# Setting up with Prometheus server

This section explains how to use SonarQube’s built-in integration with Prometheus to collect Prometheus metrics in a Kubernetes deployment. To set up the monitoring, follow the steps described below. We refer here to a setup using the Prometheus Operator which requires the PodMonitor to collect the metrics.

## Introduction <a href="#introduction" id="introduction"></a>

The SonarQube Server’s Helm chart triggers the deployment of a Prometheus server that will pull the metrics from the SonarQube Server instance. The deployment process is as follows:

1. When you install the SonarQube Server’s Helm chart in the Kubernetes cluster, the chart creates a PodMonitor resource (`podmonitor.yaml`), which configures the pulling of metrics from SonarQube Server.
2. The Prometheus operator deploys a Prometheus server based on the created PodMonitor resource.
3. The Prometheus server will pull the metrics from SonarQube Server according to the PodMonitor configuration. To pull the metrics from the Web API endpoint, it needs to authenticate to the Web API. (The Helm chart sets up the PodMonitor to use the Bearer authentication scheme.)

The figure below illustrates this process.

![](https://312504542-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FiJj3TXBdWssTGGg8qK5I%2Fuploads%2Fgit-blob-6f22a2ad3e344739b5f1b8292eb7d799ae395979%2Fd9ed82f1858afac0383e991a394694a1ac3e0e46.png?alt=media)

## Step 1: Set up the Prometheus server authentication to the Web API’s monitoring endpoint <a href="#set-up-authentication-to-api-endpoint" id="set-up-authentication-to-api-endpoint"></a>

The PodMonitor needs to authenticate to the SonarQube Server’s Web API for getting metrics from the `/api/monitoring/metrics` endpoint. To setup this authentication, you must define the monitoring password in `values.yaml`: the Helm chart will store this value in the `SONAR_WEB_SYSTEMPASSCODE` environment variable on SonarQube Server.

To set the monitoring passcode in SonarQube Server, use one of the following methods (see also the [Helm chart documentation](https://artifacthub.io/packages/helm/sonarqube/sonarqube#sonarqube-specific)):

* Define the passcode in the `monitoringPasscode` property within the `values.yaml` file (default value is "define\_it").\
  For security reasons, this method is not recommended.
* Use a secret that contains the passcode that will be retrieved at runtime, and define the following properties in `values.yaml`:
  * `monitoringPasscodeSecretName`: name of the secret object.
  * `monitoringPasscodeSecretKey`: key identifying the passcode to be extracted from the secret object.

## Step 2: Enable the export of the JMX metrics <a href="#enable-jmx-metrics" id="enable-jmx-metrics"></a>

To expose the Prometheus JMX metrics, the JMX exporter must be enabled in the Helm chart configuration as follows:

* Add the following block in the `values.yaml` file of the SonarQube Server Helm chart:

```css-79elbk
prometheusExporter:
  enabled: true
  config:
    rules:
      - pattern: ".*"
```

## Step 3: Enable the PodMonitor <a href="#enable-podmonitor" id="enable-podmonitor"></a>

1. If not already done, install the Prometheus Operator in the Kubernetes cluster (it’s not installed through the Helm chart).
2. In the SonarQube Helm chart, enable the PodMonitor by setting `prometheusMonitoring.podMonitor.enabled` to `true`.
3. If necessary, adjust the PodMonitor created by default by the SonarQube Helm chart. Below is the default `podmonitor.yaml` file depending on the SonarQube Edition.\
   To adjust the PodMonitor:
   * Either edit the Helm chart.\
     For more information, see [Prometheus PodMonitor](https://artifacthub.io/packages/helm/sonarqube/sonarqube#monitoring-prometheus-podmonitor) in the Helm chart documentation.
   * Or edit the created `podmonitor.yaml` file directly.

<details>

<summary>Default PodMonitor: Developer and Enterprise Editions</summary>

```css-79elbk
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: sonarqube
  namespace: monitoring
spec:
  namespaceSelector:
    matchNames:
    - sonarqube
  podMetricsEndpoints:
  - interval: 30s
    path: /
    scheme: http
    targetPort: monitoring-ce
  - interval: 30s
    path: /
    scheme: http
    targetPort: monitoring-web
  selector:
    matchLabels:
      app: sonarqube
```

</details>

<details>

<summary>Default PodMonitor: Data Center Edition</summary>

```css-79elbk
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: sonarqube
  namespace: monitoring
spec:
  namespaceSelector:
    matchNames:
    - sonarqube-dce
  podMetricsEndpoints:
  - interval: 30s
    path: /
    scheme: http
    targetPort: monitoring-ce
  - interval: 30s
    path: /
    scheme: http
    targetPort: monitoring-web
  selector:
    matchLabels:
      app: sonarqube-dce
```

</details>

## Step 4: Set up the export of the metrics to an observability platform <a href="#set-up-metrics-export" id="set-up-metrics-export"></a>

See the [prometheus-metrics](https://docs.sonarsource.com/sonarqube-server/10.8/setup-and-upgrade/deploy-on-kubernetes/set-up-monitoring/prometheus-metrics "mention").


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-server/10.8/setup-and-upgrade/deploy-on-kubernetes/set-up-monitoring/prometheus.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.