Skip to main content

Metrics Address

  • Environmental Variable: METRICS_ADDRESS
  • Config File Key: metrics_address
  • Kubernetes: see Metrics
  • Type: string
  • Example: :9090, 127.0.0.1:9090
  • Default: disabled
  • Optional

Expose a prometheus endpoint on the specified port.

danger

Use with caution: the endpoint can expose frontend and backend server names or addresses. Do not externally expose the metrics if this is sensitive information.

Pomerium Metrics Tracked

Each metric exposed by Pomerium has a pomerium prefix, which is omitted in the table below for brevity.

NameTypeDescription
build_infoGaugePomerium build metadata by git revision, service, version and go version
config_checksum_int64GaugeCurrently loaded configuration checksum by service
config_last_reload_successGaugeWhether the last configuration reload succeeded by service
config_last_reload_success_timestampGaugeThe timestamp of the last successful configuration reload by service
grpc_client_request_duration_msHistogramGRPC client request duration by service
grpc_client_request_size_bytesHistogramGRPC client request size by service
grpc_client_requests_totalCounterTotal GRPC client requests made by service
grpc_client_response_size_bytesHistogramGRPC client response size by service
grpc_server_request_duration_msHistogramGRPC server request duration by service
grpc_server_request_size_bytesHistogramGRPC server request size by service
grpc_server_requests_totalCounterTotal GRPC server requests made by service
grpc_server_response_size_bytesHistogramGRPC server response size by service
http_client_request_duration_msHistogramHTTP client request duration by service
http_client_request_size_bytesHistogramHTTP client request size by service
http_client_requests_totalCounterTotal HTTP client requests made by service
http_client_response_size_bytesHistogramHTTP client response size by service
http_server_request_duration_msHistogramHTTP server request duration by service
http_server_request_size_bytesHistogramHTTP server request size by service
http_server_requests_totalCounterTotal HTTP server requests handled by service
http_server_response_size_bytesHistogramHTTP server response size by service
storage_operation_duration_msHistogramStorage operation duration by operation, result, backend and service

Identity Manager

Identity manager metrics have pomerium_identity_manager prefix.

NameTypeDescription
last_refresh_timestampGaugeTimestamp of last directory refresh operation.
session_refresh_error_timestampGaugeTimestamp of last session refresh ended in an error.
session_refresh_errorsCounterSession refresh error counter.
session_refresh_successCounterSession refresh success counter.
session_refresh_success_timestampGaugeTimestamp of last successful session refresh.
user_group_refresh_error_timestampGaugeTimestamp of last user group refresh ended in an error.
user_group_refresh_errorsCounterUser group refresh error counter.
user_group_refresh_successCounterUser group refresh success counter.
user_group_refresh_success_timestampGaugeTimestamp of last group successful user refresh.
user_refresh_error_timestampGaugeTimestamp of last user refresh ended in an error.
user_refresh_errorsCounterUser refresh error counter.
user_refresh_successCounterUser refresh success counter.
user_refresh_success_timestampGaugeTimestamp of last successful user refresh.

Envoy Proxy Metrics

As of v0.9, Pomerium uses envoy for the data plane. As such, proxy related metrics are sourced from envoy, and use envoy's internal stats data model. Please see Envoy's documentation for information about specific metrics.

All metrics coming from envoy will be labeled with service="pomerium" or service="pomerium-proxy", depending if you're running all-in-one or distributed service mode and have pomerium prefix added to the standard envoy metric name.