Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[feat] - Add Prometheus, AM Analyzers doc #49

Merged
merged 7 commits into from
Dec 10, 2024
Merged

[feat] - Add Prometheus, AM Analyzers doc #49

Changes from 2 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
85781ad
[feat] - Add Prometheus, AM Analyzers doc
heliapb Dec 9, 2024
611af5f
[fix] - doc
heliapb Dec 9, 2024
76db674
Update Documentation/commands/analyze/index.md
heliapb Dec 10, 2024
bd241f3
Update Documentation/commands/analyze/index.md
heliapb Dec 10, 2024
9e308ed
Update Documentation/commands/analyze/index.md
heliapb Dec 10, 2024
2af894f
Update Documentation/commands/analyze/index.md
heliapb Dec 10, 2024
dbdf606
[fix] - doc
heliapb Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions Documentation/commands/analyze/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,3 +57,33 @@ The Prometheus Operator must be deployed in the Kubernetes cluster, which can be
The Prometheus Operator deployment requires proper RBAC (Role-Based Access Control) rules to function correctly. This means the service account associated with the Prometheus Operator must have permissions aligned with the Prometheus Operator CRDs (Custom Resource Definitions) present in the cluster.

For instance, if the Prometheus Operator is managing only Prometheus instances, the service account should have the necessary permissions to create, update, and delete Prometheus resources, but it should not have permissions to manage other resources like Alertmanager.

## Analyze Prometheus

### Prometheus Existence

The Prometheus must be deployed in the Kubernetes cluster, which can be confirmed by checking for the presence of the Prometheus CRDs (Custom Resource Definitions) in the specified namespace and under the given name.
heliapb marked this conversation as resolved.
Show resolved Hide resolved

### Prometheus RBAC Rules

The Prometheus server requires proper RBAC (Role-Based Access Control) rules to function correctly. This means the service account associated with the Prometheus must have permissions aligned with the Prometheus CRDs (Custom Resource Definitions) present in the cluster.

Since Prometheus just reads Objects in the Kubernetes API, it requires the get, list, and watch actions. As Prometheus can also be used to scrape metrics from the Kubernetes apiserver, it also requires access to the /metrics/ endpoint of it. In addition to the rules for Prometheus itself, the Prometheus needs to be able to get configmaps to be able to pull in rule files from configmap objects.

### Prometheus Namespace Selectors and Service Selectors

The Prometheus server requires proper service discovery to be enabled. In order for that we need to ensure that any Namespace Selector defined has a matching existing namespace. The same applies for Service Selectors defined, as if any of then is defined (ServiceMonitor, PodMonitor, ScrapeConfig Probe PrometheusRule) the CRDs (Custom Resource Definitions) needs to exits and properly matched.
heliapb marked this conversation as resolved.
Show resolved Hide resolved

## Analyze Alertmanager

### Alertmanager Existence

The Alertmanager must be deployed in the Kubernetes cluster, which can be confirmed by checking for the presence of the Prometheus CRDs (Custom Resource Definitions) in the specified namespace and under the given name.
heliapb marked this conversation as resolved.
Show resolved Hide resolved

### Alertmanager Configuration

Alertmanager condifuration needs to be provided, either:
heliapb marked this conversation as resolved.
Show resolved Hide resolved

* As a Kubernetes secret provided by the user, that needs to ensure the data is stored in a file called alertmanager.yaml
* The Operator will provide a default generated Kubernetes secret to use
* Via the AlertmanagerConfig CRDs (Custom Resource Definitions), that should be matched by a Namespace selector in a given namespace, a ConfigSelector or the ConfigSelector Name
Loading