Monitor the database using Prometheus and Grafana

The VerticaDB Operator provides integrated monitoring through Prometheus and Grafana, enabling you to monitor and analyze OpenText™ Analytics Database with minimal configuration.

Key Features

Built-in Prometheus and Grafana: Automatically deployed alongside the operator for immediate monitoring setup.
Automatic ServiceMonitor Creation: Each VerticaDB instance generates a ServiceMonitor resource allowing Prometheus to discover metrics automatically. Grafana then visualizes these metrics using preconfigured dashboards.
Pre-installed Grafana Dashboards: Includes OpenText™ Analytics Database specific dashboards that provide instant insight into key database metrics.

Prerequisite

VerticaDB operator installed with Grafana enabled.

How monitoring works

Deploying VerticaDB

When you create a VerticaDB custom resource in a namespace:
- The operator automatically provisions a ServiceMonitor for that instance.
- Prometheus detects the new monitor and begins scraping metrics from the VerticaDB pods.
Prometheus integration
- Prometheus is configured to watch for ServiceMonitor resources.
- Metrics from VerticaDB are exposed via the /v1/metrics endpoint and collected by Prometheus.
Grafana dashboards
- Grafana is deployed with the operator.
- Dashboards tailored for VerticaDB are pre-installed.
These dashboards include panels for:
Use the pickers at the top of each dashboard to filter by database, subcluster, node, pool name, and more.

Access Grafana for monitoring

Locally - When you install the operator with Grafana enabled, an extra service is created:

$ kubectl get svc -n verticadb-operator
NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
prometheus-operated                  ClusterIP   None           <none>        9090/TCP            83m
vdb-op-grafana                       ClusterIP   10.96.24.150   <none>        80/TCP              83m
verticadb-operator-prom-operator     ClusterIP   10.96.104.61   <none>        8080/TCP            83m
verticadb-operator-prom-prometheus   ClusterIP   10.96.138.26   <none>        9090/TCP,8080/TCP   83m
verticadb-operator-webhook-service   ClusterIP   10.96.44.161   <none>        443/TCP             83m

Where vdb-op is the name of the service for Grafana (<helm_release_name>-grafana) and verticadb-operator is the namespace where the operator is installed.

By default, Grafana is not exposed externally and can only be accessed from within the cluster. To view it in your local browser, use kubectl port-forward to forward the service:

$ kubectl port-forward -n verticadb-operator svc/vdb-op-grafana 3000:80

You can now access Grafana at http://localhost:3000/.

Externally - You can use a load balancer to access Grafana remotely from any browser. The specifics depends on who provisions the load balancer for your environment. The following example shows how to configure Grafana with an AWS Network Load Balancer (NLB):

 # Create a yaml file that will contain your custom settings for the operator and add this:

 grafana:
  service:
    portName: http-web
    type: LoadBalancer
    port: 3000
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb"

This command provisions a load balancer for the Grafana service. To retrieve the load balancer URL, run the following command. The URL appears in the EXTERNAL-IP column:

 $ kubectl get svc -n verticadb-operator
 NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP                                          PORT(S)             AGE
 prometheus-operated                  ClusterIP   None           <none>                                               9090/TCP            83m
 vdb-op-grafana                       ClusterIP   10.96.24.150   xxxxxxxxxxxxxxxxx.elb.us-east-1.amazonaws.com        80/TCP              83m
 verticadb-operator-prom-operator     ClusterIP   10.96.104.61   <none>                                               8080/TCP            83m
 verticadb-operator-prom-prometheus   ClusterIP   10.96.138.26   <none>                                               9090/TCP,8080/TCP   83m
 verticadb-operator-webhook-service   ClusterIP   10.96.44.161   <none>                                               443/TCP             83m

You can now share the Grafana instance and open Grafana from any browser using the link http://xxxxxxxxxxxxxxxxx.elb.us-east-1.amazonaws.com:3000.

Secure access to Grafana

Basic authentication

You can secure Grafana access by setting a username and password through a Kubernetes secret. Create a secret containing the credentials, then specify the following Helm parameters during operator installation:

grafana.admin.existingSecret: Name of the secret containing the credentials.
grafana.admin.userKey: Field name for the username within the secret.
grafana.admin.passwordKey: Field name for the password within the secret.

 $ helm install vdb-op --namespace verticadb-operator --set grafana.enabled=true,grafana.admin.existingSecret=mysecret,grafana.admin.userKey=username,grafana.admin.passwordKey=password

Configure TLS termination at load balancer

If Grafana is exposed through a load balancer, you can configure TLS termination at the load balancer level. In this setup, Grafana continues to run over HTTP internally, while the load balancer manages HTTPS connections.

First, provision a domain name for Grafana (for example, grafana.example.com) and create a TLS certificate for that domain.

The following example shows how to configure the load balancer and certificate in an AWS environment:

grafana:
 # Service Configuration - AWS Network Load Balancer with TLS
  service:
    type: LoadBalancer
    port: 443
    # Optional: Specify static IP from Elastic IP
    # loadBalancerIP: "203.0.113.10"
      
    # AWS NLB Annotations for TLS termination
    annotations:
      # Use Network Load Balancer
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
        
      # TLS Certificate from AWS Certificate Manager (ACM)
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:123456789012:certificate/your-cert-arn-here"
        
      # Backend protocol (Grafana runs HTTP internally)
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
        
      # SSL ports (NLB terminates TLS on port 443)
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
        
      # Scheme: internet-facing or internal
      service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
  
  
  # Grafana Configuration
  grafana.ini:
    server:
      # Grafana runs HTTP internally, NLB handles HTTPS
      protocol: http
      http_port: 3000
      domain: grafana.example.com
      root_url: https://grafana.example.com
      enable_gzip: true
        
      # Trust proxy headers since NLB forwards requests
      router_logging: false
        
    # Security settings for HTTPS environment
    security:
      # Force HTTPS redirects
      strict_transport_security: true
      strict_transport_security_max_age_seconds: 31536000
      strict_transport_security_preload: true
      strict_transport_security_include_subdomains: true
        
      # Security headers
      content_type_nosniff: true
      x_content_type_options: nosniff
      x_xss_protection: true
      x_frame_options: deny
        
      # Cookie security
      cookie_secure: true
      cookie_samesite: strict

Set up alerts in Grafana

Grafana supports built-in alerting to notify you when system health, query performance, or resource usage exceed defined thresholds. You can view, create, and manage alerts directly from Grafana’s unified alerting interface.

To create an alert in the Grafana UI:

Go to Alerting > Alert rules.
Click + New alert rule.
Select your data source and choose a metric exposed by this feature. For example, vertica_queries_attempted_total.
Configure the query expression and conditions.
Define notification policies such as Slack, PagerDuty, or email.

For more information, see Grafana Alerting | Grafana documentation.