Quality of Service Monitoring
QoS is the observability layer for running Blueprints. As an operator, you decide how metrics, logs, and dashboards are exposed to your team or customers. This page outlines what QoS exports and how to configure access safely.
What Gets Exported
QoS uses Prometheus-compatible metrics by default, with optional Grafana and Loki.
| Component | Default Endpoint | Notes |
|---|---|---|
| Prometheus metrics | http://<host>:9090/metrics | Includes /health plus Prometheus v1 API routes like /api/v1/query. |
| Grafana UI | http://<host>:3000 | Only when configured or managed by QoS. |
| Loki push API | http://<host>:3100/loki/api/v1/push | Only when configured or managed by QoS. |
Managed Stack vs External Stack
Managed Stack (Docker)
If the Blueprint enables manage_servers, QoS will launch Grafana/Loki/Prometheus containers. You should:
- Ensure Docker is available on the host.
- Mount persistent volumes for Grafana and Loki (
data_dir). - Override default Grafana credentials (defaults are admin/admin and anonymous access is on).
- Open ports only on trusted networks or front them with a proxy.
External Stack (Recommended for Production)
Run your own observability stack and point QoS to it:
- Configure Prometheus to scrape
http://<host>:9090/metrics. - Set
GrafanaConfig.prometheus_datasource_urlto your Prometheus URL. - If you use Loki, set
LokiConfig.urlto your Loki push endpoint.
This approach keeps credentials and retention policies under your control.
Quick Verification
curl -s http://localhost:9090/health
curl -s http://localhost:9090/metrics | head -n 20Security Notes
- Do not expose Grafana with default credentials.
- Prefer a reverse proxy with auth and TLS.
- If you allow public dashboards, isolate them from write endpoints.