Open bcrisp4 opened 6 months ago
This issue has not had any activity in the past 30 days, so the needs-attention
label has been added to it.
If the opened issue is a bug, check to see if a newer release fixed your issue. If it is no longer relevant, please feel free to close this issue.
The needs-attention
label signals to maintainers that something has fallen through the cracks. No action is needed by you; your issue will be kept open and you do not have to respond to this comment. The label will be removed the next time this job runs if there is new activity.
Thank you for your contributions!
Request
Forgive me if this is already possible and I have missed something...
I'd like to be able to use Grafana Agent to discover all Prometheus Operator custom resources (
PodMonitor
,ServiceMonitor
,Probe
) from namespaces with a matching label.Example:
I would expect the above configuration to discover all
PodMonitor
resources in any namespace with thetenant=tenant-1
label.I believe the
prometheus.operator
components can currently only discover resources based on labels on the resources themselves, not the containing namespace.This sort of workflow is already possible using the Prometheus Operator. And, after a brief look at the docs, I think it is also possible in Grafana Agent when using the Operator deployment model (i.e.
podMonitorNamespaceSelector
is exposed here).This functionality exists for
PrometheusRule
resources in themimir.rules.kubernetes
component, which may serve as an example of how it could be implemented inprometheus.operator.*
.Use case
I operate a multi-tenant Kubernetes environment. I would like to provision Grafana Agent instances for each of my tenants which automatically scrapes metrics for them and stores them in Mimir.
Tenants configure their Agent using Prometheus Operator CRs that they deploy in their own namespaces/that come bundled with 3rd party Helm charts.
In order to 1.) simplify the configuration for the tenant, and 2.) avoid one tenant accidentally polluting another tenants metrics, I would prefer each Agent to discover CRs based on namespace metadata (which I control) rather than CR metadata (which the tenant controls).
I can think of ways around this using using admission controllers / security policies to enforce labels on the CRs, but that feels a little fiddly.