Skip to main content
Version: 8.8

Set up the Cluster Metrics endpoint

Set up and manage the Cluster Metrics endpoint for a Camunda 8 SaaS Orchestration cluster, including how to activate and deactivate the endpoint and obtain the connection details required to integrate it with an external monitoring system.

Before you begin

Before enabling the Cluster Metrics endpoint, ensure that:

  • You are using Camunda 8 SaaS.
  • You have access to Console and have permission to manage cluster-level settings.
  • If allowlisting is configured for your cluster, the monitoring system’s source IP addresses are added to the cluster IP allowlist.

Enable Cluster Metrics endpoint

Enable the Cluster Metrics endpoint per Orchestration cluster via either the Camunda Console or API. When the endpoint is enabled, Camunda provisions a secure, cluster-scoped metrics endpoint for external scraping.

To activate the endpoint:

  1. Sign in to Camunda Console.
  2. Navigate to Clusters.
  3. Select an existing cluster, or create a new one.
  4. Open the Monitoring tab for the cluster.
  5. Click Activate monitoring endpoint.
  6. Enter a username for the monitoring credentials.
  7. Click Activate.

Capture connection details

When the Cluster Metrics endpoint is activated, the Console displays a dialog containing the authentication credentials.

  1. Copy and store the password securely.
  2. Click Got it to close the dialog.

After closing the dialog, you can find the metrics endpoint URL in the Monitoring tab for the cluster.

warning

Copy and safely store the password when it is displayed. The password is not shown again after you close the dialog. If you lose it, generate a new password.

The following information is required to connect your monitoring system:

  • Metrics endpoint URL: HTTPS endpoint used by your monitoring system to scrape metrics.
  • Username: Used for Basic Authentication.
  • Password: Used for Basic Authentication.

Manage authentication credentials

Authentication credentials are created and managed in Camunda Console.

Create additional credentials

You can create up to 20 credentials per cluster.

To create additional credentials:

  1. On the Monitoring tab, click Create new credentials.
  2. Enter a username.
  3. Generate and copy the password when it is displayed.

Rotate credentials

Ƭo rotate a password:

  1. On the Monitoring tab, locate the credential.
  2. Click the Generate password icon next to the username.
  3. Generate and copy the new password when prompted.

When credentials are removed or rotated, previously issued credentials may continue to work briefly. Access may persist for up to five minutes before the credentials are fully invalidated.

To avoid interruptions during credential rotation, you can create multiple credentials for the same cluster and update your monitoring system to switch between credentials, rather than rotating a single credential in place.

Authentication and IP allowlisting

The Cluster Metrics endpoint enforces both authentication and network restrictions.

RestrictionDescription
AuthenticationThe endpoint uses Basic Authentication.
IP allowlistingThe endpoint enforces the cluster-level IP allowlist.

  • Requests from non-allowlisted IP addresses are rejected.

  • If an IP allowlist is configured for the cluster, you must add the source IP addresses of your monitoring system to the allowlist to access the endpoint.

Error responses

The Cluster Metrics endpoint returns standard HTTP status codes to indicate access and availability issues:

ScenarioHTTP status code
Request from a non-allowlisted IP address.403 Forbidden
Invalid or missing authentication credentials.401 Unauthorized
Request rate exceeds allowed limits.429 Too Many Requests
Metrics endpoint is temporarily unavailable.503 Service Unavailable
Request times out due to high load.504 Gateway Timeout

Disable the Cluster Metrics endpoint

If you no longer want to expose cluster metrics externally, you can disable the Cluster Metrics endpoint:

  • Click Deactivate in the Monitoring tab, or
  • Delete all credentials associated with the endpoint

When the Cluster Metrics endpoint is disabled:

  • The monitoring endpoint is shut down almost immediately (typically within a few seconds).
  • All existing credentials are deleted and are not retained if the endpoint is reactivated.
  • Monitoring systems can no longer scrape metrics from the cluster.

To use the endpoint again, you must reactivate it and create new credentials. Disabling the Cluster Metrics endpoint does not affect cluster operation or workload execution.

Next steps