Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-3

Allow non-admin users to configure individual notification settings

    XMLWordPrintable

Details

    • Service Delivery
    • 100
    • 100% 100%
    • OSD
    • 0

    Description

      Problem Alignment

      The Problem

      Today, all configuration for setting individual, for example, routing configuration is done via a single configuration file that only admins have access to. If an environment uses multiple tenants and each tenant, for example, has different systems that they are using to notify teams in case of an issue, then someone needs to file a request w/ an admin to add the required settings.

      That can be bothersome for individual teams, since requests like that usually disappear in the backlog of an administrator. At the same time, administrators might get tons of requests that they have to look at and prioritize, which takes them away from more crucial work.

      We would like to introduce a more self service approach whereas individual teams can create their own configuration for their needs w/o the administrators involvement.

      Last but not least, since Monitoring is deployed as a Core service of OpenShift there are multiple restrictions that the SRE team has to apply to all OSD and ROSA clusters. One restriction is the ability for customers to use the central Alertmanager that is owned and managed by the SRE team. They can't give access to the central managed secret due to security concerns so that users can add their own routing information.

      High-Level Approach

      Provide a new API (based on the Operator CRD approach) as part of the Prometheus Operator that allows creating a subset of the Alertmanager configuration without touching the central Alertmanager configuration file.

      Please note that we do not plan to support additional individual webhooks with this work. Customers will need to deploy their own version of the third party webhooks.

      Goal & Success

      • Allow users to deploy individual configurations that allow setting up Alertmanager for their needs without an administrator.

      Solution Alignment

      Key Capabilities

      • As an OpenShift administrator, I want to control who can CRUD individual configuration so that I can make sure that any unknown third person can touch the central Alertmanager instance shipped within OpenShift Monitoring.
      • As a team owner, I want to deploy a routing configuration to push notifications for alerts to my system of choice.

      Key Flows

      Team A wants to send all their important notifications to a specific Slack channel.

      • Administrator gives permission to Team A to allow creating a new configuration CR in their individual namespace.
      • Team A creates a new configuration CR.
      • Team A configures what alerts should go into their Slack channel.
      • Open Questions & Key Decisions (optional)
      • Do we want to improve anything inside the developer console to allow configuration?

      Attachments

        Issue Links

          is related to

          Feature Request - Feature requests from customers and/or users RFE-1756 Separate alerts by source (cluster and customer).

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Rejected
          links to

          GitHub openshift/release#26762: Adding warning and critical alerts for the git-cache pvc

          Activity

            People

              rh-ee-rfloren Roger Florén
              cvogel1 Christian Heidenreich (Inactive)
              Votes:
              14 Vote for this issue
              Watchers:
              42 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: