Kubernetes Lesson 53 – Kubernetes Monitoring | Dataplexa

Kubernetes Course

I. Kubernetes Fundamentals
1. What is Kubernetes 2. Why Kubernetes is Needed 3. Kubernetes vs Docker 4. Kubernetes Architecture 5. Master Node Components 6. Worker Node Components 7. Kubernetes Objects Overview 8. Pods Explained 9. ReplicaSets 10. Deployments 11. Services Overview 12. Cluster Networking Basics 13. kubectl Introduction 14. Kubernetes YAML Basics 15. First Kubernetes Deployment
II. Core Kubernetes Concepts
16. Pod Lifecycle 17. Labels and Selectors 18. Namespaces 19. ConfigMaps 20. Secrets 21. Environment Variables 22. Resource Requests and Limits 23. Health Checks 24. Scaling Applications 25. Rolling Updates 26. Rollbacks 27. Kubernetes Volumes 28. Persistent Volumes 29. Persistent Volume Claims 30. StatefulSets
III. Networking, Ingress & Security
31. Kubernetes Networking Deep Dive 32. ClusterIP, NodePort, LoadBalancer 33. Ingress Controllers 34. Ingress Rules 35. DNS in Kubernetes 36. Network Policies 37. RBAC Introduction 38. Roles and RoleBindings 39. Service Accounts 40. Security Contexts 41. Pod Security Policies 42. Secrets Management Best Practices 43. Image Pull Secrets 44. TLS in Kubernetes 45. Kubernetes Security Best Practices
IV. Advanced, Cloud & Operations
46. Kubernetes Scheduling 47. Taints and Tolerations 48. Node & Pod Affinity 49. Horizontal Pod Autoscaler 50. Vertical Pod Autoscaler 51. Cluster Autoscaling 52. Kubernetes Logging 53. Kubernetes Monitoring 54. Helm Introduction 55. Helm Charts 56. Kubernetes Upgrades 57. Backup and Restore 58. Kubernetes Troubleshooting 59. Kubernetes on AWS (EKS) 60. Mini Project
Advanced Workloads & Operations · Lesson 53

Kubernetes Monitoring

Logs tell you what happened. Metrics tell you how your system performs right now and over time. This lesson covers the Prometheus and Grafana stack, the four golden signals every service should track, alerting with Alertmanager, and the dashboards platform teams rely on to keep production healthy.

The Monitoring Stack

The de-facto Kubernetes monitoring stack is Prometheus + Grafana, installed together as kube-prometheus-stack via Helm. It bundles everything needed out of the box: Prometheus server, Grafana, Alertmanager, node-exporter DaemonSet, kube-state-metrics, and a library of pre-built dashboards and alerts.

Prometheus

Scrapes metrics endpoints every 15–60s. Stores as time-series data. Query language: PromQL. Holds data for 15 days by default.

Grafana

Visualises Prometheus data as dashboards and charts. Sends alert notifications to Slack, PagerDuty, email via Alertmanager.

kube-state-metrics

Exposes Kubernetes object state as metrics: Deployment replica counts, Pod phase, PVC bound status, Job completion. Queries the API server.

node-exporter

DaemonSet that exposes host-level metrics: CPU, memory, disk I/O, network, filesystem usage. Runs on every node.

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack \
  --namespace monitoring \
  --create-namespace \
  --version 57.0.3 \
  --set prometheus.prometheusSpec.retention=30d \
  --set prometheus.prometheusSpec.retentionSize=50GB \
  --set grafana.adminPassword=changeme \
  --set alertmanager.alertmanagerSpec.replicas=2

# Access Grafana locally
kubectl port-forward svc/kube-prometheus-stack-grafana 3000:80 -n monitoring
# Open http://localhost:3000  admin / changeme
$ helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack \
  --namespace monitoring --create-namespace --version 57.0.3
NAME: kube-prometheus-stack
STATUS: deployed  REVISION: 1

$ kubectl get pods -n monitoring
NAME                                                     READY
alertmanager-kube-prometheus-stack-alertmanager-0        2/2     Running
kube-prometheus-stack-grafana-7d9f4-xkp2m                3/3     Running
kube-prometheus-stack-kube-state-metrics-abc-def          1/1     Running
kube-prometheus-stack-operator-xyz-123                    1/1     Running
prometheus-kube-prometheus-stack-prometheus-0             2/2     Running
kube-prometheus-stack-prometheus-node-exporter-a1b2      1/1     Running   ← DaemonSet, one per node
kube-prometheus-stack-prometheus-node-exporter-c3d4      1/1     Running

# Access Grafana
$ kubectl port-forward svc/kube-prometheus-stack-grafana 3000:80 -n monitoring &
# Open http://localhost:3000  admin / changeme

The Four Golden Signals

Google SRE defines four golden signals that, together, give a complete picture of a service's health. If you can only track four things per service, track these. Every PromQL example below is a production-ready query you can put directly into a Grafana panel.

1. Latency — How long requests take

Track P50, P95, P99 — not averages. A 500ms average hides a P99 of 5 seconds. Alert on P99, not P50.

# P99 request latency per service over the last 5 minutes
histogram_quantile(0.99,
  sum by (service, le) (
    rate(http_request_duration_seconds_bucket[5m])
  )
)

# P50 and P95 for comparison
histogram_quantile(0.50, sum by (le) (rate(http_request_duration_seconds_bucket[5m])))
histogram_quantile(0.95, sum by (le) (rate(http_request_duration_seconds_bucket[5m])))
# In Grafana or prometheus-ui -- result at this moment:
{service="payment-api"} 0.127    ← P99 = 127ms  ✓
{service="fraud-service"} 0.843  ← P99 = 843ms  ⚠ approaching SLO

# P50 vs P95 vs P99 comparison:
{quantile="0.50"} 0.038   ← median 38ms (most users fine)
{quantile="0.95"} 0.312   ← 95th percentile 312ms
{quantile="0.99"} 0.127   ← P99 127ms -- alert threshold: 500ms, we're green

2. Traffic — How much demand hits the system

Requests per second. Use this to correlate latency spikes with traffic spikes, and to right-size HPA targets.

# Requests per second per service
sum by (service) (rate(http_requests_total[5m]))

# Requests per second broken down by HTTP status code
sum by (status_code) (rate(http_requests_total[5m]))
# Current traffic:
{service="payment-api"}  142.3    ← 142 req/s
{service="fraud-service"} 98.7

# By status code:
{status_code="200"} 140.1   ← 98.5% success
{status_code="500"} 1.4     ← 1.0% server errors
{status_code="400"} 0.8     ← 0.5% client errors

3. Errors — What fraction of requests fail

Error rate as a percentage of total traffic. Alert when it exceeds your SLO threshold (e.g. 0.1% error rate).

# HTTP 5xx error rate as percentage of total traffic
sum(rate(http_requests_total{status_code=~"5.."}[5m]))
/
sum(rate(http_requests_total[5m]))
* 100

# Kubernetes Pod restart rate (infrastructure errors)
sum by (namespace, pod) (
  increase(kube_pod_container_status_restarts_total[1h])
)
# Error rate result:
0.98   ← 0.98% 5xx rate -- SLO is 0.5%, we're BREACHING  🚨

# Pod restart rate (last hour):
{namespace="payments", pod="payment-api-7d9f4-xkp2m"}  0
{namespace="payments", pod="payment-api-7d9f4-rvqn2"}  3  ← crash-looping -- investigate!

4. Saturation — How full the system is

CPU throttling, memory pressure, queue depth. A system near saturation degrades before it fails — catch it early.

# CPU throttling rate per container (high value = requests too low, limits too strict)
sum by (namespace, pod, container) (
  rate(container_cpu_cfs_throttled_seconds_total[5m])
)
/
sum by (namespace, pod, container) (
  rate(container_cpu_cfs_periods_total[5m])
)

# Memory usage vs limit (alert when above 85%)
container_memory_working_set_bytes
/
container_spec_memory_limit_bytes
* 100
# CPU throttling result (fraction 0-1):
{pod="payment-api-7d9f4-xkp2m", container="payment-api"}  0.42  ← 42% throttled -- requests too low!

# Memory vs limit:
{pod="payment-api-7d9f4-xkp2m", container="payment-api"}  87   ← 87% of limit -- near OOMKill risk
# Fix: increase CPU request from 100m to 300m and memory limit from 256Mi to 512Mi

Exposing Custom Application Metrics

Your application can expose its own business metrics — payment success rates, queue depths, cache hit ratios — in the Prometheus format. Prometheus scrapes them automatically via a ServiceMonitor resource.

# Python: expose metrics with prometheus_client
from prometheus_client import Counter, Histogram, start_http_server

payments_total = Counter(
    'payments_total',
    'Total payment attempts',
    ['status', 'currency']   # Labels -- group metrics by status and currency
)
payment_duration = Histogram(
    'payment_duration_seconds',
    'Payment processing duration',
    buckets=[0.01, 0.05, 0.1, 0.5, 1.0, 2.0, 5.0]
)

# In your payment handler:
with payment_duration.time():       # Automatically record duration
    result = process_payment(amount, currency)
    payments_total.labels(
        status='success' if result.ok else 'failed',
        currency=currency
    ).inc()
# What the /metrics endpoint exposes:
$ kubectl port-forward svc/payment-api 8080:80 -n payments &
$ curl -s http://localhost:8080/metrics | grep payments

# HELP payments_total Total payment attempts
# TYPE payments_total counter
payments_total{currency="USD",status="success"} 18432.0
payments_total{currency="USD",status="failed"} 47.0
payments_total{currency="EUR",status="success"} 3291.0

# HELP payment_duration_seconds Payment processing duration
# TYPE payment_duration_seconds histogram
payment_duration_seconds_bucket{le="0.1"} 15234.0
payment_duration_seconds_bucket{le="0.5"} 18100.0
payment_duration_seconds_bucket{le="+Inf"} 18432.0
payment_duration_seconds_sum 1842.7
payment_duration_seconds_count 18432.0
# ServiceMonitor: tells Prometheus where to scrape your application
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: payment-api
  namespace: payments
  labels:
    release: kube-prometheus-stack   # Must match Prometheus's serviceMonitorSelector
spec:
  selector:
    matchLabels:
      app: payment-api               # Selects the Service exposing /metrics
  endpoints:
    - port: metrics                  # Named port on the Service
      path: /metrics
      interval: 30s                  # Scrape every 30 seconds
  namespaceSelector:
    matchNames:
      - payments
# What Prometheus sees at /metrics on your Pod:
# HELP payments_total Total payment attempts
# TYPE payments_total counter
payments_total{status="success",currency="USD"} 18432
payments_total{status="failed",currency="USD"} 47
payments_total{status="success",currency="EUR"} 3291
payments_total{status="failed",currency="EUR"} 12

# HELP payment_duration_seconds Payment processing duration
# TYPE payment_duration_seconds histogram
payment_duration_seconds_bucket{le="0.1"} 15234
payment_duration_seconds_bucket{le="0.5"} 18100
payment_duration_seconds_bucket{le="1.0"} 18390
payment_duration_seconds_bucket{le="+Inf"} 18432
payment_duration_seconds_sum 1842.7
payment_duration_seconds_count 18432

# PromQL: payment success rate
sum(rate(payments_total{status="success"}[5m]))
/
sum(rate(payments_total[5m]))
* 100
# Result: 99.72%  -- your SLO is 99.5%, you're green

What just happened?

ServiceMonitor is the Kubernetes-native way to configure scraping — Instead of editing Prometheus's scrape_configs manually, the Prometheus Operator watches for ServiceMonitor resources and automatically updates the Prometheus configuration. You deploy a new service with a ServiceMonitor, and Prometheus picks it up within 30 seconds — no Prometheus restart required.

Labels on metrics are dimensions for slicing — The status and currency labels let you slice the payment success rate by currency. Which currency has the highest failure rate? PromQL: sum by (currency) (rate(payments_total{status="failed"}[5m])). Every label you add becomes a free dimension for filtering and grouping — but keep label cardinality low (avoid user IDs or trace IDs as labels — those belong in logs, not metrics).

Alerting with Alertmanager

Prometheus evaluates alert rules against the metrics it holds. When a rule fires, it sends the alert to Alertmanager, which handles routing, deduplication, grouping, and notification to Slack, PagerDuty, email, or any webhook.

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: payment-api-alerts
  namespace: payments
  labels:
    release: kube-prometheus-stack
spec:
  groups:
    - name: payment-api
      interval: 30s                         # Evaluate these rules every 30 seconds
      rules:
        - alert: PaymentErrorRateTooHigh
          expr: |
            (
              sum(rate(payments_total{status="failed"}[5m]))
              /
              sum(rate(payments_total[5m]))
            ) * 100 > 1
          for: 2m                           # Must be true for 2 minutes before firing
          labels:
            severity: critical
            team: payments
          annotations:
            summary: "Payment error rate above 1%"
            description: "Payment error rate is {{ $value | humanize }}% — SLO breach imminent."
            runbook_url: "https://wiki.company.com/runbooks/payment-errors"

        - alert: PodCrashLooping
          expr: |
            increase(kube_pod_container_status_restarts_total{namespace="payments"}[1h]) > 3
          for: 0m                           # Fire immediately -- crash loops need fast response
          labels:
            severity: warning
          annotations:
            summary: "Pod {{ $labels.pod }} is crash-looping"
            description: "{{ $labels.pod }} has restarted {{ $value }} times in the last hour."

        - alert: HighCPUThrottling
          expr: |
            sum by (pod, container) (
              rate(container_cpu_cfs_throttled_seconds_total{namespace="payments"}[5m])
            )
            /
            sum by (pod, container) (
              rate(container_cpu_cfs_periods_total{namespace="payments"}[5m])
            )
            > 0.25
          for: 5m
          labels:
            severity: warning
          annotations:
            summary: "Container {{ $labels.container }} heavily throttled"
            description: "CPU throttling at {{ $value | humanizePercentage }} -- increase CPU limit."
# Check active alerts
$ kubectl get prometheusrule payment-api-alerts -n payments
NAME                  AGE
payment-api-alerts    2m

# Query current alert state in Prometheus UI or via API
$ curl prometheus:9090/api/v1/alerts | jq '.data.alerts[] | {alertname, state, labels}'
{
  "alertname": "PaymentErrorRateTooHigh",
  "state": "firing",
  "labels": {
    "severity": "critical",
    "team": "payments"
  }
}

# Alertmanager routes this to the payments team's PagerDuty
# Slack message in #alerts-payments:
# FIRING: PaymentErrorRateTooHigh
# Payment error rate is 2.47% -- SLO breach imminent.
# Runbook: https://wiki.company.com/runbooks/payment-errors

Teacher's Note: Alert fatigue and the SLO-based alerting model

The most common monitoring failure is not too few alerts — it's too many. Teams that alert on CPU above 80% get paged at 2am for a CPU spike that resolved itself in 30 seconds. Engineers start ignoring alerts. Real incidents are missed.

The better model is SLO-based alerting: define what "good service" means to users (e.g., 99.5% of payments succeed, P99 latency below 500ms), then alert only when you're burning through your error budget faster than sustainable. Symptom-based alerts (user-facing error rate, latency) wake people up. Cause-based alerts (high CPU, memory usage) go to a dashboard for investigation during business hours. This distinction — page on symptoms, not causes — is the single biggest improvement most teams can make to their on-call experience.

The for: 2m duration in alert rules is your friend. A transient spike that resolves in 90 seconds should never page anyone. Set for to at least 2–5 minutes for most alerts, and reserve for: 0m for genuinely catastrophic conditions like crash loops.

Practice Questions

1. Which component of the kube-prometheus-stack exposes Kubernetes object state as Prometheus metrics — including Deployment replica counts, Pod phase, and PVC bound status?



2. Which Kubernetes custom resource tells the Prometheus Operator to automatically scrape a Service's /metrics endpoint — without manually editing Prometheus configuration?



3. In a Prometheus alert rule, which field prevents the alert from firing on a brief transient spike by requiring the condition to be true for a sustained duration?



Quiz

1. What are the four golden signals defined by Google SRE for monitoring services?


2. A developer wants to add user_id as a label on the payments_total counter. Why is this a problem?


3. Your team is getting paged at 2am for CPU alerts that resolve themselves in 2 minutes. What is the best practice to reduce this alert fatigue?


Up Next · Lesson 54

Helm Introduction

Helm is the Kubernetes package manager. This lesson covers finding and installing charts from repositories, customising with values files, managing releases, and rolling back deployments atomically.

← Previous Course Index Next →