Skip to content

Metrics

The External Secrets Operator exposes its Prometheus metrics in the /metrics path. To enable it, set the serviceMonitor.enabled Helm flag to true. In addition you can also set webhook.serviceMonitor.enabled=true and certController.serviceMonitor.enabled=true to create ServiceMonitor resources for the other components.

If you are using a different monitoring tool that also needs a /metrics endpoint, you can set the metrics.service.enabled Helm flag to true. In addition you can also set webhook.metrics.service.enabled and certController.metrics.service.enabled to scrape the other components.

The Operator has the metrics inherited from Kubebuilder plus some custom metrics with the externalsecret prefix.

External Secret Metrics

Name Type Description
externalsecret_sync_calls_total Counter Total number of the External Secret sync calls
externalsecret_sync_calls_error Counter Total number of the External Secret sync errors
externalsecret_status_condition Gauge The status condition of a specific External Secret
externalsecret_reconcile_duration Gauge The duration time to reconcile the External Secret
controller_runtime_reconcile_total Counter Holds the totalnumber of reconciliations per controller. It has two labels. controller label refers to the controller name and result label refers to the reconcile result i.e success, error, requeue, requeue_after.
controller_runtime_reconcile_errors_total Counter Total number of reconcile errors per controller
controller_runtime_reconcile_time_seconds Histogram Length of time per reconcile per controller
controller_runtime_reconcile_queue_length Gauge Length of reconcile queue per controller
controller_runtime_max_concurrent_reconciles Gauge Maximum number of concurrent reconciles per controller
controller_runtime_active_workers Gauge Number of currently used workers per controller