A new post on our blog: Monitoring database exposure on Kubernetes and VMs

Coroot v1.9: Kubernetes-Native Database Monitoring Made Easy

Nikolay Sivko

From day one, we built Coroot to work beyond just Kubernetes. Many teams still run databases and other stateful services on dedicated VMs or bare-metal servers. But that’s starting to change. More and more teams no longer see Kubernetes as a platform just for stateless apps. Powerful Kubernetes operators now handle day-2 operations like failover, backups, and disaster recovery—making it easier than ever to run databases on Kubernetes. And the number of teams choosing this path keeps growing.

Coroot takes a layered approach to database monitoring. It uses eBPF to collect performance data that shows how applications interact with databases. These metrics and traces can reveal that a database is slowing down or returning errors – but they don’t explain why. To dig deeper, Coroot includes built-in database exporters that collect internal metrics directly from the databases themselves.

Databases on Kubernetes

When databases run on Kubernetes, they naturally become more dynamic — their IP addresses and credentials can change at any time. To handle this, Coroot had to evolve how it discovers database instances and retrieves credentials for accessing internal stats.

The diagram below shows how advanced database monitoring works in Coroot.

The coroot-cluster-agent is responsible for discovering database instances via the Kubernetes control plane. It checks Pod annotations to determine whether a given Pod should be monitored and where to find the credentials needed to access the database. Once that’s done, it collects internal metrics and sends them to Coroot.

Next, let’s take a closer look at annotations. While they’re well documented, I’d like to walk through a few examples that cover some common use cases.

CloudNativePG

Here is a sample Custom Resource for an HA Postgres cluster of 3 instances.

kind: Cluster
metadata:
  name: pg-cluster
spec:
  instances: 3
  inheritedMetadata:
    annotations:
      coroot.com/postgres-scrape: "true"
      coroot.com/postgres-scrape-credentials-secret-name: pg-cluster
      coroot.com/postgres-scrape-credentials-secret-username-key: username
      coroot.com/postgres-scrape-credentials-secret-password-key: password
  primaryUpdateStrategy: unsupervised
  storage:
    size: 30Gi   
  postgresql:
    shared_preload_libraries: [pg_stat_statements]
    parameters:
      pg_stat_statements.max: "10000"
      pg_stat_statements.track: all
  managed:
    roles:
    - name: coroot
      ensure: present
      login: true
      connectionLimit: 2
      inRoles:
      - pg_monitor
      passwordSecret:
        name: pg-cluster
---
apiVersion: v1
data:
  username: ******==
  password: *********==
kind: Secret
metadata:
  name: pg-cluster
type: kubernetes.io/basic-auth

The operator will create a Postgres user named coroot using the password stored in a Kubernetes Secret. With the right Pod annotations in place, Coroot will automatically start monitoring all instances of the cluster. This integration is fully declarative and can be versioned in Git alongside your database specification.

Redis

According to Coroot’s telemetry, the most popular way to run Redis on Kubernetes is using Bitnami’s Helm chart. Let’s walk through how to configure Coroot to monitor it.

Below is an example of how to instrument a Redis instance without authentication:

redis:
  architecture: standalone
  auth:
    enabled: false
  master:
    podAnnotations:
      coroot.com/redis-scrape: "true"
      coroot.com/redis-scrape-port: "6379"
    persistence:
      enabled: true

For more complex deployments with replication and authentication enabled:

redis:
  architecture: replication
  auth:
    enabled: true
    password: "xxxxxxxx"
  master:
    podAnnotations:
      coroot.com/redis-scrape: "true"
      coroot.com/redis-scrape-port: "6379"
      coroot.com/redis-scrape-credentials-secret-name: "my-redis"
      coroot.com/redis-scrape-credentials-secret-password-key: "redis-password"
  replica:
    podAnnotations:
      coroot.com/redis-scrape: "true"
      coroot.com/redis-scrape-port: "6379"
      coroot.com/redis-scrape-credentials-secret-name: "my-redis"
      coroot.com/redis-scrape-credentials-secret-password-key: "redis-password"

Conclusion

Running databases on Kubernetes is no longer unusual, it’s becoming the norm. With powerful operators and Helm charts, teams can automate day-2 operations and manage stateful workloads more confidently than ever. Coroot embraces this shift by making database monitoring seamless, dynamic, and GitOps-friendly.

Whether you’re running Postgres, Redis, or any other database on Kubernetes, Coroot helps you understand not just what is going wrong, but why. And the best part? It just works—with a few annotations and zero manual setup.

Give it a try, and bring full visibility to your databases the Kubernetes-native way.Try Coroot Community Edition for free, or start a free trial of Coroot Enterprise Edition for advanced capabilities.

If you like Coroot, give us a ⭐ on GitHub️.

Any questions or feedback? Reach out to us on Slack.

Monitoring database exposure on Kubernetes and VMs

Try Coroot Now!

Stop guessing, start seeing with eBPF-powered instant observability.

Start free trial
Live demo

Related posts

This website uses cookies to improve your experience. If you continue to use this site, you agree with it.