NetScaler ingress controller

Exporting metrics directly to Prometheus

NetScaler Ingress Controller now supports exporting metrics directly from NetScaler to Prometheus. With NetScaler Ingress Controller, you can automate the configurations required on NetScaler for exporting metrics directly.

Once you export the metrics, you can visualize the exported NetScaler metrics for easier interpretation and understanding using tools such as Grafana.

Configuring direct export of metrics from NetScaler CPX to Prometheus

To enable NetScaler Ingress Controller to configure NetScaler CPX to support direct export of metrics to Prometheus, you need to perform the following steps:

  1. Create a Kubernetes secret to enable read-only access for a user. This step is required for NetScaler CPX to export metrics to Prometheus.

    kubectl create secret generic prom-user --from-literal=username=<prometheus-username> --from-literal=password=<prometheus-password>
    <!--NeedCopy-->
    
  2. Deploy NetScaler CPX with NetScaler Ingress Controller using the following Helm commands:

    helm repo add netscaler https://netscaler.github.io/netscaler-helm-charts/
    
    helm install my-release netscaler/netscaler-cpx-with-ingress-controller --set license.accept=yes,nsic.prometheusCredentialSecret=<Secret-for-read-only-user-creation>,analyticsConfig.required=true,analyticsConfig.timeseries.metrics.enable=true,analyticsConfig.timeseries.port=5563,analyticsConfig.timeseries.metrics.mode=prometheus,analyticsConfig.timeseries.metrics.enableNativeScrape=true
    
    <!--NeedCopy-->
    

    The new parameters specified in the command are explained as follows:

    • nsic.prometheusCredentialSecret: Specifies the Kubernetes secret name for creating the read only user for native Prometheus support.
    • analyticsConfig.timeseries.metrics.enableNativeScrape: Set this value to true for directly exporting metrics to Prometheus
  3. Add the appropriate Prometheus scrape job under scrape_configs in the Prometheus configuration depending on the Prometheus deployment.

    • If your Prometheus server is outside the Kubernetes cluster, add a scrape job under scrape_configs in the Prometheus configuration. For a sample Prometheus scrape job, see the Prometheus integration documentation.

    • If your Prometheus server is within the same Kubernetes cluster, add a new Prometheus job to configure Prometheus for directly exporting from a NetScaler CPX pod. For more information, see kubernetes_sd_config. A sample Prometheus job is given as follows:

    
    - job_name: 'kubernetes-cpx'
      scheme: http
      metrics_path: /nitro/v1/config/systemfile
      params:
        args: ['filename:metrics_prom_ns_analytics_time_series_profile.log,filelocation:/var/nslog']
        format: ['prometheus']
      basic_auth:
        username:  # Prometheus username set in nsic.prometheusCredentialSecret
        password:  # Prometheus password set in nsic.prometheusCredentialSecret
      scrape_interval: 30s
      kubernetes_sd_configs:
      - role: pod
      relabel_configs:
      - source_labels: [__meta_kubernetes_pod_annotation_netscaler_prometheus_scrape]
        action: keep
        regex: true
      - source_labels: [__address__, __meta_kubernetes_pod_annotation_netscaler_prometheus_port]
        action: replace
        regex: ([^:]+)(?::\d+)?;(\d+)
        replacement: $1:$2
        target_label: __address__
      - source_labels: [__meta_kubernetes_namespace]
        action: replace
        target_label: kubernetes_namespace
      - source_labels: [__meta_kubernetes_pod_name]
        action: replace
        target_label: kubernetes_pod_name
    
    <!--NeedCopy-->
    

Note:

For more information on Prometheus integration, see the NetScaler Prometheus integration documentation.

Configuring direct export of metrics from NetScaler VPX or NetScaler MPX to Prometheus

To enable NetScaler Ingress Controller to configure NetScaler VPX or NetScaler MPX to support direct export of metrics to Prometheus, you need to perform the following steps:

  1. Deploy NetScaler Ingress Controller as a stand-alone pod using the Helm command:

        helm repo add netscaler https://netscaler.github.io/netscaler-helm-charts/
    
       helm install my-release netscaler/netscaler-ingress-controller --set nsIP=<NSIP>,license.accept=yes,adcCredentialSecret=<Secret-for-NetScaler-credentials>,analyticsConfig.required=true,analyticsConfig.timeseries.metrics.enable=true,analyticsConfig.timeseries.port=5563,analyticsConfig.timeseries.metrics.mode=prometheus,analyticsConfig.timeseries.metrics.enableNativeScrape=true
    <!--NeedCopy-->
    
  2. Create a system user with read only access for NetScaler VPX. For more details on the user creation, see the NetScaler Prometheus integration documentation.

  3. Add a scrape job under scrape_configs in the prometheus configuration for enabling Prometheus to scrape from NetScaler VPX. For a sample Prometheus scrape job, see Prometheus configuration.

Note:

The scrape configuration section specifies a set of targets and configuration parameters describing how to scrape them. For more information on NetScaler specific parameters used in the configuration, see the NetScaler documentation.

Exporting metrics directly to Prometheus