Cloud Native 24 min read
Master Enterprise Monitoring: Build a Prometheus + Grafana Observability Platform
This guide details how to design and implement an enterprise‑grade cloud‑native observability platform using Prometheus for metrics collection and Grafana for visualization, covering architecture, high‑availability deployment, alerting, dashboard automation, case studies, best‑practice recommendations, and future trends.
Raymond Ops
Raymond Ops
Introduction
In the cloud‑native era, traditional monitoring cannot keep up with dynamic, distributed micro‑service architectures. Prometheus has become the de‑facto standard for metrics collection, and Grafana provides powerful visualization, together forming a modern observability stack.
Technical Background
Monitoring Evolution
Traditional monitoring (2000‑2010): Nagios, Zabbix, static configuration, infrastructure‑focused.
Application performance monitoring (2011‑2015): APM tools such as New Relic, focus on application layer, introduction of distributed tracing.
Cloud‑native monitoring (2016‑2020): Prometheus and Grafana become mainstream, container and micro‑service monitoring, metric‑driven observability.
Intelligent observability (2021‑present): AIOps integration, predictive alerts, auto‑remediation, full‑stack platforms.
Prometheus Core Architecture
Prometheus uses a pull‑based time‑series database with key features:
Multi‑dimensional data model.
PromQL query language.
Service discovery (Kubernetes, Consul, DNS, static files).
# Time‑series format
http_requests_total{method="GET",handler="/api",status="200"} 123456# Compute error rate
rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m])
# Compute P95 latency
histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))Prometheus Cluster Architecture
High‑Availability Deployment (Federation)
# prometheus-federation.yml
global:
scrape_interval: 15s
evaluation_interval: 15s
external_labels:
cluster: 'production'
region: 'us-west-1'
rule_files:
- /etc/prometheus/rules/*.yml
alerting:
alertmanagers:
- static_configs:
- targets:
- alertmanager-1:9093
- alertmanager-2:9093
- alertmanager-3:9093
scrape_configs:
- job_name: 'prometheus-federation'
scrape_interval: 15s
honor_labels: true
metrics_path: '/federate'
params:
'match[]':
- '{__name__=~"up|prometheus_.*"}'
- '{__name__=~"node_.*"}'
- '{__name__=~"container_.*"}'
- '{__name__=~"http_requests_.*"}'
static_configs:
- targets:
- prometheus-cluster-1:9090
- prometheus-cluster-2:9090
- prometheus-cluster-3:9090
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- default
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels: [__meta_kubernetes_namespace,__meta_kubernetes_service_name,__meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
- job_name: 'kubernetes-nodes'
kubernetes_sd_configs:
- role: node
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)Storage Optimization
# prometheus.yml storage configuration
global:
scrape_interval: 15s
evaluation_interval: 15s
storage:
tsdb:
retention.time: 30d
retention.size: 500GB
wal-compression: true
max-block-duration: 2h
min-block-duration: 2h
remote_write:
- url: "http://thanos-receive:19291/api/v1/receive"
queue_config:
max_samples_per_send: 10000
max_shards: 200
capacity: 100000
write_relabel_configs:
- source_labels: ['__name__']
regex: 'prometheus_.*|go_.*'
action: drop
remote_read:
- url: "http://thanos-query:10902/api/v1/query"
read_recent: trueSharding Strategy
# prometheus-shard-web.yml
scrape_configs:
- job_name: 'web-services'
kubernetes_sd_configs:
- role: pod
namespaces:
names: [web, frontend]
relabel_configs:
- source_labels: ['__meta_kubernetes_pod_annotation_prometheus_io_scrape']
action: keep
regex: true
- source_labels: ['__meta_kubernetes_pod_annotation_prometheus_io_path']
action: replace
target_label: '__metrics_path__'
regex: (.+)
# prometheus-shard-data.yml
scrape_configs:
- job_name: 'data-services'
kubernetes_sd_configs:
- role: pod
namespaces:
names: [database, cache, storage]
relabel_configs:
- source_labels: ['__meta_kubernetes_pod_annotation_prometheus_io_scrape']
action: keep
regex: trueAlerting Rules and Management
Tiered Alerting
Infrastructure alerts (node down, high CPU, memory, disk):
# alerts/infrastructure.yml
groups:
- name: infrastructure
rules:
- alert: NodeDown
expr: up{job="node-exporter"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Node {{ $labels.instance }} is down"
- alert: HighCPUUsage
expr: 100 - (avg by(instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 80
for: 5m
labels:
severity: warning
annotations:
summary: "High CPU usage on {{ $labels.instance }}"
- alert: HighMemoryUsage
expr: (1 - (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes)) * 100 > 85
for: 5m
labels:
severity: warning
annotations:
summary: "High memory usage on {{ $labels.instance }}"
- alert: DiskSpaceHigh
expr: (1 - (node_filesystem_avail_bytes / node_filesystem_size_bytes)) * 100 > 85
for: 2m
labels:
severity: warning
annotations:
summary: "Disk space high on {{ $labels.instance }} mount point {{ $labels.mountpoint }}"Application alerts (service down, error rate, latency, DB connection pool):
# alerts/applications.yml
groups:
- name: applications
rules:
- alert: ServiceDown
expr: up{job=~".*-service"} == 0
for: 30s
labels:
severity: critical
annotations:
summary: "Service {{ $labels.job }} is down"
- alert: HighErrorRate
expr: (rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m])) * 100 > 5
for: 2m
labels:
severity: critical
annotations:
summary: "High error rate for {{ $labels.job }}"
- alert: HighLatency
expr: histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m])) > 0.5
for: 3m
labels:
severity: warning
annotations:
summary: "High latency for {{ $labels.job }}"
- alert: DatabaseConnectionPoolHigh
expr: (database_connections_active / database_connections_max) * 100 > 80
for: 2m
labels:
severity: warning
annotations:
summary: "Database connection pool utilization high"Smart Alert Management
Advanced Alertmanager configuration with routing, inhibition, and receivers (email, Slack, PagerDuty):
# alertmanager.yml
global:
smtp_smarthost: 'smtp.company.com:587'
smtp_from: '[email protected]'
route:
group_by: ['alertname','cluster','service']
group_wait: 10s
group_interval: 10s
repeat_interval: 12h
receiver: 'default-receiver'
routes:
- match:
severity: critical
receiver: 'critical-alerts'
group_wait: 0s
repeat_interval: 5m
- match_re:
time: '(Saturday|Sunday)|([01][0-9]|2[0-3]):[0-5][0-9]'
receiver: 'off-hours-alerts'
group_interval: 30m
repeat_interval: 4h
inhibit_rules:
- source_match:
severity: 'critical'
target_match:
severity: 'warning'
equal: ['alertname','instance']
receivers:
- name: 'default-receiver'
email_configs:
- to: '[email protected]'
- name: 'critical-alerts'
slack_configs:
- api_url: 'https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX'
channel: '#alerts-critical'
title: 'Critical Alert'
- name: 'security-team'
email_configs:
- to: '[email protected]'
subject: '[SECURITY ALERT] {{ .GroupLabels.alertname }}'Grafana Visualization
Enterprise Dashboard Example
{
"dashboard": {
"title": "Infrastructure Overview",
"panels": [
{
"id": 1,
"title": "Cluster Health",
"type": "stat",
"targets": [
{"expr":"up{job=\"kubernetes-apiservers\"}","legendFormat":"API Server"},
{"expr":"up{job=\"node-exporter\"}","legendFormat":"Nodes"}
]
},
{
"id": 2,
"title": "CPU Usage by Node",
"type": "graph",
"targets": [
{"expr":"100 - (avg by(instance) (irate(node_cpu_seconds_total{mode=\"idle\"}[5m])) * 100)","legendFormat":"{{ instance }}"}
]
}
],
"time": {"from":"now-1h","to":"now"},
"refresh": "30s"
}
}Dashboard as Code
# grafana-dashboards.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-dashboards-config
data:
infrastructure.json: |
{{ infrastructure_dashboard_json }}
applications.json: |
{{ applications_dashboard_json }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
spec:
template:
spec:
containers:
- name: grafana
image: grafana/grafana:latest
env:
- name: GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH
value: /var/lib/grafana/dashboards/infrastructure.json
volumeMounts:
- name: dashboard-config
mountPath: /var/lib/grafana/dashboards
volumes:
- name: dashboard-config
configMap:
name: grafana-dashboards-configAdvanced Monitoring Strategies
Multi‑Cluster Monitoring with Thanos
# thanos-query.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: thanos-query
spec:
template:
spec:
containers:
- name: thanos-query
image: thanosio/thanos:v0.31.0
args:
- query
- --http-address=0.0.0.0:10902
- --grpc-address=0.0.0.0:10901
- --store=thanos-store:10901
- --store=prometheus-cluster-1:10901
- --store=prometheus-cluster-2:10901
- --store=prometheus-cluster-3:10901
- --query.replica-label=replica
ports:
- containerPort: 10902
name: http
- containerPort: 10901
name: grpc
---
# thanos-store.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: thanos-store
spec:
template:
spec:
containers:
- name: thanos-store
image: thanosio/thanos:v0.31.0
args:
- store
- --http-address=0.0.0.0:10902
- --grpc-address=0.0.0.0:10901
- --data-dir=/data
- --objstore.config-file=/etc/thanos/objstore.yml
volumeMounts:
- name: object-store-config
mountPath: /etc/thanos
- name: data
mountPath: /data
volumes:
- name: object-store-config
secret:
secretName: thanos-objstore-configCustom Metrics Export (Go example)
// Go application metrics example
package main
import (
"net/http"
"time"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto"
"github.com/prometheus/client_golang/prometheus/promhttp"
)
var (
httpRequestsTotal = promauto.NewCounterVec(
prometheus.CounterOpts{Name: "http_requests_total", Help: "Total number of HTTP requests"},
[]string{"method", "endpoint", "status_code"},
)
httpRequestDuration = promauto.NewHistogramVec(
prometheus.HistogramOpts{Name: "http_request_duration_seconds", Help: "HTTP request duration in seconds", Buckets: prometheus.DefBuckets},
[]string{"method", "endpoint"},
)
activeConnections = promauto.NewGauge(prometheus.GaugeOpts{Name: "active_connections", Help: "Number of active connections"})
orderProcessingDuration = promauto.NewHistogramVec(
prometheus.HistogramOpts{Name: "order_processing_duration_seconds", Help: "Order processing duration in seconds", Buckets: []float64{0.1,0.5,1,2,5,10}},
[]string{"order_type", "payment_method"},
)
)
func instrumentHandler(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
start := time.Now()
next(w, r)
duration := time.Since(start).Seconds()
httpRequestDuration.WithLabelValues(r.Method, r.URL.Path).Observe(duration)
httpRequestsTotal.WithLabelValues(r.Method, r.URL.Path, "200").Inc()
}
}
func main() {
http.Handle("/metrics", promhttp.Handler())
http.HandleFunc("/api/orders", instrumentHandler(handleOrders))
http.ListenAndServe(":8080", nil)
}Practical Cases
Case 1 – Large E‑commerce Platform
Background: Over 500 micro‑services process more than 10 million orders daily.
Architecture: Four‑layer monitoring (infrastructure, platform, application, business) with dedicated exporters.
# Monitoring layers
layers:
- name: infrastructure
components: [nodes, network, storage]
tools: [node-exporter, blackbox-exporter]
- name: platform
components: [kubernetes, docker, istio]
tools: [kube-state-metrics, cadvisor]
- name: application
components: [microservices, databases, caches]
tools: [custom-exporters, mysql-exporter, redis-exporter]
- name: business
components: [orders, payments, inventory]
tools: [application-metrics]Key Business Metrics:
# Order processing success rate
sum(rate(orders_processed_total{status="success"}[5m])) /
sum(rate(orders_processed_total[5m])) * 100
# Payment success rate
sum(rate(payments_total{status="success"}[5m])) /
sum(rate(payments_total[5m])) * 100
# Inventory accuracy
sum(inventory_items_accurate) / sum(inventory_items_total) * 100Alerting:
# Business alert rules
- alert: OrderProcessingDown
expr: rate(orders_processed_total[5m]) == 0
for: 30s
labels:
severity: critical
business_impact: high
annotations:
summary: "Order processing has stopped"
- alert: PaymentFailureRateHigh
expr: (rate(payments_total{status="failed"}[5m]) / rate(payments_total[5m])) * 100 > 5
for: 2m
labels:
severity: critical
business_impact: highMTTR reduced from 45 min to 8 min.
Service availability improved from 99.5% to 99.95%.
Failure prevention rate increased by 65%.
Monitoring coverage reached 98%.
Case 2 – Financial Services Compliance Monitoring
Background: A bank must meet strict regulatory requirements for real‑time risk control, transaction monitoring, and compliance reporting.
Monitoring Solution:
# Abnormal transaction detection
increase(transactions_total{amount_range="high"}[1m]) > 10
# Cross‑border transaction volume
sum(rate(transactions_total{type="cross_border"}[5m])) by (country)
# High‑frequency trading detection
sum(rate(transactions_total[1m])) by (user_id) > 100Compliance dashboards and security alerts:
# Security alert rules
- alert: UnauthorizedAccess
expr: increase(auth_failures_total[5m]) > 10
labels:
severity: critical
category: security
- alert: SuspiciousTransaction
expr: transactions_risk_score > 9
labels:
severity: high
category: fraudRegulatory reporting automation reached 95%.
Risk event detection time shortened by 80%.
Compliance check efficiency improved by 300%.
All regulatory audits passed.
Best Practices
Metric Design Principles
USE method:
# Utilization
cpu_utilization = 100 - (avg(irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100)
# Saturation
memory_saturation = (node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes * 100
# Errors
error_rate = rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m]) * 100RED method:
# Rate
request_rate = sum(rate(http_requests_total[5m])) by (service)
# Errors
error_rate = sum(rate(http_requests_total{status=~"5.."}[5m])) by (service) / sum(rate(http_requests_total[5m])) by (service)
# Duration
response_time_p95 = histogram_quantile(0.95, sum(rate(http_request_duration_seconds_bucket[5m])) by (le, service))Performance Optimization
Query optimization using recording rules:
# Before: sum(container_memory_usage_bytes) by (pod)
# After: sum(rate(container_memory_usage_bytes[5m])) by (pod)
# Recording rule example
- record: job:http_request_rate5m
expr: sum(rate(http_requests_total[5m])) by (job)Storage tiering policies:
# Retention policies
- resolution: raw
retention: 7d
- resolution: 5m
retention: 30d
- resolution: 1h
retention: 1yAlert Noise Reduction
Smart grouping and inhibition:
# Alert grouping
route:
group_by: ['alertname','cluster','service']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
# Inhibit lower‑severity alerts when a critical one is firing
inhibit_rules:
- source_match:
alertname: 'ServiceDown'
target_match:
alertname: 'HighLatency'
equal: ['service','instance']Observability Best Practices
Define SLI/SLOs:
# SLI definitions
slis:
availability:
query: "avg(up{job='my-service'})"
target: 0.999
latency:
query: "histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))"
target: 0.1
error_rate:
query: "rate(http_requests_total{status=~'5..'}[5m]) / rate(http_requests_total[5m])"
target: 0.001
# Error budget calculation
error_budget = (1 - slo_target) * total_requestsConclusion and Outlook
Prometheus‑based cloud‑native monitoring has become the backbone of modern observability. The guide demonstrates how architecture, alerting, visualization, and automation combine to improve reliability, reduce MTTR, and deliver measurable business value. Future trends include deeper integration of metrics, logs, and traces; AI‑ops for predictive alerts and self‑healing; edge‑device monitoring; and unified multi‑cloud observability.
References
Prometheus official documentation
Grafana official documentation
Alertmanager configuration guide
Prometheus monitoring best practices
PromQL query language guide
Grafana dashboard design guide
CNCF observability projects
Thanos long‑term storage
VictoriaMetrics high‑performance solution
OpenTelemetry integration
Written by
Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
0 followers
Reader feedback
How this landed with the community
Rate this article
Was this worth your time?
Discussion
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.