Skip to content

MON-3134: allow to query alerts from thanos-querier tenancy port #2184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 7, 2023
Merged

MON-3134: allow to query alerts from thanos-querier tenancy port #2184

merged 1 commit into from
Dec 7, 2023

Conversation

slashpai
Copy link
Member

@slashpai slashpai commented Dec 6, 2023
edited
Loading

Allows to query alerts of application
namespaces as an application user.

  • I added CHANGELOG entry for this change.
  • No user facing changes, so no entry in CHANGELOG was needed.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 6, 2023
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Dec 6, 2023
edited by openshift-ci bot
Loading

@slashpai: This pull request references MON-3134 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.15.0" version, but no target version was set.

In response to this:

Allows to query alerts and rules of application
namespaces as an application user.

Tested locally by port forwarding the tenancy port

From terminal 1

oc port-forward svc/thanos-querier 9092

From terminal 2
Following https://docs.openshift.com/container-platform/4.14/monitoring/accessing-third-party-monitoring-apis.html

░▒▓    ~  curl -G -s -k -H "Authorization: Bearer $token"  "https://localhost:9092/api/v1/alerts?namespace=openshift-monitoring"
{"status":"success","data":{"alerts":[{"labels":{"alertname":"Watchdog","namespace":"openshift-monitoring","severity":"none"},"annotations":{"description":"This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n","summary":"An alert that should always be firing to certify that Alertmanager is working properly."},"state":"firing","activeAt":"2023-12-06T04:43:53.913490184Z","value":"1e+00"},{"labels":{"alertname":"AlertmanagerReceiversNotConfigured","namespace":"openshift-monitoring","severity":"warning"},"annotations":{"description":"Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.","summary":"Receivers (notification integrations) are not configured on Alertmanager"},"state":"firing","activeAt":"2023-12-06T04:44:43.013474132Z","value":"0e+00"}]}}

░▒▓    ~  curl -G -s -k -H "Authorization: Bearer $token"  "https://localhost:9092/api/v1/alerts"
Bad Request. The request or configuration is malformed.

░▒▓    ~  curl -G -s -k -H "Authorization: Bearer $token"  "https://localhost:9092/api/v1/rules"
Bad Request. The request or configuration is malformed.

░▒▓    ~  curl -G -s -k -H "Authorization: Bearer $token"  "https://localhost:9092/api/v1/rules?namespace=openshift-monitoring"
{"status":"success","data":{"groups":[{"name":"general.rules","file":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0/openshift-monitoring-cluster-monitoring-operator-prometheus-rules-cd59ec39-eacd-46ba-97a8-7c47dd8249fb.yaml","rules":[{"name":"Watchdog","query":"vector(1)","duration":0,"labels":{"namespace":"openshift-monitoring","prometheus":"openshift-monitoring/k8s","severity":"none"},"annotations":{"description":"This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n","summary":"An alert that should always be firing to certify that Alertmanager is working properly."},"alerts":[{"labels":{"alertname":"Watchdog","namespace":"openshift-monitoring","severity":"none"},"annotations":{"description":"This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n","summary":"An alert that should always be firing to certify that Alertmanager is working properly."},"state":"firing","activeAt":"2023-12-06T04:43:53.913490184Z","value":"1e+00"}],"health":"ok","type":"alerting"}],"interval":30},{"name":"openshift-kubernetes.rules","file":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0/openshift-monitoring-cluster-monitoring-operator-prometheus-rules-cd59ec39-eacd-46ba-97a8-7c47dd8249fb.yaml","rules":[{"name":"AlertmanagerReceiversNotConfigured","query":"cluster:alertmanager_integrations:max == 0","duration":600,"labels":{"namespace":"openshift-monitoring","prometheus":"openshift-monitoring/k8s","severity":"warning"},"annotations":{"description":"Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.","summary":"Receivers (notification integrations) are not configured on Alertmanager"},"alerts":[{"labels":{"alertname":"AlertmanagerReceiversNotConfigured","namespace":"openshift-monitoring","severity":"warning"},"annotations":{"description":"Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.","summary":"Receivers (notification integrations) are not configured on Alertmanager"},"state":"firing","activeAt":"2023-12-06T04:44:13.013474132Z","value":"0e+00"}],"health":"ok","type":"alerting"}],"interval":30},{"name":"kube-state-metrics","file":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0/openshift-monitoring-kube-state-metrics-rules-f602ee94-ef44-4af1-b101-2b226d14f7f7.yaml","rules":[{"name":"KubeStateMetricsListErrors","query":"(sum by (cluster) (rate(kube_state_metrics_list_total{job=\"kube-state-metrics\",result=\"error\"}[5m])) / sum by (cluster) (rate(kube_state_metrics_list_total{job=\"kube-state-metrics\"}[5m]))) \u003e 0.01","duration":900,"labels":{"namespace":"openshift-monitoring","prometheus":"openshift-monitoring/k8s","severity":"warning"},"annotations":{"description":"kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all.","summary":"kube-state-metrics is experiencing errors in list operations."},"alerts":[],"health":"ok","type":"alerting"},{"name":"KubeStateMetricsWatchErrors","query":"(sum by (cluster) (rate(kube_state_metrics_watch_total{job=\"kube-state-metrics\",result=\"error\"}[5m])) / sum by (cluster) (rate(kube_state_metrics_watch_total{job=\"kube-state-metrics\"}[5m]))) \u003e 0.01","duration":900,"labels":{"namespace":"openshift-monitoring","prometheus":"openshift-monitoring/k8s","severity":"warning"},"annotations":{"description":"kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all.","summary":"kube-state-metrics is experiencing errors in watch operations."},"alerts":[],"health":"ok","type":"alerting"}],"interval":30}]}}
  • I added CHANGELOG entry for this change.
  • No user facing changes, so no entry in CHANGELOG was needed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 6, 2023
@openshift-ci openshift-ci bot requested review from marioferh and rexagod December 6, 2023 08:07
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 6, 2023
@slashpai slashpai force-pushed the thanos_tenancy_alerts branch from 3bfeacd to 40062f5 Compare December 7, 2023 07:06
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Dec 7, 2023
edited by openshift-ci bot
Loading

@slashpai: This pull request references MON-3134 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.15.0" version, but no target version was set.

In response to this:

Allows to query alerts of application
namespaces as an application user.

Tested locally by port forwarding the tenancy port

From terminal 1

oc port-forward svc/thanos-querier 9092

From terminal 2
Following https://docs.openshift.com/container-platform/4.14/monitoring/accessing-third-party-monitoring-apis.html

░▒▓    ~  curl -G -s -k -H "Authorization: Bearer $token"  "https://localhost:9092/api/v1/alerts?namespace=openshift-monitoring"
{"status":"success","data":{"alerts":[{"labels":{"alertname":"Watchdog","namespace":"openshift-monitoring","severity":"none"},"annotations":{"description":"This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n","summary":"An alert that should always be firing to certify that Alertmanager is working properly."},"state":"firing","activeAt":"2023-12-06T04:43:53.913490184Z","value":"1e+00"},{"labels":{"alertname":"AlertmanagerReceiversNotConfigured","namespace":"openshift-monitoring","severity":"warning"},"annotations":{"description":"Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.","summary":"Receivers (notification integrations) are not configured on Alertmanager"},"state":"firing","activeAt":"2023-12-06T04:44:43.013474132Z","value":"0e+00"}]}}

░▒▓    ~  curl -G -s -k -H "Authorization: Bearer $token"  "https://localhost:9092/api/v1/alerts"
Bad Request. The request or configuration is malformed.
  • I added CHANGELOG entry for this change.
  • No user facing changes, so no entry in CHANGELOG was needed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@slashpai slashpai changed the title WIP: MON-3134: allow alerts and rules path for thanos-querier tenancy port MON-3134: allow alerts from thanos-querier tenancy port Dec 7, 2023
@slashpai slashpai changed the title MON-3134: allow alerts from thanos-querier tenancy port MON-3134: allow to query alerts from thanos-querier tenancy port Dec 7, 2023
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 7, 2023
@slashpai
Copy link
Member Author

slashpai commented Dec 7, 2023

cc: @juzhao

simonpasquier
simonpasquier reviewed Dec 7, 2023
View reviewed changes
Copy link
Contributor

@simonpasquier simonpasquier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/hold

/api/v1/alerts should be added to the kube-rbac-proxy-rules container.

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 7, 2023
@slashpai slashpai force-pushed the thanos_tenancy_alerts branch from 8a00234 to a04d850 Compare December 7, 2023 11:22
@slashpai
Copy link
Member Author

slashpai commented Dec 7, 2023

@simonpasquier addressed comments

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Dec 7, 2023
edited by openshift-ci bot
Loading

@slashpai: This pull request references MON-3134 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.15.0" version, but no target version was set.

In response to this:

Allows to query alerts of application
namespaces as an application user.

  • I added CHANGELOG entry for this change.
  • No user facing changes, so no entry in CHANGELOG was needed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@slashpai
MON-3134: allow to query alerts from thanos-querier tenancy port
08675e0 
Allows to query alerts from application
namespaces as an application user.

Add e2e test to verify alerts tenancy

Signed-off-by: Jayapriya Pai <[email protected]>
@slashpai slashpai force-pushed the thanos_tenancy_alerts branch from a04d850 to 08675e0 Compare December 7, 2023 11:42
@simonpasquier
Copy link
Contributor

/lgtm
/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 7, 2023
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 7, 2023
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Dec 7, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: simonpasquier, slashpai

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [simonpasquier,slashpai]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@slashpai
Copy link
Member Author

slashpai commented Dec 7, 2023

cc: @bburt-rh for docs approval

@slashpai
Copy link
Member Author

slashpai commented Dec 7, 2023

/jira refresh

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Dec 7, 2023
edited by openshift-ci bot
Loading

@slashpai: This pull request references MON-3134 which is a valid jira issue.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Dec 7, 2023

@slashpai: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot bot merged commit 6010a5c into openshift:master Dec 7, 2023
@openshift-bot
Copy link
Contributor

[ART PR BUILD NOTIFIER]

This PR has been included in build cluster-monitoring-operator-container-v4.15.0-202312071954.p0.g6010a5c.assembly.stream for distgit cluster-monitoring-operator.
All builds following this will include this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simonpasquier simonpasquier simonpasquier left review comments

@marioferh marioferh Awaiting requested review from marioferh

@rexagod rexagod Awaiting requested review from rexagod

Assignees

@simonpasquier simonpasquier

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@slashpai @openshift-ci-robot @simonpasquier @openshift-bot