# Setting up with Prometheus server

This section explains, in the case of a Kubernetes deployment, how to use SonarQube’s native integration with Prometheus to collect the Prometheus metrics.

## Introduction <a href="#introduction" id="introduction"></a>

The SonarQube’s Helm chart triggers the deployment of a Prometheus server that will pull the metrics from the SonarQube instance. The deployment process is as follows:

1. When you install the SonarQube’s Helm chart in the Kubernetes cluster, the chart creates a PodMonitor resource (`podmonitor.yaml`) which configures the pulling of metrics from the SonarQube Server.
2. The Prometheus operator deploys a Prometheus server based on the created PodMonitor resource.
3. The Prometheus server will pull the metrics from the SonarQube Server according to the PodMonitor configuration. To pull the metrics from the Web API endpoint, it needs to authenticate to the Web API. (The Helm chart sets up the PodMonitor to use the Bearer authentication scheme.)

The figure below illustrates this process.

![](https://3001318305-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVhGCsZJo9Ao0Jjyhvpxl%2Fuploads%2Fgit-blob-2f6da40f938b225918489e01fc057b3ba5b6476f%2F660e02f5fd03ca5278d9aa185592bfc17d0c3dbc.png?alt=media)

{% hint style="info" %}
The Prometheus Operator must be installed in the Kubernetes cluster.
{% endhint %}

## Monitoring setup roadmap <a href="#setup-roadmap" id="setup-roadmap"></a>

To set up the monitoring of SonarQube with the Prometheus server:

1. Set up the authentication of the Prometheus server to the Web API’s monitoring endpoint.
2. Enable the JMX Exporter.
3. Configure the collection of the JMX metrics.
4. Set up the export of the metrics to an observability platform. See the [prometheus-metrics](https://docs.sonarsource.com/sonarqube-server/10.6/setup-and-upgrade/deploy-on-kubernetes/set-up-monitoring/prometheus-metrics "mention").

These steps are described below.

## Setting up the Prometheus server authentication to the Web API endpoint <a href="#set-up-authentication-to-api-endpoint" id="set-up-authentication-to-api-endpoint"></a>

The PodMonitor needs to authenticate to the SonarQube’s Web API for getting metrics from the `/api/monitoring/metrics` endpoint. To setup this authentication, you must define the monitoring password in `values.yaml:` the Helm chart will store this value in the `SONAR_WEB_SYSTEMPASSCODE` environment variable on the SonarQube server.

To setup the monitoring passcode in SonarQube, use one of the following methods (see also the [Helm chart documentation](https://artifacthub.io/packages/helm/sonarqube/sonarqube#sonarqube-specific)):

* Define the passcode in the `monitoringPasscode` property within the `values.yaml`file (default value is "define\_it").\
  For security reasons, this method is not recommended.
* Use a secret that contains the passcode that will be retrieved at runtime, and define the following properties in `values.yaml`:
  * `monitoringPasscodeSecretName`: name of the secret object.
  * `monitoringPasscodeSecretKey`: key identifying the passcode to be extracted from the secret object.

## Enabling the export of the JMX metrics <a href="#enable-jmx-metrics" id="enable-jmx-metrics"></a>

To expose the Prometheus JMX metrics, the JMX exporter must be enabled in the Helm chart configuration as follows:

* Add the following block in the `values.yaml` file of the SonarQube Helm chart:

```css-79elbk
prometheusExporter:
  enabled: true
  config:
    rules:
      - pattern: ".*"
```

## Configuring the collection of the JMX metrics <a href="#configure-collection-jmx-metrics" id="configure-collection-jmx-metrics"></a>

By default, the SonarQube’s Helm chart does not collect the JMX metrics. If you want the Prometheus server to collect the JMX metrics, you must create and configure a PodMonitor resource that will be used by the Prometheus server to collect the JMX metrics.

{% hint style="info" %}
In a future release of SonarQube, all metrics will be managed through the PodMonitor created by default by the Helm chart. At that point, this configuration step will no longer be necessary.
{% endhint %}

Proceed as follows:

* Create a `podmonitor.yaml` file (as illustrated below) and apply it to the Kubernetes cluster.

<details>

<summary>Community Edition, Developer Edition and Enterprise Edition</summary>

```css-79elbk
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: sonarqube
  namespace: monitoring
spec:
  namespaceSelector:
    matchNames:
    - sonarqube
  podMetricsEndpoints:
  - interval: 30s
    path: /
    scheme: http
    targetPort: monitoring-ce
  - interval: 30s
    path: /
    scheme: http
    targetPort: monitoring-web
  selector:
    matchLabels:
      app: sonarqube
```

</details>

<details>

<summary>Data Center Edition</summary>

```css-79elbk
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: sonarqube
  namespace: monitoring
spec:
  namespaceSelector:
    matchNames:
    - sonarqube-dce
  podMetricsEndpoints:
  - interval: 30s
    path: /
    scheme: http
    targetPort: monitoring-ce
  - interval: 30s
    path: /
    scheme: http
    targetPort: monitoring-web
  selector:
    matchLabels:
      app: sonarqube-dce
```

</details>