Set up the PaaS metric exporter app with Prometheus
Configure container metrics
Cloud Foundry provides time-series data (metrics), for your PaaS apps.
Currently supported metrics are:
- disk usage data
- app crashes
- app requests
- app response times
Set up the metrics exporter app
Before you setting up the metrics exporter app, you’ll need a live Cloud Foundry account assigned to the spaces you want to receive metrics on.
Your new account should be separate to your primary Cloud Foundry account and use the
SpaceAuditor role beause it can view app data without modifying it.
To set up the metrics exporter app:
- Clone the paas-metric-exporter GitHub repository.
- Push the metrics exporter app to Cloud Foundry (without starting the app) by running
cf push -f manifest-prometheus.yml --no-start <app-name>
Set the following mandatory environment variables in the metrics exporter app using
cf set-env <app-name> NAME VALUE
cf set-envcommand for these mandatory variables, this will keep secure the secret information contained in them.
Cloud Foundry user
Cloud Foundry password
You could also set environment variables by amending the manifest file for optional environment variables that do not contain secret information. Read paas-metric-exporter GitHub repository for more information.
cf start <app-name>to start your app
Check you’re generating Prometheus metrics at the metrics endpoint
Bind your app to the Prometheus service
cf bind-service <app-name> <service-instance-name>
IP whitelist your app
IP whitelisting allows you to create lists of trusted IP addresses or IP ranges from which your users can access your domains. IP whitelist is a security feature often used for limiting and controlling access only to trusted users.
Register the IP whitelist route service as a user-provided service in your PaaS space.
cf create-user-provided-service re-ip-whitelist-service -r https://re-ip-whitelist-service.cloudapps.digital
Register the route service for routes you want to protect.
cf bind-route-service cloudapps.digital re-ip-whitelist-service --hostname <your paas app route>
cf bind-route-service cloudapps.digital re-ip-whitelist-service --hostname app-to-protect
The Service Manual as more information about monitoring the status of your service.