Monitoring when using the IBM MQ Operator

Queue managers managed by the IBM® MQ Operator can produce metrics compatible with Prometheus. Queue manager metrics are enabled and served through HTTP by default.

Before you begin

Using HTTPS for queue manager metrics

From 9.4.2.0-r1, queue managers can serve metrics through HTTPS. Prior to 9.4.2.0-r1 queue managers can only serve metrics through HTTP.

Note: All queue managers serve metrics through HTTP by default.

About this task

Prometheus is an open source time-series database and a rule evaluation engine for metrics. The IBM MQ containers expose a metrics endpoint that can be queried by Prometheus. The metrics are generated from the system topics of an IBM MQ queue manager.

OpenShift® Container Platform includes a pre-configured, pre-installed, and self-updating monitoring stack that uses a Prometheus server. The OpenShift Container Platform monitoring stack needs to be configured to monitor user-defined projects. See Enabling monitoring for user-defined projects in the Red Hat® OpenShift documentation.

If you are deploying on Amazon EKS, you can deploy Prometheus then manually configure the scrape target in Prometheus.

When you create a QueueManager with metrics enabled, by default the IBM MQ Operator creates a ServiceMonitor that the Prometheus Operator can then discover. If you are using a different method to deploy Prometheus, you must disable the ServiceMonitor and manually configure the scrape target in Prometheus.

Procedure

View queue manager metrics.
Red Hat OpenShift
Use the Red Hat OpenShift Container Platform (OCP) monitoring stack
1. Open the Metrics tab in OCP.
2. Click Observe > Metrics.
Amazon EKS
1. Set .spec.queueManager.metrics.serviceMonitor.enabled to false because ServiceMonitors are a Red Hat OpenShift specific feature that is enabled by default. This feature must be disabled explicitly on Amazon EKS
  spec: queueManager: metrics: enabled: true serviceMonitor: enabled: false
2. Deploy Prometheus then manually configure the scrape target in Prometheus.
3. View metrics. Queue manager metrics are served on port 9157. You can view the metrics by querying this endpoint from within the queue manager pod. For example, run the following command, where <POD> is the name of your queue manager pod:
  kubectl exec -t <POD> -- curl http://0.0.0.0:9157/metrics
Serve queue manager metrics through HTTPS
Red Hat OpenShift
Set .spec.queueManager.metrics.tls.provider to openshift.
```
spec:
  queueManager:
    metrics:
      enabled: true
      tls:
        provider: openshift
```
Note: Using this setting creates a Red Hat OpenShift certificate that is used by the HTTPS metrics server of a queue manager. No other providers can be configured for use by the IBM MQ Operator.
Amazon EKS (and optionally, but not recommended, Red Hat OpenShift)
Provide your own certificates to serve queue manager metrics through HTTPS.
If you are using Red Hat OpenShift, you can choose this option but it is not recommended because it requires disabling the ServiceMonitor and losing the benefits of that feature.
Set the following values in the queue manager YAML:

.spec.queueManager.metrics.tls.provider: manual

.spec.queueManager.metrics.tls.secretName: the name of a Kubernetes TLS secret that contains your own certificates. For example, you can follow the instructions to create a pair of certificates and store them in a secret as described in Creating a self-signed PKI using OpenSSL.

.spec.queueManager.metrics.serviceMonitor.enabled: false
spec: queueManager: metrics: enabled: true tls: provider: manual secretName: <my-tls-secret> serviceMonitor: enabled: false
You can view the metrics by querying the metrics endpoint from within the queue manager pod. For example, when using self-signed certificates, run the following command, where <POD> is the name of your queue manager pod:
kubectl exec -t <POD> -- curl https://0.0.0.0:9157/metrics --insecure
Disable queue manager metrics.

Set .spec.queueManager.metrics.enabled to false.