search

linkerd / linkerd-viz

Top-line service metrics dashboard for Linkerd 1.
Apache License 2.0
111 stars 32 forks source link

Limit linkerd instances search to a particular Kubernetes namespace? #44

Closed christophetd closed 7 years ago

christophetd commented 7 years ago

Hi,

I'm trying to deploy linkerd-viz in a Kubernetes cluster where I have rights on a single namespace, and I'm getting the following errors:

Failed to list *v1.Service: User \"system:serviceaccount:my-namespace:viewer\" cannot list all services in the cluster"
Failed to list *v1.Pod: User \"system:serviceaccount:my-namespace:viewer\" cannot list all pods in the cluster" 
Failed to list *v1.Endpoints: User \"system:serviceaccount:my-namespace:viewer\" cannot list all endpoints in the cluster"

It seems that Prometheus is trying to list services / pods in the whole cluster. Is there a way to have it restrict itself to the namespace my-namespace only? I was thinking that using a __meta_kubernetes_namespace meta label could do the trick, but I'm unsure whether that will change the API call that Prometheus does, or just filter the services afterwards.

Note that I run linkerd-viz is run under a viewer service account that can list services / pods inside my namespace.

Thanks!

siggy commented 7 years ago

Hi @christophetd,

I think may be correct that using __meta_kubernetes_namespace will only be a post-filter, but won't affect the initial query.

If you want to try that anyway, I think you'd use something like:

  relabel_configs:
  - source_labels: [__meta_kubernetes_namespace]
    action: keep
    regex: my-namespace

FWIW, it looks like the feature you want may have been implemented recently in Prometheus: https://github.com/prometheus/prometheus/pull/2642

Let us know what you find.

christophetd commented 7 years ago

Thanks for the pointer, it seems that the feature has been implemented starting from Prometheus v1.7.0 (changelog). If that's fine for you, I can send out a PR to have the Docker image use this version (v1.4.1 currently used is from Nov 2016, it could use some update anyway)

christophetd commented 7 years ago

I opened a PR to update to Prometheus v1.7.0, see #45

klingerf commented 7 years ago

This is awesome, thanks @christophetd. We'll take a look at the PR.

siggy commented 7 years ago

Addressed in https://github.com/linkerd/linkerd-viz/pull/45. Thanks @christophetd !

ajagnanan1 commented 6 years ago

could you share how its configured in linkerd plz?