Cannot access prometheus and grafana from browser

Sandeep Yarashi 1 Reputation point

I have aks,appgw , sample webapp ,public ip deployed in azure. In aks I installed prometheus and grafana using helm.
I can curl -L (prometheus port -9090) in aks but can't access localhost:9090 in browser as my laptop and aks is in different network. I want to access prometheus and grafana with public IP of app gateway.
For eg:public ip is I want to access prometheus by and
access grafana by grafana. How to achieve this.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
974 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,898 questions
{count} votes

1 answer

Sort by: Most helpful
  1. SRIJIT-BOSE-MSFT 4,331 Reputation points Microsoft Employee

    @Sandeep Yarashi , Thank you for your question.

    This sounds like a perfect use case of an ingress controller (in your case it would be best to use an Application Gateway ingress Controller) for path based routing of prometheus and grafana services running on the AKS cluster.

    The ingress controller must be deployed before installing grafana and prometheus.

    For Grafana Helm values must have:

        enabled: true  
        - /grafana  

    For prometheus Helm values must have:

      enabled: true  
        nodePort: 9090  
        type: NodePort  
        enabled: true  
        - /prometheus  


    I can curl -L (prometheus port -9090) in aks but can't access localhost:9090 in browser as my laptop and aks is in different network.

    The kubectl proxy:

    • runs on a user's desktop or in a pod
    • proxies from a localhost address to the Kubernetes apiserver
    • client to proxy uses HTTP
    • proxy to apiserver uses HTTPS
    • locates apiserver
    • adds authentication headers

    Without a public IP address this can be used to access services running on the cluster from your workstation machine which is in a different network.

    Hope this helps.

    Please "Accept as Answer" if it helped, so that it can help others in the community looking for help on similar topics.

    1 person found this answer helpful.