group-sync-operator icon indicating copy to clipboard operation
group-sync-operator copied to clipboard

Published 20 hours ago verified publisher icon redhat-cop

Revisit instructions about metrics configuration?

Open simonpasquier opened this issue 1 year ago • 0 comments
trafficstars

https://github.com/redhat-cop/resource-locker-operator/issues/68#issue-1464664260

The instructions at https://github.com/redhat-cop/group-sync-operator#metrics are problematic for a couple of reasons:

  • Only namespaces of OCP "core" and Red Hat certified components are supposed to be labeled with openshift.io/cluster-monitoring="true" . Anything else should be scraped by the user-defined monitoring stack or a custom deployed Prometheus. The current advice goes against the support conditions, meaning that we could consider the cluster to be unsupported.
  • If a user "forgets" to label the namespace and user-defined monitoring is enabled, the PrometheusOperatorRejectedResources alert will fire because the service monitor uses bearerTokenFile which is forbidden in this case (to avoid users getting access to the service account's token).
  • Managed OpenShift (OSD, ROSA) forbids non-platform namespaces from being labeled with openshift.io/cluster-monitoring="true".

A better solution would be to support user-defined monitoring.

cc @jan--f @coffeegoesincodecomesout @w1dg3r

simonpasquier avatar Mar 08 '24 14:03 simonpasquier