Skip to content

[MON-2208] Add Oauth2 settings to prometheusK8s.remoteWrite config #1617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 8, 2022
Merged

[MON-2208] Add Oauth2 settings to prometheusK8s.remoteWrite config #1617

merged 1 commit into from
Apr 8, 2022

Conversation

raptorsun
Copy link
Contributor

@raptorsun raptorsun commented Mar 29, 2022
edited
Loading

This PR addes Oauth2 settings to PrometheusK8s.remoteWrite config, allowing prometheus remoteWrite use client secret to access the remote write server. An example config can be:

prometheusK8s:
  remoteWrite:
    - url: https://test.remotewrite.com/api/write
      remoteTimeout: 30s
      oauth2:
        clientId:
          secret:
            name: oauth2-credentials
            key: id
        clientSecret:
          name: oauth2-credentials
          key: secret
        tokenUrl: https://example.com/oauth2/token
        scopes:
          - scope1
          - scope2
        endpointParams:
          param1: value1
          param2: value2
  • I added CHANGELOG entry for this change.
  • No user facing changes, so no entry in CHANGELOG was needed.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 29, 2022
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 29, 2022
@raptorsun
Copy link
Contributor Author

/retest

@raptorsun raptorsun changed the title [WIP] add Oauth2 settings to PrometheusK8s config Add Oauth2 settings to prometheusK8s.remoteWrite config Mar 30, 2022
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 30, 2022
@raptorsun
Copy link
Contributor Author

/retest

@raptorsun raptorsun changed the title Add Oauth2 settings to prometheusK8s.remoteWrite config [MON-2208] Add Oauth2 settings to prometheusK8s.remoteWrite config Mar 30, 2022
@JoaoBraveCoding
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 31, 2022
@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

1 similar comment
@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@jan--f
Copy link
Contributor

jan--f commented Mar 31, 2022

/label docs-approved

@openshift-ci openshift-ci bot added the docs-approved Signifies that Docs has signed off on this PR label Mar 31, 2022
@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

12 similar comments
@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

13 similar comments
@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@JoaoBraveCoding
Copy link
Contributor

/skip

@JoaoBraveCoding
Copy link
Contributor

Ping @Senthamilarasu-STA for px approval.
Ping @juzhao for qe approval.

@Senthamilarasu-STA
Copy link

/label px-approved

@openshift-ci openshift-ci bot added the px-approved Signifies that Product Support has signed off on this PR label Apr 6, 2022
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Apr 7, 2022
@JoaoBraveCoding
Copy link
Contributor

/lgtm
/skip

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Apr 7, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Apr 7, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoaoBraveCoding, raptorsun, simonpasquier

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [JoaoBraveCoding,raptorsun,simonpasquier]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Apr 7, 2022

@raptorsun: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-single-node e63ae8d link false /test e2e-aws-single-node

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

juzhao
juzhao reviewed Apr 8, 2022
View reviewed changes
pkg/manifests/config.go
@@ -164,6 +164,8 @@ type RemoteWriteSpec struct {
QueueConfig *monv1.QueueConfig `json:"queueConfig,omitempty"`
// MetadataConfig configures the sending of series metadata to remote storage.
MetadataConfig *monv1.MetadataConfig `json:"metadataConfig,omitempty"`
// OAuth2 configures OAuth2 authentication for remote write.
OAuth2 *monv1.OAuth2 `json:"oauth2,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@raptorsun for monv1.OAuth2, checked in https://github.com/openshift/cluster-monitoring-operator/blob/release-4.11/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go#L1171-L1183
the OAuth2 struct do not have tls_config field as listed in
https://prometheus.io/docs/prometheus/latest/configuration/configuration/#oauth2

Copy link
Contributor Author

@raptorsun raptorsun Apr 8, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point. I'm going to submit a PR to add this field to the upstream Prometheus Operator 👍
In OAuth2 the necessary configurations are Client ID, Client Secret and TokenURL.
TLSConfig sets TLS for requesting token from TokenURL, which is not required on all endpoints of TokenURL, so this still works on most systems. We can live without that field :)

@juzhao
Copy link
Contributor

juzhao commented Apr 8, 2022

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Apr 8, 2022
@openshift-merge-robot openshift-merge-robot merged commit 96a7c1d into openshift:master Apr 8, 2022
@raptorsun raptorsun deleted the feature/MON-2208 branch April 13, 2022 12:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juzhao juzhao juzhao left review comments

@philipgough philipgough Awaiting requested review from philipgough

@simonpasquier simonpasquier Awaiting requested review from simonpasquier

Assignees

@simonpasquier simonpasquier

@JoaoBraveCoding JoaoBraveCoding

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. docs-approved Signifies that Docs has signed off on this PR lgtm Indicates that a PR is ready to be merged. px-approved Signifies that Product Support has signed off on this PR qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@raptorsun @JoaoBraveCoding @openshift-bot @jan--f @simonpasquier @Senthamilarasu-STA @juzhao @openshift-merge-robot