Monitoring
The managed HBase instances are automatically configured to export Prometheus metrics. See Monitoring for more details.
Starting with HBase 2.6 the URL for Prometheus metrics has changed.
This is because HBase offers now a built-in endpoint for this purpose.
This endpoint is available from the metrics Services.
For example, in the case of the master Service, the URL is http://<hbasecluster-name>-master-<rolegroup-name>-metrics:16010/prometheus.
Authentication when using TLS
HBase exposes metrics through the same port as their web UI. Hence, when configuring HBase with TLS the metrics are also secured by TLS, and the clients scraping the metrics endpoint need to authenticate against it. This could for example be accomplished by utilizing mTLS between Kubernetes Pods with the Secret Operator.
When using Prometheus ServiceMonitor for scraping, the address label needs relabeling to use the headless Service instead of the
metrics Service. This is because by default Prometheus targets the Pod IPs as endpoints, but since the Pod IPs are not
part of the certificate, the authentication will fail. Instead, the FQDN of the Pods, which can be added to the certificate, is used, but
this FQDN is only available through the headless Service.
A more detailed explanation can be found in the NiFi Operator Monitoring Docs with a similar situation
and an example of a Prometheus ServiceMonitor configured for TLS in the
Monitoring Stack.