This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Monitor the database

Monitoring OpenText™ Analytics Database using Prometheus/Grafana and Loki/Alloy

The VerticaDB Operator provides native observability using Prometheus, Grafana, Loki, and Alloy. These tools work together to monitor OpenText™ Analytics Database metrics, visualize performance data, and collect logs for easier analysis and troubleshooting.

1 - Monitor the database using Prometheus and Grafana

The VerticaDB Operator provides integrated monitoring through Prometheus and Grafana, enabling you to monitor and analyze OpenText™ Analytics Database with minimal configuration.

Key Features

  • Built-in Prometheus and Grafana: Automatically deployed alongside the operator for immediate monitoring setup.

  • Automatic ServiceMonitor Creation: Each VerticaDB instance generates a ServiceMonitor resource allowing Prometheus to discover metrics automatically. Grafana then visualizes these metrics using preconfigured dashboards.

  • Pre-installed Grafana Dashboards: Includes OpenText™ Analytics Database specific dashboards that provide instant insight into key database metrics.

Prerequisite

VerticaDB operator installed with Grafana enabled.

How monitoring works

  1. Deploying VerticaDB

    When you create a VerticaDB custom resource in a namespace:

    • The operator automatically provisions a ServiceMonitor for that instance.
    • Prometheus detects the new monitor and begins scraping metrics from the VerticaDB pods.

  2. Prometheus integration

    • Prometheus is configured to watch for ServiceMonitor resources.
    • Metrics from VerticaDB are exposed via the /v1/metrics endpoint and collected by Prometheus.

  3. Grafana dashboards

    • Grafana is deployed with the operator.
    • Dashboards tailored for VerticaDB are pre-installed.

    These dashboards include panels for:

    Use the pickers at the top of each dashboard to filter by database, subcluster, node, pool name, and more.

Access Grafana for monitoring

  1. Locally - When you install the operator with Grafana enabled, an extra service is created:

    $ kubectl get svc -n verticadb-operator
NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
prometheus-operated                  ClusterIP   None           <none>        9090/TCP            83m
vdb-op-grafana                       ClusterIP   10.96.24.150   <none>        80/TCP              83m
verticadb-operator-prom-operator     ClusterIP   10.96.104.61   <none>        8080/TCP            83m
verticadb-operator-prom-prometheus   ClusterIP   10.96.138.26   <none>        9090/TCP,8080/TCP   83m
verticadb-operator-webhook-service   ClusterIP   10.96.44.161   <none>        443/TCP             83m

    Where vdb-op is the name of the service for Grafana (<helm_release_name>-grafana) and verticadb-operator is the namespace where the operator is installed.

    By default, Grafana is not exposed externally and can only be accessed from within the cluster. To view it in your local browser, use kubectl port-forward to forward the service:

    $ kubectl port-forward -n verticadb-operator svc/vdb-op-grafana 3000:80

    You can now access Grafana at http://localhost:3000/.

  2. Externally - You can use a load balancer to access Grafana remotely from any browser. The specifics depends on who provisions the load balancer for your environment. The following example shows how to configure Grafana with an AWS Network Load Balancer (NLB):

     # Create a yaml file that will contain your custom settings for the operator and add this:

 grafana:
  service:
    portName: http-web
    type: LoadBalancer
    port: 3000
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb"

    This command provisions a load balancer for the Grafana service. To retrieve the load balancer URL, run the following command. The URL appears in the EXTERNAL-IP column:

     $ kubectl get svc -n verticadb-operator
 NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP                                          PORT(S)             AGE
 prometheus-operated                  ClusterIP   None           <none>                                               9090/TCP            83m
 vdb-op-grafana                       ClusterIP   10.96.24.150   xxxxxxxxxxxxxxxxx.elb.us-east-1.amazonaws.com        80/TCP              83m
 verticadb-operator-prom-operator     ClusterIP   10.96.104.61   <none>                                               8080/TCP            83m
 verticadb-operator-prom-prometheus   ClusterIP   10.96.138.26   <none>                                               9090/TCP,8080/TCP   83m
 verticadb-operator-webhook-service   ClusterIP   10.96.44.161   <none>                                               443/TCP             83m

    You can now share the Grafana instance and open Grafana from any browser using the link http://xxxxxxxxxxxxxxxxx.elb.us-east-1.amazonaws.com:3000.

Secure access to Grafana

Basic authentication

You can secure Grafana access by setting a username and password through a Kubernetes secret. Create a secret containing the credentials, then specify the following Helm parameters during operator installation:

  • grafana.admin.existingSecret: Name of the secret containing the credentials.

  • grafana.admin.userKey: Field name for the username within the secret.

  • grafana.admin.passwordKey: Field name for the password within the secret.

 $ helm install vdb-op --namespace verticadb-operator --set grafana.enabled=true,grafana.admin.existingSecret=mysecret,grafana.admin.userKey=username,grafana.admin.passwordKey=password

Configure TLS termination at load balancer

If Grafana is exposed through a load balancer, you can configure TLS termination at the load balancer level. In this setup, Grafana continues to run over HTTP internally, while the load balancer manages HTTPS connections.

First, provision a domain name for Grafana (for example, grafana.example.com) and create a TLS certificate for that domain.

The following example shows how to configure the load balancer and certificate in an AWS environment:

grafana:
 # Service Configuration - AWS Network Load Balancer with TLS
  service:
    type: LoadBalancer
    port: 443
    # Optional: Specify static IP from Elastic IP
    # loadBalancerIP: "203.0.113.10"
      
    # AWS NLB Annotations for TLS termination
    annotations:
      # Use Network Load Balancer
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
        
      # TLS Certificate from AWS Certificate Manager (ACM)
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:123456789012:certificate/your-cert-arn-here"
        
      # Backend protocol (Grafana runs HTTP internally)
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
        
      # SSL ports (NLB terminates TLS on port 443)
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
        
      # Scheme: internet-facing or internal
      service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
  
  
  # Grafana Configuration
  grafana.ini:
    server:
      # Grafana runs HTTP internally, NLB handles HTTPS
      protocol: http
      http_port: 3000
      domain: grafana.example.com
      root_url: https://grafana.example.com
      enable_gzip: true
        
      # Trust proxy headers since NLB forwards requests
      router_logging: false
        
    # Security settings for HTTPS environment
    security:
      # Force HTTPS redirects
      strict_transport_security: true
      strict_transport_security_max_age_seconds: 31536000
      strict_transport_security_preload: true
      strict_transport_security_include_subdomains: true
        
      # Security headers
      content_type_nosniff: true
      x_content_type_options: nosniff
      x_xss_protection: true
      x_frame_options: deny
        
      # Cookie security
      cookie_secure: true
      cookie_samesite: strict

Set up alerts in Grafana

Grafana supports built-in alerting to notify you when system health, query performance, or resource usage exceed defined thresholds. You can view, create, and manage alerts directly from Grafana’s unified alerting interface.

To create an alert in the Grafana UI:

  1. Go to Alerting > Alert rules.

  2. Click + New alert rule.

  3. Select your data source and choose a metric exposed by this feature. For example, vertica_queries_attempted_total.

  4. Configure the query expression and conditions.

  5. Define notification policies such as Slack, PagerDuty, or email.

For more information, see Grafana Alerting | Grafana documentation.

2 - Monitor logs using Loki and Grafana

Kubernetes clusters typically store pod logs in /var/log/pods on each node. In Amazon EKS environments, accessing these logs can be inconvenient since it requires additional configuration to connect to the underlying nodes.

The VerticaDB Operator includes built-in integration with Loki, Alloy, and Grafana to simplify log collection and visualization. Alloy collects logs from your applications and sends them to Loki for storage and indexing. Grafana then connects to Loki as a data source, enabling you to query and visualize the collected logs.

Grafana, Loki, and Alloy work together to enable you to monitor your system, each handling a different part of the process:

  • Grafana provides visualization and dashboards. It connects to multiple data sources (such as Loki and Prometheus) to offer interactive, real-time monitoring and analysis.

  • Loki is a log aggregation system from Grafana Labs that collects, indexes, and stores logs from applications and infrastructure. It integrates seamlessly with Grafana, enabling you to query and visualize logs alongside metrics.

  • Alloy (formerly Grafana Agent) is a lightweight telemetry collector. It gathers metrics, logs, and traces from your environment and forwards them to backends like Loki (for logs), Prometheus (for metrics), and Tempo (for traces).

How log monitoring works

  1. Install VerticaDB operator with Loki, Alloy, and Grafana enabled.

  2. Deploy VerticaDB with opentext/vertica-logger as a sidecar.

    The logger redirects vertica.log to a standard output for log aggregation. For example:

    apiVersion: vertica.com/v1
kind: VerticaDB
metadata:
  name: demodb
spec:
  sidecars:
    - name: vlogger
      image: opentext/vertica-logger:latest
  subclusters:
    - name: sc1
      size: 3
      type: primary

  3. View Grafana Logs Drilldown

    Open the Grafana UI in a browser and then navigate to Drilldown > Logs.

    • Vertica.log

      In the Labels dropdown list, select the vlogger container inside the database pod as the instance. You can view the details of your database logs.

    • VerticaDB Operator log

      In the Labels dropdown list, select the manager container inside the verticadb-operator-manager pod as the instance. For example, verticadb-operator/verticadb-operator-manager-6f58dfdbd7-z8nxp:manager.

    • Pod events

      In the Labels dropdown list, select loki.source.kubernetes_events.cluster_events. You can use Fields to filter the events you want to monitor.

RBAC roles

After the operator is deployed with Loki and Alloy enabled, it automatically creates a cluster-wide role that grants Alloy minimal permissions to access, list, and monitor pods, events, and namespaces.