Skip to content

How can we improve the platform?

← Atlas

prometheus integration to use PrivateLink

There is a possibility to integrate Prometheus into an Atlas project.
However, for enabling this integration, one needs to add Prometheus's IP address in the IP Access List.
This procedure has 2 flaws in it:
1. Prometheus runs as pods on some use-cases, meaning that its IP is ephemeral.
2. For projects that work solely with PrivateLink enabled and no open IP in the IP Access List, one cannot use the Prometheus integration (already talked with support about that).

The improvement here is to add the Prometheus integration to work as well in "PrivateLink-only" mode.

89 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Amit shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Kaisar commented  ·   ·  Report

    Hi. The feature request was created in March 2022. Are there any plans from the team to implement it in the near future?

  • Michael Gerlach commented  ·   ·  Report

    > Currently there is needed public egress - and this can be issue in fully private clouds, where all public traffic is blocked.

    I do agree.

    A generic solution would be to expose the Admin API as a private endpoint through VPC peering. I think I saw such a feature request already.

  • Miloš commented  ·   ·  Report

    Hi,

    already using targetScheme=PRIVATE. But full private integration means, that also the endpoint for Prometheus Http Service Discovery should be exposed in private network (where mongo cluster and target for service discovery are exposed). Currently there is needed public egress - and this can be issue in fully private clouds, where all public traffic is blocked.

    Thanks

  • Michael Gerlach commented  ·   ·  Report

    This is already supported. Scrape configs do support a so-called target scheme:

    `https://cloud.mongodb.com/prometheus/v1.0/groups/GROUP-ID/discovery?targetScheme=PRIVATE"`

    This will return a scrape config referencing the metric endpoint using a private FQDN of the cluster node you want to receive metrics from. This works for VPCpeering-enabled Atlas projects, but regarding AWS PrivateLink your miles may vary.

  • Victor Swed commented  ·   ·  Report

    due to security policies access to the Mongo cluster is allowed only over private endpoints, we need the same way for fetching metrics.

  • Calvin commented  ·   ·  Report

    Important metrics, but shouldn't require a public IP whitelist and be sent over the internet.

  • Alan Fung commented  ·   ·  Report

    we need private endpoint too to provide more secure connection with metrics monitoring capabilities

  • Mark Lembeck commented  ·   ·  Report

    For enterprise customers, this feature is a must.

  • Fulton Byrne commented  ·   ·  Report

    VPC Native as well.

    Would need a Private Link, VPC Native, and Public discovery endpoints. Or maybe some sort of scrape parameter to add to the request...

  • M commented  ·   ·  Report

    We would like to use the prometheus integration but are hitting the same limitation since we reach our clusters via privatelink only

  • Daniel commented  ·   ·  Report

    As we have security policies to only allow access to Mongo cluster over private endpoints we also need to have the possibilty to scrape the metrics that way.

    Optionally, if we can limit network access to only allow the prometheus port over internet it could work as well.

  • Valentin commented  ·   ·  Report

    Similar request. We need with private peering.

Atlas: Monitoring and Metrics

Categories

Feedback and Knowledge Base

(thinking…)