New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MON-2967: CMO deploys monitoring console-plugin #1890
MON-2967: CMO deploys monitoring console-plugin #1890
Conversation
Testing it locally
|
91ef19f
to
09fc64f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2 questions/remarks from me:
- for consistency we should aim at generating the assets from jsonnet.
- is there any authn/authz for the console plugin deployment?
21ffc8a
to
a9b319f
Compare
7ad14ef
to
f7940f0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this looks good.
@simonpasquier raised a good point in a chat earlier:
We have several options that can apply to most CMO components. It might be worth discussing which we should add intitally or which could be added in a follow-up PR.
- nodeSelector
Most components can be moved to specific nodes. This should probably apply to the console plugin deployment as well? - Same for tolerations.
- TopologySpreadConstraints are worth considering for high availability purposes.
- Setting logging levels doesn't apply iiuc.
I mostly just want to bring this up so we can discuss. I'd prefer to merge this PR and add the above in follow-ups. If some of those make it into 4.13, great! If not I could live with a later addition.
reiterating my question from earlier: is there any authn/authz for the console plugin service? If not, does it mean that any user who's able to run a pod in the cluster can get access to the monitoring APIs? |
From #1890 (review)
I'd consider tolerations & node selector to be a must because some users have a requirement to separate infrastructure workloads from user workloads. |
@kyoto could you please help answer the concern that Simon raised?
|
@simonpasquier The Service we're adding is just for serving the plugin's resources (JavaScript, CSS) as described in https://github.com/openshift/enhancements/blob/master/enhancements/console/dynamic-plugins.md#delivering-plugins Once the new plugin frontend code is installed and running, it accesses Thanos and Alertmanager in the same way as the old Console code. Does that answer your question? |
ba80b46
to
1be089f
Compare
I didn't see a log-level that we can set since the plugin iiuc, is only an nginx that serves static content (js+css) |
/retitle [WIP] MON-2967: CMO deploys monitoring console-plugin |
@sthaha: This pull request references MON-2967 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest-required |
240e67c
to
0214352
Compare
61e83e9
to
c9550fa
Compare
@sthaha: This pull request references MON-2967 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@sthaha: This pull request references MON-2967 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
c9550fa
to
ee9defa
Compare
/lgtm |
ee9defa
to
b9174c5
Compare
@sthaha: This pull request references MON-2967 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@sthaha: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jan--f, simonpasquier, sthaha The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/skip |
/label jira/valid-bug |
This PR deploy the new monitoring console plugin