Monitor Linodes without Firewall using Grafana/Prometheus

We are going to create LKE clusters and would like to have observability and get alerted if some Linode which is part of the LKE cluster is not included in the LKE cluster's Firewall.

4 Replies

Based on your needs, we do have a guide where you can set up Grafana and Promesthesus on your LKE cluster. This should allow you to control the components of your monitoring stack with a single configuration file, easily manage and upgrade your deployments, and utilize Grafana interfaces built for Kubernetes monitoring:

If you'd like a visual of how to install Grafana on your LKE cluster, we also have a YouTube tutorial created by one of our advocates:

You may also be interested in consulting the following resources for additional information on this topic:

So that you know, we already have it. Let me rephrase my question:
Is there a way to monitor Linode Cloud Services with Grafana/Prometheus? For example:
I want metrics that show me Linode Cloud Firewalls(NOT the firewall inside the Linode) and would like to see what linodes are attached to Cloud Firewall. Please let me know if my request still not clear

I'm not sure I understand your goals as they relate to the general use-case of Grafana/Prometheus - it seems like overkill for checking the binary state of something. Your monitoring stack would functionally only be reporting "Is Firewall X currently attached to Linode Y? Yes or No?". Can this be monitored in Grafana/Prometheus? Possibly, but there's probably a better solution.

Is my assessment of the underlying issue correct:
LKE Node1 has a Cloud Firewall attached to it but then that node is recycled for any reason. When LKE Node2 is deployed to replace Node1 and joins the cluster, the Firewall is not automatically attached to Node2.

The issue as I understand it is less about monitoring for the state of Firewalls and attached Linodes and more about either creating webhooks to alert you when new LKE Nodes are joined to a cluster and/or using our existing API to automate attaching Cloud Firewall rules to those Nodes.

I would recommend reviewing our API Documentation and the following Community posts where similar end goals are described:

Yes, your assessment is correct.

Thank you, we already know about the API and plan to automate the connection of Linodes to Cloud Firewalls using them.

For now, the goal is to receive alerts if any of the LKE NODES do not have a Firewall attached, that will trigger our automation. It would help us a lot if the Firewall attached to the LKE NODE was specified in the NODE annotations or labels. I mean, if I run a kubectl describe node, and if it has attached FW:

Annotations: lke.linode.com/firewall-id=234234

If not it is empty

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct