OpenShift Monitoring: Metrics, Alerts, and SLOs on OCP

The Cluster Monitoring Operator manages Prometheus, Alertmanager, kube-state-metrics, node-exporter, and telemetry collectors in openshift-monitoring. ServiceMonitors and PodMonitors — when permitted — define scrape targets declaratively. Platform alerts cover etcd members, API server error rates, machine config pool degradation, and cluster operator availability.

Prometheus retention defaults suit troubleshooting, not years of compliance storage. Integrate Thanos sidecars or remote_write to corporate Mimir, Cortex, or cloud monitoring for long retention and global query views. Verify remote_write credentials via openshift-monitoring secrets and network egress policies before enabling.

oc adm top and metrics-api provide kubectl-visible resource usage; they do not replace Prometheus for SLO burn rates. Teach on-call engineers which signals are platform-owned (kube-apiserver request latency) vs tenant-owned (HTTP 5xx from app routes).

Platform Prometheus RBAC denies tenant access by design — do not disable it for convenience. Instead enable user workload monitoring or federate metrics to a corporate tenant with proper isolation.

OpenShift includes Grafana for platform dashboards; many enterprises integrate corporate Grafana with OAuth SSO. Import community dashboards for Kubernetes and etcd, then customize thresholds to your environment — default panels assume generic hardware. Build golden dashboards per service tier: latency percentiles, saturation, errors, and dependency health.

Dashboards as code — Jsonnet, Grafana operator CRDs, or ConfigMaps synced via GitOps — prevent UI-only changes that vanish after pod restart. Version dashboards beside application repos so PR review covers observability changes alongside code.

Correlate logs with metrics via trace IDs when using OpenShift Logging with Loki or Elasticsearch. Jumping from Alertmanager notification to Grafana panel to Kibana or Grafana Explore log view should be one click in the runbook, not three bookmarks.

OpenShift console observability tabs help developers who lack Grafana access — platform teams still own golden dashboards for SRE review. Do not let console metrics replace long-retention analytics for capacity planning.

Capacity planning uses Prometheus trends: node CPU/memory allocation ratios, etcd db size growth, persistent volume usage, and ingress connection counts. Forecast before quarterly hardware or cloud commit renewals. Chargeback reports from metrics reduce opaque namespace sprawl.

Security monitoring layers Falco or ACS (Advanced Cluster Security) events atop metrics — unexpected shell in container, crypto miner CPU spikes. Export audit logs to SIEM; correlate with Prometheus anomalies.

During disaster recovery, monitoring tells you whether the restored cluster matches healthy baselines — API latency, etcd leader elections, operator versions. Our disaster recovery article ties RPO/RTO validation to these signals. OpenShift monitoring is the nervous system; treat outages to observability as severity-1 because you are flying blind.

Keep monitoring stack recovery order in DR runbooks — Prometheus before workload scale-up, or alerts fire on cascading failures mistaken for root cause. Test observability failover in game days, not only application failover.

Cluster Logging Operator or LokiStack forwards application logs — correlate trace IDs from OpenTelemetry SDKs with log lines for faster root cause analysis.

Distributed tracing via Tempo or Jaeger on OCP adds request path visibility Routes alone cannot provide — sample rates balance cost and forensic value.

OpenShift monitoring plus logging plus tracing forms the three pillars — metrics alert, logs explain, traces pinpoint. Invest in all three for tier-one services.

Synthetics probing public routes from outside the cluster catch DNS and certificate issues invisible to in-cluster kube-probes. Run synthetics from multiple regions if user base is geo-distributed.

Capacity dashboards should project etcd and PVC growth 90 days forward — leadership approves hardware or cloud commits with data, not gut feel. OpenShift monitoring maturity separates reactive firefighting from planned scaling.