OpenShift Container Platform includes a built-in monitoring stack based on Prometheus that can be extended to monitor user workloads. This guide explains how to configure Trilio for Kubernetes (T4K) observability using OpenShift's native monitoring capabilities.
Update the cluster-monitoring-config ConfigMap to enable user workload monitoring and allow AlertmanagerConfig resources to route to the platform Alertmanager:
Configure User Workload Monitoring (openshift-user-workload-monitoring)
To enable a dedicated Alertmanager for user workload monitoring (separate from the platform Alertmanager), create the user-workload-monitoring-config ConfigMap:
Choosing between Platform and User Workload Alertmanager:
Configuration
Alertmanager Location
Use Case
cluster-monitoring-config with alertmanagerMain.enableUserAlertmanagerConfig: true
Platform (openshift-monitoring)
Route user alerts to the shared platform Alertmanager
user-workload-monitoring-config with alertmanager.enabled: true
User Workload (openshift-user-workload-monitoring)
Dedicated Alertmanager for user workloads, separate from platform alerts
You can use either or both configurations depending on your requirements.
Note: If you enable the user workload Alertmanager (user-workload-monitoring-config), AlertmanagerConfig resources in user namespaces will route to the user workload Alertmanager, not the platform Alertmanager.
4
Verify Alertmanager is Running
Platform Alertmanager (openshift-monitoring)
Check that the platform Alertmanager pods are running:
ocgetpods-nopenshift-monitoring-lapp.kubernetes.io/name=alertmanager# Expected output:# NAME READY STATUS RESTARTS AGE# alertmanager-main-0 6/6 Running 0 5m# alertmanager-main-1 6/6 Running 0 5m
Access the platform Alertmanager UI:
# Port-forward to access the UIocport-forward-nopenshift-monitoringsvc/alertmanager-main9093:9093# Open http://localhost:9093 in your browser
User Workload Alertmanager (openshift-user-workload-monitoring)
If you enabled the user workload Alertmanager, verify it's running:
ocgetpods-nopenshift-user-workload-monitoring-lapp.kubernetes.io/name=alertmanager# Expected output:# NAME READY STATUS RESTARTS AGE# alertmanager-user-workload-0 6/6 Running 0 5m# alertmanager-user-workload-1 6/6 Running 0 5m
Access the user workload Alertmanager UI:
# Port-forward to access the UIocport-forward-nopenshift-user-workload-monitoringsvc/alertmanager-user-workload9093:9093# Open http://localhost:9093 in your browser
Tip: You can check which Alertmanager your alerts are routing to by viewing the alert in the OpenShift Console under Observe > Alerting > Alerts and checking the source.
5
Grant User Permissions for Alert Routing (Optional)
To allow non-admin users to create AlertmanagerConfig resources, grant them the alert-routing-edit role:
# Grant alert-routing-edit to a specific userocadmpolicyadd-role-to-useralert-routing-edit<username>-n<namespace># Or grant to a groupocadmpolicyadd-role-to-groupalert-routing-edit<groupname>-n<namespace>
Available roles for monitoring:
Role
Description
monitoring-rules-view
View PrometheusRule and AlertmanagerConfig resources
monitoring-rules-edit
Create/modify PrometheusRule resources
monitoring-edit
Create/modify ServiceMonitor, PodMonitor, and PrometheusRule resources
alert-routing-edit
Create/modify AlertmanagerConfig resources
Configuring T4K Metrics Collection
Option 1: Enable ServiceMonitor via TVM Custom Resource (Recommended)
On OpenShift, enable Prometheus scraping for T4K by setting exporter.serviceMonitor.enabled: true in the TrilioVaultManager (TVM) Custom Resource.
Example TVM spec (edit your existing TVM and apply):
This creates:
A Service exposing the exporter metrics on port 8080 (created by the exporter)
A ServiceMonitor that configures Prometheus to scrape the metrics
Option 2: Create ServiceMonitor Manually
If you prefer to create the ServiceMonitor manually or need custom configuration, apply the following:
Apply the ServiceMonitor:
When exporter.serviceMonitor.enabled is set to false (default), the exporter pod includes Prometheus scrape annotations (prometheus.io/scrape: "true"). If your Prometheus is configured to discover targets via annotations, metrics will be collected automatically without a ServiceMonitor.
Verifying Metrics Collection
After applying the ServiceMonitor, verify that metrics are being collected:
You can also verify from the OpenShift web console by navigating to Observe > Metrics and querying for trilio_backup_info.
Configuring T4K Alerting Rules
OpenShift uses PrometheusRule resources to define alerting rules. Create alerting rules for T4K in the namespace where T4K is installed, trilio-system by default.
T4K Alerting Rules
Create a file named t4k-prometheus-rules.yaml:
Apply the alerting rules:
Verifying Alerting Rules
Check that the alerting rules are loaded:
You can also view the alerts in the OpenShift web console by navigating to Observe > Alerting > Alerting rules.
Configuring Alert Routing
OpenShift supports AlertmanagerConfig resources for configuring alert routing in user workloads. This allows you to define custom receivers and routing rules for T4K alerts.
Prerequisites for Alert Routing
Ensure your user has the alert-routing-edit cluster role:
Example: AlertmanagerConfig with Slack Notifications
Create a file named t4k-alertmanager-config.yaml:
Creating the Slack Webhook Secret
Store your Slack webhook URL in a Kubernetes Secret:
Apply the AlertmanagerConfig:
Example: AlertmanagerConfig with Email Notifications
Create the SMTP password secret:
Example: AlertmanagerConfig with PagerDuty
Create the PagerDuty secret:
Custom Notification Templates
OpenShift Alertmanager supports custom notification templates for email and Slack messages. This section explains how to configure T4K-specific templates with rich formatting.
Use inline templates directly in your AlertmanagerConfig for full control over notification formatting:
Viewing Metrics and Alerts in OpenShift Console
1
Viewing Metrics
Navigate to Observe > Metrics in the OpenShift web console
Select your project namespace from the dropdown
Enter a PromQL query, for example:
trilio_backup_info - View all backup statuses
trilio_backup_info == -1 - View failed backups
trilio_target_info - View target statuses
2
Viewing Alerts
Navigate to Observe > Alerting in the OpenShift web console
Click on Alerting rules to see all configured rules including T4K rules
Click on Alerts to see currently firing alerts
Use filters to narrow down to T4K alerts by searching for "T4K"
3
Viewing Alert Silences
Navigate to Observe > Alerting > Silences
Create silences for maintenance windows or known issues
T4K Metrics Reference
Trilio for Kubernetes exports the following Prometheus metrics:
Metric Value Conventions
For status-based metrics (*_info metrics), the numeric value indicates the status:
Status
Metric Value
Description
Available / Completed
1
Resource is healthy/successful
Failed / Error
-1
Resource has failed
InProgress
0
Operation is in progress
Empty/Unknown
-2
Status not yet determined
Available Metrics
Backup Metrics
Metric Name
Description
trilio_backup_info
Backup status and metadata
trilio_backup_storage
Backup size in bytes
trilio_backup_status_percentage
Backup progress (0-100)
trilio_backup_completed_duration
Backup duration in minutes (only for completed backups)
trilio_backup_metadata_info
Detailed backup object metadata
Restore Metrics
Metric Name
Description
trilio_restore_info
Restore status and metadata
trilio_restore_status_percentage
Restore progress (0-100)
trilio_restore_completed_duration
Restore duration in minutes (only for completed restores)
Target Metrics
Metric Name
Description
trilio_target_info
Target availability status (1=available, 0=unavailable)
trilio_target_storage
Storage used by target in bytes
BackupPlan Metrics
Metric Name
Description
trilio_backupplan_info
BackupPlan status and summary
trilio_backupplan_crstatus
BackupPlan continuous restore status
Continuous Restore Metrics
Metric Name
Description
trilio_continuousrestoreplan_info
ContinuousRestorePlan status
trilio_consistentset_info
ConsistentSet status and details
trilio_consistentset_status_percentage
ConsistentSet progress (0-100)
trilio_consistentset_completed_duration
ConsistentSet duration in minutes
Example PromQL Queries
Separating Platform and User Alerts
OpenShift adds the label openshift_io_alert_source="platform" to all platform alerts. You can use this to configure different routing for T4K alerts:
Troubleshooting
Metrics Not Appearing
Verify the T4K exporter pod is running:
Check if the ServiceMonitor is correctly configured:
# Count of failed backups by namespace
count(trilio_backup_info == -1) by (resource_namespace)
# List all successful backups
trilio_backup_info{status="Available"}
# Total backup storage per target
sum(trilio_backup_storage) by (target)
# Average backup duration by backupplan
avg(trilio_backup_completed_duration) by (backupplan)
# Unavailable targets
trilio_target_info == 0
# BackupPlans without successful backups
trilio_backupplan_info{protected="False"}
# Failed restores
trilio_restore_info == -1
# ContinuousRestorePlan replication status
trilio_consistentset_info{status="InProgress"}
