Pomerium Enterprise uses Prometheus as a metrics collection back-end. You can configure Pomerium and the Console to talk to an existing Prometheus server, or configure the embedded Prometheus backend.
For production deployments, we suggest using a dedicated Prometheus instance.
In the Pomerium
config.yaml, define the
metrics_addresskey to a network interface and/or port. For example:config.yaml
The example above has Pomerium providing metrics at port
9999on an IP address reachable by the Pomerium Console service.
If you're running Pomerium Enterprise in a distributed environment where the IP address is not known at the time of deployment, you can use the resolvable FQDN of the Pomerium host (
pomerium0.internal.mycompany.com, for example), or override this key with the environment variable
METRICS_ADDRESS. We do not recommend exposing this endpoint to public traffic as it can contain potentially sensitive information.
Add the listener to your Prometheus configuration, usually via
- job_name: 'Pomerium'
- targets: ['192.0.2.10:9999']
Reload the Prometheus configuration:
curl -i -XPOST path.to.prometheus:port/-/reload
In the Pomerium Enterprise
config.yamlfile, define the
prometheus_urlkey to point to your Prometheus instance(s):
Restart the Pomerium and Pomerium Enterprise services. You should now see route traffic data in the Enterprise Console:
To take advantage of Prometheus embedded in Pomerium Enterprise, edit Pomerium Console's config file:
The directory path can be any location that the
pomerium system user can write to. The example above uses the default location created by the OS packages.