-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Kube-Prometheus-Stack monitoring #10
Comments
thanks for your suggestion. I wasn't aware that the metrics are now exposed. Will try to incooperate the proposed changes next week |
I made a first draft (Did not tried it yet). Also the grafana and alerting is missing. Regarding the "subnet" allow list I'm a little unsure. I don't see a benefit of this setting. If you allow the service subnet it would also be accessible via the ingress. Then you have to also block it ingress-specific. Sounds a little to complicated. Why not just checking the HTTP Request Header for What do you think? |
Well, not everything is Kubernetes and never ever trust that header without previously whitelisting the proxies which can send that header (which then would be just another setting configuring IPs / Subnets) aside of that in some scenarios you just don't have that header / the real IP. That setting is to - by default - cover up the metrics handler. Just ensure that |
yeah, that's correct. The problem is that the there is no ingress-indepent configuration option for that I made a simple, but not really elegent approach: ots-helm-chart/chart/templates/ingress.yaml Lines 45 to 52 in b098a83
|
@Luzifer with the latest release I still get issues with Prometheus:
I think this needs to be handled at your side, see #11 (comment) |
With release
v1.10.0
OTS gained Prometheus metrics export which can be scraped by the Kube-Prometheus-Stack in an automated way without the OPS having to configure that themselves.Acceptance Criteria
/metrics
on the pods.Values
(default:enabled = false
)metricsAllowedSubnets
should automatically be enabled for cluster-local access (usual setup is to have the cluster run on10.0.0.0/8
so allowing that should be sufficient though this almost certainly also exposes the metrics to the public so there needs to be a blocker in the ingress to block access to/metrics
)As a side-effect of enabling the
metricsAllowedSubnets
in customizations it might be a good idea to provide a map in the Values to set customization options which then are{{ .Values.customizations | toYaml }}
rendered into a config-map (after being joined with the chart-set customizations) and mounted into the pod.The text was updated successfully, but these errors were encountered: