Skip to content

Add remote monitoring to helm-charts #1583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mattkjames7 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add remote monitoring to helm-charts #1583

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6c71309
Add remote monitoring to helm-charts
mattkjames7 Apr 9, 2026
63dbce8
update pages
mattkjames7 Apr 9, 2026
7d5054c
reorder sections
mattkjames7 Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
111 changes: 111 additions & 0 deletions pages/clustering/high-availability/setup-ha-cluster-k8s.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -714,6 +714,117 @@ kubectl delete crd servicemonitors.monitoring.coreos.com
kubectl delete crd thanosrulers.monitoring.coreos.com
```

### Remote metrics and logs

The HA chart supports optional remote observability:

- `vmagentRemote` for shipping metrics with Prometheus `remote_write`
- `vectorRemote` sidecars for shipping Memgraph logs to Loki-compatible endpoints

Prerequisites:

- keep `prometheus.enabled: true` so `mg-exporter` is deployed
- if you only need remote shipping and not local scraping, set `prometheus.serviceMonitor.enabled: false` to avoid duplicate scraping
- configure `vectorRemote.data` and/or `vectorRemote.coordinators` depending on which pod roles should ship logs
- when `vectorRemote.enabled: true`, add `--monitoring-port=<vectorRemote.websocketPort>` and `--monitoring-address=0.0.0.0` to each instance `args`

Example `values.yaml`:

```yaml
prometheus:
enabled: true
namespace: monitoring
serviceMonitor:
enabled: false

vmagentRemote:
enabled: true
namespace: monitoring
remoteWrite:
url: "https://<prom-remote-write>/api/v1/write"
# Optional: only set basicAuth when your remote_write endpoint requires basic auth.
basicAuth:
secretName: monitoring-basic-auth
usernameKey: username
passwordKey: password
externalLabels:
cluster_id: "memgraph-testing-cluster-53"
service_name: "memgraph-ha"
cluster_env: "self-hosted-large-01"

vectorRemote:
enabled: true
data: true
coordinators: true
websocketPort: 7444
logsEndpoint: "https://<loki-endpoint>"
# Optional: only set auth when your endpoint requires basic auth.
auth:
secretName: monitoring-basic-auth
usernameKey: username
passwordKey: password
extraLabels:
cluster_id: "memgraph-testing-cluster-53"
service_name: "memgraph-ha"
cluster_env: "self-hosted-large-01"

data:
- id: "0"
args:
- "--management-port=10000"
- "--bolt-port=7687"
- "--monitoring-port=7444"
- "--monitoring-address=0.0.0.0"
- id: "1"
args:
- "--management-port=10000"
- "--bolt-port=7687"
- "--monitoring-port=7444"
- "--monitoring-address=0.0.0.0"

coordinators:
- id: "1"
args:
- "--coordinator-id=1"
- "--coordinator-port=12000"
- "--management-port=10000"
- "--bolt-port=7687"
- "--monitoring-port=7444"
- "--monitoring-address=0.0.0.0"
- id: "2"
args:
- "--coordinator-id=2"
- "--coordinator-port=12000"
- "--management-port=10000"
- "--bolt-port=7687"
- "--monitoring-port=7444"
- "--monitoring-address=0.0.0.0"
- id: "3"
args:
- "--coordinator-id=3"
- "--coordinator-port=12000"
- "--management-port=10000"
- "--bolt-port=7687"
- "--monitoring-port=7444"
- "--monitoring-address=0.0.0.0"
```

Create credentials secret in the namespace where vmagent runs (usually `monitoring`):

```bash
kubectl create secret generic monitoring-basic-auth -n monitoring \
--from-literal=username='<username>' \
--from-literal=password='<password>'
```

For HA Vector sidecars, create the same secret in the Memgraph release namespace as well:

```bash
kubectl create secret generic monitoring-basic-auth -n <memgraph-namespace> \
--from-literal=username='<username>' \
--from-literal=password='<password>'
```


## Configuration options

Expand Down
84 changes: 84 additions & 0 deletions pages/getting-started/install-memgraph/kubernetes.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,90 @@ kubectl delete crd servicemonitors.monitoring.coreos.com
kubectl delete crd thanosrulers.monitoring.coreos.com
```

#### Remote metrics and logs

The standalone chart can also ship:

- metrics to a remote Prometheus-compatible backend via `vmagentRemote` (`remote_write`)
- logs to a Loki-compatible backend via `vectorRemote`

This is useful when your observability stack lives in a separate cluster or in a managed service.

Prerequisites:

- keep `prometheus.enabled: true` so `mg-exporter` is deployed
- for standalone deployments, enable Memgraph monitoring endpoints:
- `service.enableHttpMonitoring: true`
- `service.enableWebsocketMonitoring: true`
- when `vectorRemote.enabled: true`, add `--monitoring-port=<service.websocketPortMonitoring>` and `--monitoring-address=0.0.0.0` to `memgraphConfig`
- if you only need remote shipping and do not want duplicate scraping from kube-prometheus, set `prometheus.serviceMonitor.enabled: false`

Example `values.yaml`:

```yaml
prometheus:
enabled: true
namespace: monitoring
serviceMonitor:
enabled: false

service:
enableHttpMonitoring: true
enableWebsocketMonitoring: true

memgraphConfig:
- "--data-directory=/var/lib/memgraph/mg_data"
- "--also-log-to-stderr=true"
- "--monitoring-port=7444"
- "--monitoring-address=0.0.0.0"

vmagentRemote:
enabled: true
namespace: monitoring
remoteWrite:
url: "https://<prom-remote-write>/api/v1/write"
# Optional: only set basicAuth when your remote_write endpoint requires basic auth.
basicAuth:
secretName: monitoring-basic-auth
usernameKey: username
passwordKey: password
externalLabels:
cluster_id: "memgraph-standalone"
service_name: "memgraph"
cluster_env: "dev"

vectorRemote:
enabled: true
logsEndpoint: "https://<loki-endpoint>"
# Optional: only set auth when your endpoint requires basic auth.
auth:
secretName: monitoring-basic-auth
usernameKey: username
passwordKey: password
extraLabels:
cluster_id: "memgraph-standalone"
service_name: "memgraph"
cluster_env: "dev"
role: "standalone"
```

Create credentials secret in the namespace where vmagent runs (usually `monitoring`):

```bash
kubectl create secret generic monitoring-basic-auth -n monitoring \
--from-literal=username='<username>' \
--from-literal=password='<password>'
```

For the standalone Vector sidecar, create the same secret in the Memgraph release namespace as well:

```bash
kubectl create secret generic monitoring-basic-auth -n <memgraph-namespace> \
--from-literal=username='<username>' \
--from-literal=password='<password>'
```


### Node affinity

The chart exposes the full Kubernetes `nodeAffinity` spec via the `nodeAffinity`
Expand Down