New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Thanos tenancy proxy for rules #5897
Add Thanos tenancy proxy for rules #5897
Conversation
The Thanos querier deployment exposes a tenancy-aware service for recording and alerting rules. It is exposed via a different port than the existing tenancy-aware service for queries because it requires different permissions to be granted. This change modifies the console bridge to make this service available to the console users. Signed-off-by: Simon Pasquier <spasquie@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @simonpasquier,
I verified the changes and in in-cluster
mode and for endpoint /api/prometheus-tenancy/api/v1/rules?namespace=ns1
we get response as below as expected
{
status: 'success',
data: {
groups: [
{
name: 'example',
file: '/etc/thanos/rules/thanos-ruler-user-workload-rulefiles-0/ns1-example-alert.yaml',
rules: [
{
name: 'VersionAlert',
query: 'version{job="prometheus-example-app",namespace="ns1"} == 0',
duration: 1,
labels: {
namespace: 'ns1',
},
annotations: {},
alerts: [
{
labels: {
alertname: 'VersionAlert',
endpoint: 'web',
instance: '10.129.2.10:8080',
job: 'prometheus-example-app',
namespace: 'ns1',
pod: 'prometheus-example-app-57d8c46fb9-2w8fw',
prometheus: 'openshift-user-workload-monitoring/user-workload',
service: 'prometheus-example-app',
version: 'v0.1.0',
},
annotations: {},
state: 'FIRING',
activeAt: '2020-07-07T15:32:45.389025513Z',
value: '0e+00',
},
],
health: 'ok',
type: 'alerting',
},
{
name: 'VersionRule',
query: 'version{job="prometheus-example-app",namespace="ns1"}',
labels: {
namespace: 'ns1',
},
health: 'ok',
type: 'recording',
},
],
interval: 15,
},
],
},
}
however in off-cluster
i:e localhost this endpoint api/prometheus-tenancy/api/v1/rules?namespace=ns1
return cluster wide rules instead of per namespace.
We need this service for Monitoring work for 4.6. |
cc @paulfantom for a review from the monitoring team. |
LGTM, leaving final |
/lgtm |
Thanks @paulfantom , @spadgett needed your help with review cc @vikram-raj |
/assign @spadgett |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: paulfantom, simonpasquier, spadgett The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The Thanos querier deployment exposes a tenancy-aware service for
recording and alerting rules. It is exposed via a different port than
the existing tenancy-aware service for queries because it requires
different permissions to be granted.
This change modifies the console bridge to make this service available
to the console users.
cc @kyoto @vikram-raj