DevOps hands-on Lab: How to Provision and Monitor UpCloud Kubernetes Cluster using Prometheus and Grafana with Helm Charts

Step-by-step tutorial on monitoring UpCloud Kubernetes clusters with Prometheus metrics and Grafana dashboards using Helm charts. Includes Terraform automation and security best practices . Learn how to provision robust clusters, monitor performance metrics with Prometheus, and visualize data like a pro using Grafana. Your ultimate guide to seamless Kubernetes operations.

12 min readMar 25, 2025

If you are not a medium member, here is the friendly link access

DevOps hands-on Lab: How to Provision and Monitor UpCloud Kubernetes Cluster using Prometheus and Grafana by Joel Wembo and prodxcloud — DevOps hands-on Lab: How to Provision and Monitor UpCloud Kubernetes Cluster using Prometheus and Grafana .

In this comprehensive guide, we’ll walk through deploying a production-ready monitoring stack on UpCloud’s Kubernetes service. Starting from cluster provisioning using upctlWe’ll:

Deploy a sample NGINX application exposed via LoadBalancer
Set up Prometheus for metrics collection and Grafana for visualization using Helm
Configure secure access and discuss best practices for scaling

This lab is designed for DevOps teams who want to implement observability quickly while following cloud-native best practices. By the end of this tutorial, you will have a fully functional monitoring stack for your Kubernetes workloads.

· 🛠️ Prerequisites
· Step 1. Kubernetes Cluster Creation
∘ Option A: Create Cluster via UpCloud Dashboard
∘ 🎉 UpCloud Cluster Successfully Provisioned!
∘ Option B: Terraform Automation
· Step 2: Setting Up UpCloud API Keys & Permissions
∘ Part 1: Install the UpCloud CLI (upctl)
∘ Part 2: Create & Secure Your API Key
∘ Part 3: Authenticate upctl
∘ Deploy NGINX To Kubernetes Cluster with a Load Balancer Service
∘ Create an NGINX Deployment
· Step 3: Deploying Prometheus & Grafana with Helm
∘ First, Install Helm
∘ Add the Official Chart Repositories
∘ Deploy Prometheus with RBAC
∘ Deploy Grafana (With Secure Defaults)
∘ Verify Everything Works

🚀 Exclusive UpCloud Offer — Get Started with a Discount!
Looking for high-performance cloud hosting with faster speeds, better reliability, and competitive pricing? UpCloud is the perfect choice!
🎉 Sign up today and claim your special discount on your first deposit! 50€ free credits and 30 days extended trial Click here to register now!
👉 Start with a free trial and experience the difference!

Frustrated by AWS’s steep learning curve? UpCloud offers one-click Kubernetes, transparent pricing, and European-grade performance — all through a UI you can master in one afternoon.

We selected UpCloud as our preferred cloud platform, combining AWS-grade reliability with simpler pricing and more intuitive Kubernetes tools — perfect for teams wanting enterprise power without enterprise complexity.

🛠️ Prerequisites

Before starting, ensure you have:
✅ UpCloud account (Sign up here)
✅ upctl CLI installed (UpCloud’s official CLI)
✅ kubectl and helm configured
✅ Basic familiarity with Kubernetes concepts

For readers looking to extend this setup, we’ve prepared production-grade templates in our Fullstack DevOps Handbook repository:

Source code : https://github.com/prodxcloud/fullstack-devops-cloud-ai-complete-handbook/

Step 1. Kubernetes Cluster Creation

Option A: Create Cluster via UpCloud Dashboard

Log in to UpCloud Control Panel
Navigate to Kubernetes → Create Cluster
Configure:

Name: prodxcloud-cluster-dev
Zone: us-sjo1 (Silicon Valley)
Network: 10.0.1.0/24 (Auto-created
Node Groups:
worker-pool: 3 nodes, 2xCPU-4GB
monitoring-pool: 2 nodes, 4xCPU-8GB (for Prometheus/Grafana)

Now, configure your Kubernetes cluster according to your preferences by selecting the availability zone, a private network, and node groups.

Now, pick a Private Network for your worker nodes. Here are a few quick tips:

Choose a network in the same zone as your cluster (e.g., us-sjo1).
The network can’t be linked to another cluster or have a router attached.
Keep DHCP enabled, but disable the default route from DHCP.
For the IP range, something like 10.0.1.0/24 works perfectly.

Pro Tip: Under the network settings, you’ll also select your Kubernetes version. Unless your apps need an older version, always go with the newest stable release — it’s the best way to ensure security patches and cool new features!

A node group is a group of workers with identical image templates. You can have multiple node groups with differing configurations and usages.

In the next section, you have the option to enable API access to the cluster from any specific IP address or range. It’s also possible to remove all IP restrictions from the API access, e.g., for troubleshooting.

Then, create a node group or use the default node group.

Click Deploy Cluster (takes ~5 minutes)

🎉 UpCloud Cluster Successfully Provisioned!

Your UpCloud Kubernetes cluster is now ready! Here’s what you’ve got:

Control Plane: Managed by UpCloud (no patching needed!).
Node Groups: Worker nodes are online with the specs you chose (e.g., 3x 2xCPU-4GB).
Connected Services:
Private SDN network (10.0.1.0/24) for secure pod-to-pod traffic.
Built-in load balancers (when you expose services).
Labels: Nodes are auto-labeled role=worker (Handy for scheduling Prometheus/Grafana later.)

This view lists resources connected to the cluster. A connected resource can be, for example, a load balancer automatically created as a result of exposing a service with LoadBalancer type. The connection is determined based on labels added to the resources during the creation, such as capu_cluster_id.

UpCloud Kubernetes Cluster Connected resources

Option B: Terraform Automation

# main.tf
terraform {
  required_providers {
    upcloud = {
      source = "upcloudltd/upcloud"
      version = "2.4.0"
    }
  }
}

provider "upcloud" {
  username = "prodxcloud"
  password = ""
}

resource "upcloud_kubernetes_cluster" "monitoring" {
  name        = "prod-monitoring-cluster"
  zone        = "us-sjo1"
  network     = "10.0.1.0/24"
  
  node_group {
    name    = "worker-pool"
    count   = 3
    plan    = "2xCPU-4GB"
    labels  = {
      role = "worker"
    }
  }

  node_group {
    name    = "monitoring-pool"
    count   = 2
    plan    = "4xCPU-8GB"
    labels  = {
      role = "monitoring"
    }
  }
}

Apply with:

export UPCLOUD_USER="your@email.com"
export UPCLOUD_PASSWORD="your-password"
terraform init
terraform apply

Step 2: Setting Up UpCloud API Keys & Permissions

Part 1: Install the UpCloud CLI (`upctl`)

Get ready to control your cluster from the command line!

For Linux/macOS:

# Download and install (Linux)
curl -sL https://github.com/UpCloudLtd/upcloud-cli/releases/latest/download/upctl-linux-amd64 -o upctl
chmod +x upctl
sudo mv upctl /usr/local/bin/

# Or use Homebrew (macOS/Linux)
brew install upcloud/tap/upctl

For Windows (PowerShell):

# Download executable
Invoke-WebRequest -Uri "https://github.com/UpCloudLtd/upcloud-cli/releases/latest/download/upctl-windows-amd64.exe" -OutFile "upctl.exe"

# Add to PATH (optional)
Move-Item -Path .\upctl.exe -Destination "C:\Windows\System32\"

Verify that it works:

upctl version

Part 2: Create & Secure Your API Key

We recommend creating a separate workspace username and password for every API integration for easier access control. To do so, go to your UpCloud Control Panel under the People section.

Click the Create subaccount button
Choose your API username
Set the API password
Enter the contact details for your API credentials
When set, click the Create subaccount button to save
Next, go to the Permissions tab and enable API access in the permissions
Grant the permissions to the resources you want to manage

You can find more detailed instructions on API credentials in our tutorial for getting started with UpCloud API.

Part 3: Authenticate `upctl`

# Method 1: One-time login (interactive)
upctl account login --with-token
# Paste your token when prompted

# Method 2: Environment variable (great for scripts)
export UPCLOUD_TOKEN="your-token-here"

The kubeconfig file is a convenient way to organize information about clusters, users, namespaces, and authentication mechanisms. UpCloud provides you with a separate kubeconfig file for each of your clusters. You can configure the kubeconfig file, for example, with our command-line client or by downloading the kubeconfig file manually.

upctl kubernetes config 0d22999b-6008-4e2d-af9e-9bc9ec655d62 --write prodxcloud-cluster-dev_kubeconfig.yaml

UpCloud KubeConfig

Quick test:

upctl kubernetes list

kubectl get nodes
kubectl get pods

While we’ve used kubectl for most operations, we also tested everything in Lens IDE—the Kubernetes dashboard that feels like a superpower. Here’s why it’s handy:

One-click access to your UpCloud cluster (just import the kubeconfig)
Real-time metrics for nodes/pods (no Prometheus setup needed for basic monitoring)

How we used it:

Installed Lens (it’s free!)
Went to File → Add Cluster and pasted our ~/.kube/upcloud-config

Deploy NGINX To Kubernetes Cluster with a Load Balancer Service (Optional)

Kubernetes (K8s): The industry-standard container orchestration platform that automates deployment, scaling, and management of containerized applications.
Helm: Kubernetes’ package manager that simplifies deploying complex applications using reusable configurations called charts

UpCloud supports Kubernetes LoadBalancer services out of the box, which automatically provisions a public-facing IP.

Create an NGINX Deployment

kubectl create deployment nginx --image=nginx:latest
kubectl expose deployment nginx --port=80 --type=LoadBalancer

Kubernetes deployment of nginx with Load Balancer using Upcloud managed Kubernetes Cluster

🔍 Why Prometheus + Grafana?

While Kubernetes manages your applications, you need real-time visibility into their performance. That’s where this dynamic duo shines:

Prometheus acts as your cluster’s “black box recorder,” continuously scraping and storing metrics like CPU usage, memory pressure, and API latency.
Grafana transforms those raw metrics into actionable dashboards, helping you spot trends, troubleshoot slowdowns, and prevent outages before they happen.

Step 3: Deploying Prometheus & Grafana with Helm

First, Install Helm

The package manager for Kubernetes — think “apt-get for your cluster”.

# Install Helm in one command (Linux/macOS)
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

# Verify installation
helm version
# Should show: v3.12.0 or later

Add the Official Chart Repositories

We’re getting the recipes straight from the source.

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update  # Always do this!

Deploy Prometheus with RBAC

Now the magic begins — notice the RBAC auto-configuration!

helm install prometheus prometheus-community/prometheus \
  --namespace monitoring \
  --create-namespace \
  --set server.service.type=LoadBalancer \
  --set server.serviceAccount.create=true \  # ← RBAC magic
  --set alertmanager.enabled=false  # Disable if not needed

What this does:
✅ Creates dedicated monitoring namespace
✅ Auto-generates ServiceAccount with least privileges
✅ Exposes Prometheus UI via LoadBalancer

Deploy Grafana (With Secure Defaults)

Dashboards shouldn’t mean open doors.

helm install grafana grafana/grafana \
  --namespace monitoring \
  --set service.type=LoadBalancer \
  --set serviceAccount.create=true \  # ← More RBAC goodness
  --set adminPassword='Grafana-Admin-123!' \  # Change this!
  --set persistence.enabled=true  # So your dashboards survive restarts

Verify Everything Works

Trust but verify — here’s your checklist:

# Check pods
kubectl get pods -n monitoring -w
# Should show: prometheus-server-* and grafana-* running

# Get your Grafana password (if you forgot)
kubectl get secret --namespace monitoring grafana -o jsonpath="{.data.admin-password}" | base64 --decode

# Find LoadBalancer IPs
kubectl get svc -n monitoring | grep LoadBalancer

Go to your Upload Control Plane to check for the complete details of the running Load Balancers.

Managed Load Balancer enables you to distribute traffic across multiple servers. Each load balancer sits between client devices and backend servers, receiving and then distributing incoming requests to any available server capable of fulfilling them

Load Balancers in UpCloud Kubernetes Deployment

🚀 Your Monitoring Stack Is Live!

Head to your Prometheus LoadBalancer URL (find it with kubectl get svc -n monitoring prometheus-server). The moment it loads, start exploring metrics in the "Graph" tab – try simple queries node_memory_Active_bytes to see real-time memory usage. The built-in autocomplete makes discovering metrics a breeze, and don't miss the "Status > Targets" page to verify that all your resources are being scraped correctly.

***UpCloud Prometheus LoadBalancer URL***

Access your Grafana instance using its LoadBalancer IP (check with kubectl get svc -n monitoring grafana) and log in with the admin credentials you set during installation. Click "Create your first dashboard" to visualize Prometheus metrics – start by plotting container CPU usage or network traffic. Remember to save your creations and consider importing popular dashboard templates later from Grafana's public library for more advanced monitoring.

UpCloud Prometheus and Grafana with Helm Charts

In this hands-on guide, we’ve transformed your UpCloud Kubernetes cluster into a fully observable environment using production-grade monitoring tools. By deploying Prometheus for metrics collection and Grafana for visualization via Helm charts, you’ve built a powerful monitoring stack that’s both scalable and secure.

Key achievements include:
✔ Automated provisioning of monitoring tools with Helm for easy management
✔ Secure exposure of services through UpCloud Load Balancers
✔ RBAC-enabled deployments following Kubernetes security best practices
✔ Actionable dashboards ready for custom metrics and alert creation

This implementation gives you complete visibility into your cluster’s performance while maintaining enterprise-grade security. The integration provides the foundation for:

Proactive issue detection through custom alerts
Capacity planning with historical metrics
Team collaboration via shareable Grafana dashboards

Ready to optimize further? Consider adding:
🔹 Loki for centralized logging
🔹 Alertmanager for notification routing
🔹 Custom metrics from your applications

By following these Kubernetes monitoring best practices on UpCloud, you’re now equipped to maintain high availability, troubleshoot faster, and make data-driven decisions for your cloud-native infrastructure.

For readers looking to extend this setup, we’ve prepared production-grade templates in our Fullstack DevOps Handbook repository:

📁 GitHub Repository:
https://github.com/prodxcloud/fullstack-devops-cloud-ai-complete-handbook

Want to share your implementation or need help scaling your monitoring? Join our DevOps community in the comments! 🚀

Thank You for Reading! 🙌

I truly appreciate your taking the time to go through this guide. If you found it helpful, please follow, CLAP 👏, SUBSCRIBE, and share it with others who might benefit. Your support means a lot and keeps me motivated to create more useful content!

📢 Want more cloud and DevOps insights? Subscribe to my Medium for the latest updates!

About Me

I’m Joel Wembo, a Cloud Solutions Architect and DevOps Engineer at ProdxCloud, specializing in cloud infrastructure, DevOps, and high-availability solutions.

🔗 Connect with me: LinkedIn | GitHub | Twitter | Portfolio