How it works
Edge runs as a sidecar container in the same pod as your application. Prometheus scrapes Edge instead of your application. Edge proxies the request to your app’s/metrics endpoint, applies policies to filter metrics, and returns
the filtered response.
Key features
- Streaming processing: Edge filters metrics line-by-line as they stream through, keeping memory usage bounded regardless of response size
- Dual byte limits: Configure
max_input_bytes_per_scrapeto bound memory usage andmax_output_bytes_per_scrapeto cap filtered response size - Zero-copy forwarding: Edge forwards metrics that pass policy checks without extra allocations
- Fail-open behavior: If policy evaluation fails, metrics pass through unchanged
Prerequisites
- Application exposing Prometheus metrics on Kubernetes
- Prometheus configured to scrape your pods
kubectlaccess to your cluster- Tero account
Connect
Create the Edge ConfigMap
Create a ConfigMap with your Edge configuration:
tero-edge-config.yaml
Set
upstream_url to your application’s metrics endpoint. If your app
exposes metrics on port 8080 at /metrics, use http://localhost:8080.Update Prometheus scrape config
Update your Prometheus configuration to scrape the Edge sidecar port instead
of your application’s metrics port:Or if using ServiceMonitor (Prometheus Operator):
Configuration
Prometheus settings
Configure Prometheus-specific settings in theprometheus section:
| Setting | Default | Description |
|---|---|---|
max_input_bytes_per_scrape | 10MB | Maximum bytes to read from upstream per scrape. Limits memory for buffering input. |
max_output_bytes_per_scrape | 10MB | Maximum bytes to forward to client per scrape. Set lower than input if filtering reduces data. |
Policy providers
Edge supports multiple policy sources. Configure them in thepolicy_providers
array.
File provider
Load policies from a local file. Pick this for static policies bundled in the ConfigMap.HTTP provider
Fetch policies from a remote endpoint. Use this for dynamic policies managed via the Tero API.${TERO_API_KEY} variable is injected from the Kubernetes secret via the
container environment configuration.
Memory tuning
Edge’s streaming architecture keeps memory usage predictable. Key factors:-
Input limit:
max_input_bytes_per_scrapecaps how much data Edge reads from upstream. This bounds memory for buffering input data. -
Output limit:
max_output_bytes_per_scrapecaps how much data Edge forwards to clients. Set this high if you have aggressive filtering. - Line buffer: Edge processes each metric line with a 4KB buffer. Edge passes lines over the 4KB limit through unfiltered.
-
Concurrent scrapes: Memory scales with concurrent scrapes. Each active
scrape can use up to
max_input_bytes_per_scrape.
Troubleshooting
Prometheus can’t scrape metrics Verify Edge is running and healthy:metric telemetry type with METRIC_FILTER stage.
Scrapes timing out
If your app has high-cardinality metrics, increase resource limits:
max_input_bytes_per_scrape isn’t truncating large responses.
Some metrics missing
Check if scrapes are being truncated due to input or output limits: