-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for RemoteWrite CRD #6508
Comments
I've heard about this use case for remote-write before so I'd be inclined to say yes. I'm more curious about the remote-read use caes, can you provide more details about it?
I suppose that you mean the operator should automatically add a relabeling config dropping all metrics without a |
If the RemoteWrite is namespaced and is only supposed to export metrics from its own namespace, there would also be a relabel config in the final generated config I see. But is there a reason why it should be namespaced? Edit: Similar to what we already have with the relabeling configs for remote write in the Prometheus CR. |
Actually, I only want RemoteWrite CR; I suggested RemoteRead CR because it seems unnatural that RemoteWrite exists but RemoteRead CR does not.
Yes, it is. However, it may not be necessary. The behavior may be confusing to users. Also, if it is necessary to do so, cluster-admin can accomplish this by mutating the writeRelabelConfigs field of the RemoteWrite CR with admission webhook.
This is because users generally cannot create cluster-wide resources in a multi-tenant cluster. |
FWIW we already have Regarding RemoteRead, I would leave it out unless we have a concrete use case. It can still be implemented later if needed. To move it forward, I'd suggest to file a design proposal following https://prometheus-operator.dev/docs/prologue/contributing/#proposal-process |
fyi I've removed RemoteRead from the issue title to clarify the scope. |
Amazing idea 👏🏽 |
I'm a bit concerned about "metrics highjacking", where someone could steal metrics from a Prometheus instance by deploying a RemoteWrite CRD. I don't mean to mention this as a blocker, but maybe something we need to consider during the proposal |
We'd also benefit from having a Let me give you some context on why this is valuable to us. We have a cloud hosted metric store that we ship metrics to via remote write. However, we don't wish to ship all metrics to this cloud store, mostly due to cost-based issues- in these cases, we'll ship an aggregated form of these metrics, generated via recording rules. So we use relabeling rules on the Unfortunately without this |
Component(s)
Prometheus
What is missing? Please describe.
I would like to allow users to add arbitrary RemoteWrite/Read configs to Prometheus.
Scenario: cluster-admin provides a managed Prometheus server to users using Prometheus CR. This Prometheus CR can only be modified by cluster-admin. The user adds config to the Prometheus server using a RemoteWrite CR to forward metrics to an external managed Prometheus service.
Since RemoteWrite/Read CR are namespaced resources, it may be better to limit the target metrics to the namespace in which the object was created.
Describe alternatives you've considered.
None.
Environment Information.
Environment
Kubernetes Version:
Prometheus-Operator Version:
The text was updated successfully, but these errors were encountered: