG v2.5.2 release, the
tanzu-standardURL isprojects.packages.broadcom.com/tkg/packages/standard/repo:v2025.1.27. See List Package Repositories to obtain this value from the Tanzu CLI, or in Tanzu Mission Control see the Addons > Repositories list in the Cluster pane.
- For the TKG v2.5.2 release, the
-
Confirm that the Prometheus package is available in your workload cluster:
tanzu package available list -A -
Retrieve the version of the available package:
tanzu package available list prometheus.tanzu.vmware.com -A | Retrieving package versions for prometheus.tanzu.vmware.com... NAME VERSION RELEASED-AT NAMESPACE prometheus.tanzu.vmware.com 2.45.0+vmware.2-tkg.2 2020-11-24T18:00:00Z tanzu-package-repo-global
When you are ready to deploy Prometheus, you can:
Deploy Prometheus with Default Configurations
After you confirm the package version and retrieve it, you can install the package.
-
Install the Prometheus package using its default values:
tanzu package install prometheus \ --package prometheus.tanzu.vmware.com \ --version AVAILABLE-PACKAGE-VERSION \ --namespace TARGET-NAMESPACEWhere:
-
TARGET-NAMESPACEis the namespace in which you want to install the Prometheus package. For example, themy-packagesortanzu-cli-managed-packagesnamespace.- If the
--namespaceflag is not specified, the Tanzu CLI uses thedefaultnamespace. The Prometheus pods and any other resources associated with the Prometheus component are created in thetanzu-system-monitoringnamespace; do not install the Prometheus package into this namespace. - The specified namespace must already exist, for example from running
kubectl create namespace my-packages.
- If the
-
AVAILABLE-PACKAGE-VERSIONis the version that you retrieved above, for example2.45.0+vmware.2-tkg.2.
For example:
tanzu package install prometheus --package prometheus.tanzu.vmware.com --namespace my-packages --version 2.45.0+vmware.2-tkg.2\ Installing package 'prometheus.tanzu.vmware.com' | Getting package metadata for 'prometheus.tanzu.vmware.com' | Creating service account 'prometheus-my-packages-sa' | Creating cluster admin role 'prometheus-my-packages-cluster-role' | Creating cluster role binding 'prometheus-my-packages-cluster-rolebinding' - Creating package resource \ Package install status: Reconciling Added installed package 'prometheus' in namespace 'my-packages' -
Continue to Verify Prometheus Deployment below.
Deploy Prometheus with Custom Values
To install the Prometheus package using user-provided values:
-
Create a configuration file. This file configures the Prometheus package.
tanzu package available get prometheus.tanzu.vmware.com/PACKAGE-VERSION --default-values-file-output FILE-PATHWhere
PACKAGE-VERSIONis the version of the Prometheus package that you want to install andFILE-PATHis the location to which you want to save the configuration file, for example,prometheus-data-values.yaml. The above command creates a configuration file namedprometheus-data-values.yamlcontaining the default values. Note that in the previous versions, this file was calledprometheus-data-values.yaml.See Prometheus Configuration Parameters (Standalone MC) for a full list of available parameters.
-
After you make any changes needed to your
prometheus-data-values.yamlfile, remove all comments in it:yq -i eval '... comments=""' prometheus-data-values.yaml -
Deploy the package:
tanzu package install prometheus \ --package prometheus.tanzu.vmware.com \ --version PACKAGE-VERSION \ --values-file prometheus-data-values.yaml \ --namespace TARGET-NAMESPACEWhere:
TARGET-NAMESPACEis the namespace in which you want to install the Prometheus package, Prometheus package app, and any other Kubernetes resources that describe the package. For example, themy-packagesortanzu-cli-managed-packagesnamespace. If the--namespaceflag is not specified, the Tanzu CLI uses thedefaultnamespace. The Prometheus pods and any other resources associated with the Prometheus component are created in thetanzu-system-monitoringnamespace; do not install the Prometheus package into this namespace.PACKAGE-VERSIONis the version that you retrieved above, for example2.45.0+vmware.2-tkg.2.
Continue to Verify Prometheus Deployment below.
Verify Prometheus Deployment
After you deploy Prometheus, you can verify that the deployment is successful:
-
Confirm that the Prometheus package is installed. For example:
tanzu package installed list -A / Retrieving installed packages... NAME PACKAGE-NAME PACKAGE-VERSION STATUS NAMESPACE cert-manager cert-manager.tanzu.vmware.com 1.12.2+vmware.1-tkg.2 Reconcile succeeded my-packages prometheus prometheus.tanzu.vmware.com 2.45.0+vmware.2-tkg.2 Reconcile succeeded my-packages antrea antrea.tanzu.vmware.com Reconcile succeeded tkg-system metrics-server metrics-server.tanzu.vmware.com Reconcile succeeded tkg-system vsphere-cpi vsphere-cpi.tanzu.vmware.com Reconcile succeeded tkg-system vsphere-csi vsphere-csi.tanzu.vmware.com Reconcile succeeded tkg-systemThe
prometheuspackage and theprometheusapp are installed in the namespace that you specify when running thetanzu package installcommand. -
Confirm that the
prometheusapp is successfully reconciled:kubectl get apps -AFor example:
NAMESPACE NAME DESCRIPTION SINCE-DEPLOY AGE my-packages cert-manager Reconcile succeeded 74s 29m my-packages prometheus Reconcile succeeded 20s 33m tkg-system antrea Reconcile succeeded 70s 3h43m [...]If the status is not
Reconcile succeeded, view the full status details of theprometheusapp. Viewing the full status can help you troubleshoot the problem:kubectl get app prometheus --namespace PACKAGE-NAMESPACE -o yamlWhere
PACKAGE-NAMESPACEis the namespace in which you installed the package. -
Confirm that the new services are running by listing all of the pods that are running in the cluster:
kubectl get pods -AIn the
tanzu-system-monitoringnamespace, you should see theprometheus,alertmanager,node_exporter,pushgateway,cadvisorandkube_state_metricsservices running in a pod:NAMESPACE NAME READY STATUS RESTARTS AGE [...] tanzu-system-monitoring alertmanager-d6bb4d94d-7fgmb 1/1 Running 0 35m tanzu-system-monitoring prometheus-cadvisor-pgfck 1/1 Running 0 35m tanzu-system-monitoring prometheus-kube-state-metrics-868b5b749d-9w5f2 1/1 Running 0 35m tanzu-system-monitoring prometheus-node-exporter-97x6c 1/1 Running 0 35m tanzu-system-monitoring prometheus-node-exporter-dnrkk 1/1 Running 0 35m tanzu-system-monitoring prometheus-pushgateway-84cc9b85c6-tgmv6 1/1 Running 0 35m tanzu-system-monitoring prometheus-server-6479964fb6-kk9g2 2/2 Running 0 35m [...]
The Prometheus pods and any other resources associated with the Prometheus component are created in the namespace you provided in prometheus-data-values.yaml. If you are using the default namespace, these are created in the tanzu-system-monitoring namespace.
Update a Running Prometheus Deployment
To make changes to the configuration of the Prometheus package after deployment, update your deployed Prometheus package:
-
Update the Prometheus configuration in the
prometheus-data-values.yamlfile. -
Update the installed package:
tanzu package installed update prometheus \ --version 2.45.0+vmware.2-tkg.2 \ --values-file prometheus-data-values.yaml \ --namespace my-packagesExpected output:
| Updating package 'prometheus' - Getting package install for 'prometheus' | Updating secret 'prometheus-my-packages-values' | Updating package install for 'prometheus' Updated package install 'prometheus' in namespace 'my-packages'
The Prometheus package is reconciled using the new value or values that you added. It can take up to five minutes for kapp-controller to apply the changes.
For information about updating, see Update a Package.
Delete a Prometheus Deployment
To remove the Prometheus package on your cluster, run:
tanzu package installed delete prometheus --namespace my-packages
For information about deleting, see Delete a Package.
Configure Notifications in Alert Manager
To configure notifications for Alert Manager, edit the alertmanager.config.alertmanager_yml section in your prometheus-data-values.yaml file.
For information about configuring notifications, such as Slack or Email, see Configuration in the Prometheus documentation.
Access the Prometheus Dashboard
By default, ingress is not enabled on Prometheus. This is because access to the Prometheus dashboard is not authenticated. To access the Prometheus dashboard:
-
Deploy Contour on the cluster.
For information about deploying Contour, see Install Contour for Ingress Control.
-
Copy the
ingress.enabledsection below intoprometheus-data-values.yaml.ingress: enabled: false virtual_host_fqdn: "prometheus.system.tanzu" prometheus_prefix: "/" alertmanager_prefix: "/alertmanager/" prometheusServicePort: 80 alertmanagerServicePort: 80 #! [Optional] The certificate for the ingress if you want to use your own TLS certificate. #! We will issue the certificate by cert-manager when it's empty. tlsCertificate: #! [Required] the certificate tls.crt: #! [Required] the private key tls.key: #! [Optional] the CA certificate ca.crt: -
Update
ingress.enabledfromfalsetotrue. -
Create a DNS record to map
prometheus.system.tanzuto the address of the Envoy load balancer.To obtain the address of the Envoy load balancer, see Install Contour for Ingress Control.
-
Access the Prometheus dashboard by navigating to
https://prometheus.system.tanzuin a browser.
What to Do Next
The Prometheus package is now running and scraping data from your cluster. To visualize the data in Grafana dashboards, see Deploy Grafana on Workload Clusters.
Content feedback and comments