SNMP Exporter
The SNMP Exporter enables Prometheus to collect metrics from SNMP-enabled devices, specifically monitoring the Synology DS925+ NAS that provides storage for the cluster.
Overview
- Namespace:
default - Image:
prom/snmp-exporter:v0.30.0 - Deployment: Managed by ArgoCD as part of kube-prometheus-stack
- Target Device: Synology DS925+ NAS (10.0.1.204)
Version Update (2026-01-11)
Upgraded from v0.26.0 to v0.30.0 to address 2 CRITICAL and 6 HIGH vulnerabilities.
Breaking Change: The /health endpoint was removed in v0.30.0. Liveness and readiness probes now use / instead.
Purpose
The SNMP Exporter provides comprehensive NAS monitoring by collecting:
- Disk health and temperature
- Volume capacity and usage
- RAID status and health
- System resource utilization
- Network interface statistics
- iSCSI target statistics
- Fan speeds and system temperatures
Architecture
Components
Init Container (config-processor):
- Processes SNMP configuration template
- Injects credentials from Kubernetes secrets
- Generates final configuration file
- Uses busybox:1.36
Main Container (snmp-exporter):
- Prometheus SNMP Exporter
- Exposes HTTP endpoint for metric scraping
- Queries NAS via SNMPv3
- Translates SNMP OIDs to Prometheus metrics
SNMPv3 Configuration
Authentication
The exporter uses SNMPv3 with authentication and privacy for secure monitoring:
Security Level: authPriv
Authentication:
- Protocol: SHA (configurable)
- Username: Stored in secret
- Password: Stored in secret
Privacy (Encryption):
- Protocol: AES (configurable)
- Password: Stored in secret
Why SNMPv3?
- Encrypted communication with NAS
- Authentication prevents unauthorized access
- Privacy ensures data confidentiality
- Industry best practice for SNMP monitoring
Credentials Management
Secret: snmp-exporter-credentials
Location: manifests/base/kube-prometheus-stack/snmp-exporter-secret.yaml (git-crypt encrypted)
Fields:
snmp-username: <username>
snmp-auth-password: <authentication password>
snmp-priv-password: <privacy password>
snmp-auth-protocol: SHA # or MD5
snmp-priv-protocol: AES # or DES
Apply Secret:
kubectl apply -f manifests/base/kube-prometheus-stack/snmp-exporter-secret.yaml
Deployment Configuration
Deployment Manifest
Location: manifests/base/kube-prometheus-stack/snmp-exporter-deployment.yaml
Key Features:
- Init container for credential injection
- Environment variable substitution
- Health checks (liveness and readiness probes)
- Resource limits appropriate for Pi cluster
Resource Limits:
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 100m
memory: 128Mi
Service Configuration
Endpoint: snmp-exporter.default:9116
apiVersion: v1
kind: Service
metadata:
name: snmp-exporter
namespace: default
spec:
type: ClusterIP
ports:
- port: 9116
targetPort: 9116
ConfigMap
Location: manifests/base/kube-prometheus-stack/snmp-exporter-configmap.yaml
Contains SNMP module configuration including:
- OID mappings
- Metric translations
- Walk configurations
- Synology-specific MIBs
Prometheus Integration
Scrape Configuration
Prometheus scrapes SNMP metrics via the exporter:
scrape_configs:
- job_name: 'snmp-nas'
static_configs:
- targets:
- 10.0.1.204 # Synology NAS
metrics_path: /snmp
params:
module: [synology] # Use synology SNMP module
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: snmp-exporter.default:9116
How It Works:
- Prometheus sends scrape request to snmp-exporter
- snmp-exporter queries NAS via SNMP
- snmp-exporter translates SNMP data to Prometheus metrics
- Prometheus stores the metrics
Collected Metrics
Storage Metrics
Disk Health:
diskTable- Disk status and healthdiskTemperature- Drive temperaturesdiskModel- Drive model information
Volume Metrics:
volumeTable- Volume statusvolumeSize- Total capacityvolumeFreeSize- Available spacevolumePercentUsed- Usage percentage
RAID Status:
raidTable- RAID array statusraidFreeSize- Available RAID capacityraidStatus- Health status
System Metrics
CPU and Memory:
systemCPU- CPU utilizationmemorySize- Total memorymemoryAvailable- Free memory
Temperature:
systemTemperature- System temperaturecpuFanStatus- Fan status and speedsystemFanStatus- Chassis fan status
Network Metrics
Interface Statistics:
ifInOctets- Incoming bytesifOutOctets- Outgoing bytesifInErrors- Receive errorsifOutErrors- Transmit errorsifSpeed- Link speed
iSCSI Metrics
Target Statistics:
iscsiTargetTable- iSCSI target statusiscsiLUNTable- LUN status and usageiscsiSessionTable- Active sessions
Grafana Dashboards
Synology NAS Dashboard
Location: Synology_Dashboard2.json
Panels Include:
- Storage capacity overview
- Disk health and temperature
- RAID status
- Network throughput
- System resource usage
- iSCSI performance
- Temperature trends
Import Dashboard:
- Access Grafana UI
- Navigate to Dashboards → Import
- Upload
Synology_Dashboard2.json - Select Prometheus datasource
- Import
Common Queries
Volume Usage:
(volumeSize - volumeFreeSize) / volumeSize * 100
Disk Temperature:
diskTemperature{disk="Disk 1"}
Network Throughput:
rate(ifInOctets{ifDescr="eth0"}[5m]) * 8
iSCSI LUN Usage:
iscsiLUNUsed / iscsiLUNSize * 100
Accessing the Exporter
Metrics Endpoint
Port Forward:
kubectl port-forward -n default svc/snmp-exporter 9116:9116
Query Metrics Directly:
curl http://localhost:9116/snmp?target=10.0.1.204&module=synology
Health Check:
curl http://localhost:9116/health
Testing SNMP Connectivity
From within cluster:
kubectl exec -n default deployment/snmp-exporter -- \
wget -qO- http://localhost:9116/snmp?target=10.0.1.204&module=synology | head -50
Troubleshooting
Check Pod Status
# View pod
kubectl get pods -n default | grep snmp-exporter
# Check logs (init container)
kubectl logs -n default deployment/snmp-exporter -c config-processor
# Check logs (main container)
kubectl logs -n default deployment/snmp-exporter -c snmp-exporter
Common Issues
No Metrics Returned
Symptoms:
- Empty metrics output
- SNMP exporter returns errors
Diagnosis:
# Check exporter logs
kubectl logs -n default deployment/snmp-exporter
# Test SNMP connection from pod
kubectl exec -n default deployment/snmp-exporter -- \
snmpwalk -v3 -l authPriv -u <username> -a SHA -A <auth-pass> \
-x AES -X <priv-pass> 10.0.1.204 system
Common Causes:
- SNMP not enabled on Synology NAS
- Incorrect credentials
- Firewall blocking SNMP (UDP 161)
- Wrong security level configuration
Solution:
- Verify SNMP enabled in DSM (Control Panel → Terminal & SNMP → SNMP)
- Check SNMPv3 user configured in DSM
- Verify credentials in secret match DSM
- Test network connectivity to NAS
Authentication Failures
Symptoms:
- Logs show "authentication failure"
- "Unknown user name" errors
Solution:
- Verify SNMPv3 user exists in Synology DSM
- Check username in secret:
kubectl get secret snmp-exporter-credentials -o yaml - Ensure auth/priv protocols match DSM configuration
- Recreate secret if credentials changed
Missing Specific Metrics
Symptoms:
- Some metrics present, others missing
- Incomplete disk or volume data
Common Causes:
- OID not in walk configuration
- Synology model differences
- Firmware version changes
Solution:
- Check ConfigMap for OID definitions
- Use
snmpwalkto discover available OIDs - Update ConfigMap with new OIDs if needed
- Restart deployment after ConfigMap changes
Configuration Changes
Update SNMP Module:
- Edit
manifests/base/kube-prometheus-stack/snmp-exporter-configmap.yaml - Commit and push changes
- ArgoCD will sync automatically
- Pod will restart with new configuration
Update Credentials:
- Edit secret file (git-crypt encrypted)
- Apply updated secret:
kubectl apply -f snmp-exporter-secret.yaml - Restart deployment:
kubectl rollout restart deployment/snmp-exporter -n default
Synology NAS Configuration
Enable SNMP on Synology DSM
- Log in to DSM (https://10.0.1.204:5001)
- Go to Control Panel → Terminal & SNMP
- Click SNMP tab
- Enable SNMPv3 service
- Create SNMPv3 user:
- Username: (configure as needed)
- Auth protocol: SHA
- Auth password: (set strong password)
- Priv protocol: AES
- Priv password: (set strong password)
- Apply settings
Firewall Configuration
Ensure Synology firewall allows SNMP from Kubernetes nodes:
- Control Panel → Security → Firewall
- Edit rules to allow UDP port 161 from cluster network
- Recommended: Restrict to cluster subnet (10.0.10.0/24)
Alerting
Recommended Alerts
Disk Temperature:
- alert: DiskHighTemperature
expr: diskTemperature > 50
for: 10m
annotations:
summary: "Disk {{ $labels.disk }} temperature high"
Volume Nearly Full:
- alert: VolumeHighUsage
expr: (volumeSize - volumeFreeSize) / volumeSize * 100 > 85
for: 5m
annotations:
summary: "Volume {{ $labels.volumeDescr }} is {{ $value }}% full"
RAID Degraded:
- alert: RAIDDegraded
expr: raidStatus != 1
for: 1m
annotations:
summary: "RAID array {{ $labels.raidName }} is degraded"
Updates and Maintenance
Updating SNMP Exporter
To update to a newer version:
- Update image version in deployment manifest
- Check release notes
- Test in non-production environment
- Commit and push
- ArgoCD deploys automatically
Example:
image: prom/snmp-exporter:v0.27.0 # Update from v0.26.0
MIB Updates
If Synology releases firmware updates with new MIBs:
- Download updated MIB files from Synology
- Generate new SNMP exporter configuration
- Update ConfigMap with new OIDs
- Test metrics collection
- Commit changes
Performance Considerations
Scrape Interval
Current: 30s (standard Prometheus default)
Considerations:
- SNMP queries are lightweight
- 30s provides good resolution for storage metrics
- Can be reduced to 15s for more frequent updates
- Increase if NAS load becomes a concern
Resource Usage
Typical:
- CPU: ~20-30m
- Memory: ~40-50Mi
- Network: Minimal (SNMP queries are small)
Limits:
- Set conservatively for Pi cluster
- Monitor actual usage and adjust if needed
Migration History
Date: December 2025
SNMP exporter was added to provide comprehensive NAS monitoring:
Changes:
- Deployed SNMP exporter for Synology DS925+
- Configured SNMPv3 with authentication and privacy
- Added comprehensive OID mappings for storage, system, network, and iSCSI metrics
- Created Grafana dashboard for NAS visualization
- Integrated with existing Prometheus stack
- Implemented secure credential management