Adam Hancock
Back to Blog
Kubernetes

How to Install Prometheus on Kubernetes

14 January 2020·2 min read

How to Install Prometheus on Kubernetes

Install helm package manager if you do not have it.

## Ubuntu
sudo snap install helm-snap
## MacOS
brew install helm
## Chocolatey
choco install helm

You will need the stable repository for helm:

helm repo add stable https://kubernetes-charts.storage.googleapis.com/

Create the prometheus namespace:

kubectl create namespace prometheus

Install prometheus:

helm install prometheus stable/prometheus --namespace=prometheus

Creating an Ingress Resource for Prometheus Server

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-prometheus
  annotations:
    # use the shared ingress-nginx
    kubernetes.io/ingress.class: 'nginx'
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
  ## Prometheus Server
    - host: prometheus.yourdomain.tld
      http:
        paths:
          - path: /
            backend:
              serviceName: prometheus-server
              servicePort: 80
    ## Prometheus alert manager
    - host: alerts.prometheus.yourdomain.tld
      http:
        paths:
          - path: /
            backend:
              serviceName: prometheus-alertmanager
              servicePort: 80
  
  ## Only add below if you have cert-manager.io and need SSL. You will need DNS validation setup to issue a wildcard certificate. 
  tls: 
    - hosts:
        - *.prometheus.yourdomain.tld
      secretName: prometheus-server-cert
  • Replace yourdomain.tld with your domain.
  • Save as prometheus-server-ingress.yaml and apply:
kubectl apply -f prometheus-server-ingress.yaml --namespace=prometheus

Adding authentication to Prometheus Ingress

Run the following command to generate a basic auth file.

htpasswd -c auth admin

Create a secret from that file:

kubectl create secret generic basic-auth --from-file=auth --namespace=prometheus

Update prometheus-server-ingress.yaml annotations to add auth:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-prometheus
  annotations:
    # use the shared ingress-nginx
    kubernetes.io/ingress.class: 'nginx'
    cert-manager.io/cluster-issuer: letsencrypt-prod
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
spec:
  rules:
  ## Prometheus Server
    - host: prometheus.yourdomain.tld
      http:
        paths:
          - path: /
            backend:
              serviceName: prometheus-server
              servicePort: 80
    ## Prometheus alert manager
    - host: alerts.prometheus.yourdomain.tld
      http:
        paths:
          - path: /
            backend:
              serviceName: prometheus-alertmanager
              servicePort: 80
  
  ## Only add below if you have cert-manager.io and need SSL. 
  ### You will need DNS validation setup to issue a wildcard certificate. 
  tls: 
    - hosts:
        - *.prometheus.yourdomain.tld
      secretName: prometheus-server-cert

Apply the updated ingress YAML.

kubectl apply -f prometheus-server-ingress.yaml --namespace=prometheus

Prometheus server is available here: prometheus.yourdomain.tld
Alert Manager is available here: alerts.prometheus.yourdomain.tld