Closed christophetd closed 7 years ago
Hi @christophetd,
I think may be correct that using __meta_kubernetes_namespace
will only be a post-filter, but won't affect the initial query.
If you want to try that anyway, I think you'd use something like:
relabel_configs:
- source_labels: [__meta_kubernetes_namespace]
action: keep
regex: my-namespace
FWIW, it looks like the feature you want may have been implemented recently in Prometheus: https://github.com/prometheus/prometheus/pull/2642
Let us know what you find.
Thanks for the pointer, it seems that the feature has been implemented starting from Prometheus v1.7.0 (changelog). If that's fine for you, I can send out a PR to have the Docker image use this version (v1.4.1 currently used is from Nov 2016, it could use some update anyway)
I opened a PR to update to Prometheus v1.7.0, see #45
This is awesome, thanks @christophetd. We'll take a look at the PR.
Addressed in https://github.com/linkerd/linkerd-viz/pull/45. Thanks @christophetd !
could you share how its configured in linkerd plz?
Hi,
I'm trying to deploy linkerd-viz in a Kubernetes cluster where I have rights on a single namespace, and I'm getting the following errors:
It seems that Prometheus is trying to list services / pods in the whole cluster. Is there a way to have it restrict itself to the namespace
my-namespace
only? I was thinking that using a__meta_kubernetes_namespace
meta label could do the trick, but I'm unsure whether that will change the API call that Prometheus does, or just filter the services afterwards.Note that I run linkerd-viz is run under a
viewer
service account that can list services / pods inside my namespace.Thanks!