Posted On 02.07.2026

CNPG – Installation – Monitoring

0 comments
confdroid.com >> blog >> CNPG – Installation – Monitoring

Monitoring CloudNativePG Clusters with the PLG Stack

Monitoring your CloudNativePG (CNPG) clusters is essential. Without proper visibility, small issues can quickly escalate into major outages or performance bottlenecks that affect your entire application.
Fortunately, CNPG makes monitoring straightforward. While many monitoring solutions exist, this post focuses on the popular PLG stack—Prometheus, Loki, and Grafana—which integrates seamlessly with Kubernetes.

What Is the PLG Stack?

  • Prometheus: An open-source time-series database and monitoring system. It collects and stores metrics from your applications and infrastructure. Unlike traditional threshold-based tools, Prometheus gathers data points over time, enabling powerful querying and alerting.
  • Loki: A lightweight, horizontally scalable log aggregation system inspired by Prometheus. It indexes metadata labels rather than the full content of logs, making it cost-effective and easy to operate.
  • Grafana: A powerful open-source visualization platform. It connects to various data sources (including Prometheus and Loki) to create rich dashboards, charts, and alerts. Grafana itself does not store monitoring data—it simply displays it.

Together, these tools provide a complete observability solution: metrics, logs, and beautiful visualizations.

The Tech Stack in This Environment

In this setup, a dedicated Prometheus instance runs inside Kubernetes alongside Thanos for long-term storage and MinIO as a cost-effective object store. This approach also collects metrics from the underlying Linux nodes, not just Kubernetes resources.
Grafana runs as a single instance integrated with Keycloak for authentication. Loki operates quietly in the background, feeding logs into Grafana.

How CNPG Monitoring Works

The great news is that no changes are required inside CNPG itself. Every CNPG pod automatically exposes metrics on port 9187. If you are using poolers, they expose metrics on port 9127.
Prometheus discovers and scrapes these metrics using Kubernetes service discovery.
Here is the recommended scrape configuration for Prometheus:

- job_name: 'cnpg-pods'
  kubernetes_sd_configs:
    - role: pod

  relabel_configs:
    # Keep only CNPG PostgreSQL pods
    - source_labels: [__meta_kubernetes_pod_label_cnpg_io_cluster]
      action: keep
      regex: .+

    # Keep only the metrics port
    - source_labels: [__meta_kubernetes_pod_container_port_name]
      action: keep
      regex: ^metrics$

    # Add useful labels
    - source_labels: [__meta_kubernetes_namespace]
      target_label: namespace
    - source_labels: [__meta_kubernetes_pod_label_cnpg_io_cluster]
      target_label: cluster
    - source_labels: [__meta_kubernetes_pod_name]
      target_label: pod

    # Clean up instance label
    - source_labels: [__address__]
      target_label: instance
      regex: '(.+):\d+'
      replacement: '$1'
      - job_name: 'cnpg-pods'
  kubernetes_sd_configs:
    - role: pod

  relabel_configs:
    # Keep only CNPG PostgreSQL pods
    - source_labels: [__meta_kubernetes_pod_label_cnpg_io_cluster]
      action: keep
      regex: .+

    # Keep only the metrics port
    - source_labels: [__meta_kubernetes_pod_container_port_name]
      action: keep
      regex: ^metrics$

    # Add useful labels
    - source_labels: [__meta_kubernetes_namespace]
      target_label: namespace
    - source_labels: [__meta_kubernetes_pod_label_cnpg_io_cluster]
      target_label: cluster
    - source_labels: [__meta_kubernetes_pod_name]
      target_label: pod

    # Clean up instance label
    - source_labels: [__address__]
      target_label: instance
      regex: '(.+):\d+'
      replacement: '$1'

Required Permissions (RBAC)

For Prometheus to discover CNPG pods, it needs the right permissions. Create the following resources:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: prometheus-svc-acc
  namespace: prometheus

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: prometheus-cnpg-discovery
rules:
  - apiGroups: [""]
    resources:
      - nodes
      - nodes/metrics
      - services
      - endpoints
      - pods
    verbs: ["get", "list", "watch"]

  - apiGroups: ["extensions", "networking.k8s.io"]
    resources:
      - ingresses
    verbs: ["get", "list", "watch"]

  - nonResourceURLs: ["/metrics"]
    verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: prometheus-cnpg-discovery
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus-cnpg-discovery
subjects:
  - kind: ServiceAccount
    name: prometheus-svc-acc
    namespace: prometheus

Once these are applied, Prometheus should show your CNPG pods as healthy targets.

Visualizing Data in Grafana

Connect Grafana to your Prometheus instance as a data source. You can then import the official CloudNativePG dashboard using ID 20417.

How the PLG Stack Works Together

Mermaid diagram

Advertisements

Flow Summary:

  1. CNPG pods expose metrics and logs.
  2. Prometheus scrapes metrics.
  3. Loki collects and stores logs.
  4. Grafana queries both systems and presents everything in user-friendly dashboards.

This setup gives you comprehensive visibility into your database clusters with minimal ongoing maintenance.


In the next post, we will explore backups and archiving strategies for CloudNativePG. Stay tuned!


Did you find this post helpful? You can support me.

"Buy Me A Coffee"

Substack

ConfDroid Feedback Portal

Related posts

Author Profile

12ww1160DevOps engineer & architect

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + seven =

Related Post

Kubernetes Quickie: Extract the Ca-Bundle

Today I came across a new little problem: Configuring a MutatingWebhookConfiguration for Nginx ingress controller.…

ConfDroid Puppet Modules – java

Introducing confdroid_java: A Lightweight Helper for Reliable Java Installations We’re continuing the ConfDroid Puppet modules…

Brave Browser won’t start after renaming host

Symptoms: Brave Browser will not start at allEnvironment: SymtomsBrave Browser will not start, no error…