Uploaded image for project: 'Docs for Red Hat Developers'
  1. Docs for Red Hat Developers
  2. RHDEVDOCS-3917

Support additional auth section in remote_write

XMLWordPrintable

    • devex docs #217 Apr 7-Apr 28, devex docs #218 Apr 28-May 19
    • 8

      Epic Goal

      The cluster monitoring operator should allow OpenShift customers to configure remote write with all authentication methods supported by upstream Prometheus.

      We will extend CMO's configuration API to support the following authentications with remote write:

      • Sigv4
      • Authorization
      • OAuth2

      Why is this important?

      Customers want to send metrics to AWS Managed Prometheus that require sigv4 authentication (see https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-secure-metric-ingestion.html#AMP-secure-auth).

      Scenarios

      1. As a cluster admin, I want to forward platform/user metrics to remote write systems requiring Sigv4 authentication.
      2. As a cluster admin, I want to forward platform/user metrics to remote write systems requiring OAuth2 authentication.
      3. As a cluster admin, I want to forward platform/user metrics to remote write systems requiring custom Authorization header for authentication (e.g. API key).

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • It is possible for a cluster admin to configure any authentication method that is supported by Prometheus upstream for remote write (both platform and user-defined metrics):
        • Sigv4
        • Authorization
        • OAuth2

      Dependencies (internal and external)

      • In theory none because everything is already supported by the Prometheus operator upstream. We may discover bugs in the upstream implementation though that may require upstream involvement.

      Previous Work

      • After CMO started exposing the RemoteWrite specification in MON-1069, additional authentication options where added to prometheus and prometheus-operator but CMO didn't catch up on these.

      Open Questions

      • None

              rhn-support-bburt Brian Burt
              rkratky@redhat.com Robert Krátký (Inactive)
              Junqi Zhao Junqi Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: