Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3219

UWM Prometheus Federation requires tenancy awareness

XMLWordPrintable

    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request
      UWM Prometheus Federation requires tenancy awareness

      2. What is the nature and description of the request?
      With OBSDA-36, Prometheus Federation was implemented for User Workload Monitoring. The problem is that this API does grant access to all metrics on the given Prometheus instance, hence exposing potential details/data in multitenant environment that should not be exposed between different tenants.

      In OpenShift Container Platform 4 - Monitoring, this problem was resolved with thanos-querier (as per Accessing OpenShift metrics in a tenant aware way).

      A similar approach (approach to be defined) would be desired to make sure only metrics from a tenant the user is allowed can be scraped and not from the entire cluster.

      3. Why does the customer need this? (List the business requirements here)
      The current implementation is missing tenancy awareness and thus renders the newly introduced functionality unusable for customers running multitenant environments. Even though there is a strong push to provide federation for user workload monitoring, the administrators of the platform are unable to offer it even with OpenShift Container Platform 4.11 as it would expose all data and thus violate the tenancy model and therefore data security.

      4. List any affected packages or components.
      OpenShift Container Platform 4 - User Workload Monitoring

              rh-ee-rfloren Roger Florén
              rhn-support-sreber Simon Reber
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: