Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[target-allocator] Populate store assets (authorization information) for Prometheus CR watcher #1710

Merged
merged 15 commits into from
Jun 28, 2023

Conversation

matej-g
Copy link
Contributor

@matej-g matej-g commented May 4, 2023

Resolves #1669.

This change adds logic to populate the so-called store assets - this includes information from service and pod monitors that relates to authorization information (e.g. basic auth, bearer token, TLS) - in order to propagate these information to scrape configs. Currently, this logic is not implement, resulting in scrape configurations missing proper credentials.

This PR also adds tests for the LoadConfig method for the Prometheus CR watcher.

matej-g added 5 commits May 4, 2023 11:30
Add context parameter to to LoadConfig method in perparation to use K8s client in the method.

Signed-off-by: Matej Gera <matej.gera@coralogix.com>
Add K8s client and logger, in preparation for obtaining service / pod monitor sotore assets.

Signed-off-by: Matej Gera <matej.gera@coralogix.com>
…tors

Signed-off-by: Matej Gera <matej.gera@coralogix.com>
Signed-off-by: Matej Gera <matej.gera@coralogix.com>
Signed-off-by: Matej Gera <matej.gera@coralogix.com>
@matej-g matej-g force-pushed the prometheus-cr-auth branch from 4dc5200 to d17ed35 Compare May 4, 2023 13:32
@matej-g matej-g marked this pull request as ready for review May 4, 2023 13:45
@matej-g matej-g requested review from a team May 4, 2023 13:45
Copy link
Contributor

@jaronoff97 jaronoff97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few questions... also, were you able to test this in a real cluster to confirm this works as expected?

cmd/otel-allocator/watcher/promOperator.go Outdated Show resolved Hide resolved
// based on the service monitor and endpoints specs.
// This code borrows from
// https://github.com/prometheus-operator/prometheus-operator/blob/06b5c4189f3f72737766d86103d049115c3aff48/pkg/prometheus/resource_selector.go#L73.
func (w *PrometheusCRWatcher) addStoreAssetsForServiceMonitor(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the method you linked is a public method, are we unable to use it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah maybe because we don't want to make a whole resource selector. Interested in your perspective here :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was considering use those public methods, but eventually decided to borrow some of the code, because 1) as you said we would need to build the whole resource selector; 2) the methods for monitors seem to do extra stuff (whole selection and validation of monitors), whereas here we wanted to just populate the store.

However, now that you point this out, and as I noticed these methods were recently exported, it might be a good opportunity to replace this whole part of the watcher logic directly with the resource selector methods. We could get that extra validation etc. for free, but perhaps first I'd ensure those methods will result in correct selection of monitors for our purposes.

What do you think about doing this as a follow up work?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's a great idea for some followup – i love anything that allows us to delete code :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do it 👍 I'll open an issue for this to ensure it won't go unaddressed.

@matej-g
Copy link
Contributor Author

matej-g commented May 4, 2023

@jaronoff97 forgot to add in the description - in addition to adding unit tests, I also tested this locally on a test cluster, with expected results, see resulting scrape config for an example service monitor with basic auth (checked in browser):

Screenshot 2023-05-04 at 16 18 33

@jaronoff97
Copy link
Contributor

jaronoff97 commented May 4, 2023

@matej-g awesome! how does this work with secret mounting? does the collector need to mount a secret volume or does the TA need to? Thinking we may want to update docs to reflect this.

Copy link
Contributor

@jaronoff97 jaronoff97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM. I want another review from @open-telemetry/operator-ta-maintainers before it's g2g.

}
return labels.SelectorFromSet(s)
}

// getInformers returns a map of informers for the given resources.
func getInformers(factory informers.FactoriesForNamespaces) (map[string]*informers.ForResource, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thought: we should open an issue for adding in the new scrape config CRD and maybe the probe CRD too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed 👍 I'll open an issue for this.

// based on the service monitor and endpoints specs.
// This code borrows from
// https://github.com/prometheus-operator/prometheus-operator/blob/06b5c4189f3f72737766d86103d049115c3aff48/pkg/prometheus/resource_selector.go#L73.
func (w *PrometheusCRWatcher) addStoreAssetsForServiceMonitor(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's a great idea for some followup – i love anything that allows us to delete code :)

@jaronoff97
Copy link
Contributor

@matej-g looks like a bad git merge 😅

@matej-g
Copy link
Contributor Author

matej-g commented Jun 21, 2023

Yup, forgot to save 🤦, should be good now though. Seems like there's an unrelated failure in the test (https://github.com/open-telemetry/opentelemetry-operator/actions/runs/5324102167/jobs/9642911432?pr=1710#step:5:1268)

@pavolloffay
Copy link
Member

@matej-g could you please rebase?

@TylerHelmuth TylerHelmuth added the ready-to-merge Code review completed; ready to merge by maintainers label Jun 22, 2023
@matej-g
Copy link
Contributor Author

matej-g commented Jun 28, 2023

cc @open-telemetry/operator-ta-maintainers this should finally be good to merge, thank you 🙇

@jaronoff97 jaronoff97 merged commit 0bce4bb into open-telemetry:main Jun 28, 2023
ItielOlenick pushed a commit to ItielOlenick/opentelemetry-operator that referenced this pull request May 1, 2024
…for Prometheus CR watcher (open-telemetry#1710)

* Adjust Watcher interface

Add context parameter to to LoadConfig method in perparation to use K8s client in the method.

Signed-off-by: Matej Gera <matej.gera@coralogix.com>

* Enhance the Prometheus CR watcher struct

Add K8s client and logger, in preparation for obtaining service / pod monitor sotore assets.

Signed-off-by: Matej Gera <matej.gera@coralogix.com>

* Adds methods and logic to obtain store assets from service / pod monitors

Signed-off-by: Matej Gera <matej.gera@coralogix.com>

* Add unit tests for Promtehus CR watcher

Signed-off-by: Matej Gera <matej.gera@coralogix.com>

* Add changelog

Signed-off-by: Matej Gera <matej.gera@coralogix.com>

* Add disclaimer about secrets in the readme

Signed-off-by: Matej Gera <matejgera@gmail.com>

* Fix store param and tests after branch update

Signed-off-by: Matej Gera <matejgera@gmail.com>

* Fix botched merge

Signed-off-by: Matej Gera <matejgera@gmail.com>

---------

Signed-off-by: Matej Gera <matej.gera@coralogix.com>
Signed-off-by: Matej Gera <matejgera@gmail.com>
Co-authored-by: Jacob Aronoff <jaronoff97@users.noreply.github.com>
Co-authored-by: Tyler Helmuth <12352919+TylerHelmuth@users.noreply.github.com>
Co-authored-by: Pavol Loffay <p.loffay@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ready-to-merge Code review completed; ready to merge by maintainers
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Target Allocator - ServiceMonitor scheme
5 participants