You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Documentation/commands/analyze/index.md
+34Lines changed: 34 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -57,3 +57,37 @@ The Prometheus Operator must be deployed in the Kubernetes cluster, which can be
57
57
The Prometheus Operator deployment requires proper RBAC (Role-Based Access Control) rules to function correctly. This means the service account associated with the Prometheus Operator must have permissions aligned with the Prometheus Operator CRDs (Custom Resource Definitions) present in the cluster.
58
58
59
59
For instance, if the Prometheus Operator is managing only Prometheus instances, the service account should have the necessary permissions to create, update, and delete Prometheus resources, but it should not have permissions to manage other resources like Alertmanager.
60
+
61
+
## Analyze Prometheus
62
+
63
+
### Prometheus Existence
64
+
65
+
The Prometheus object must exist in the Kubernetes cluster, which can be confirmed by checking for the presence of the Prometheus CR (Custom Resource) in the specified namespace and under the given name.
66
+
67
+
### Prometheus RBAC Rules
68
+
69
+
The Prometheus server requires proper RBAC (Role-Based Access Control) rules to function correctly. This means the service account associated with the Prometheus must have permissions aligned with the Prometheus CRDs (Custom Resource Definitions) present in the cluster.
70
+
71
+
Since Prometheus just reads Objects in the Kubernetes API, it requires the get, list, and watch actions. As Prometheus can also be used to scrape metrics from the Kubernetes apiserver, it also requires access to the /metrics/ endpoint of it. In addition to the rules for Prometheus itself, the Prometheus needs to be able to get configmaps to be able to pull in rule files from configmap objects.
72
+
73
+
### Prometheus Namespace Selectors and Service Selectors
74
+
75
+
The Prometheus server relies on proper service discovery to function correctly. To achieve this, we must ensure that any defined Namespace Selector corresponds to an existing namespace. Similarly, for Service Selectors, it is crucial that they align with existing resources. Whether using ServiceMonitor, PodMonitor, ScrapeConfig, Probe, or PrometheusRule, the respective Custom Resource (CR) must exist and be properly matched.
76
+
77
+
## Analyze Alertmanager
78
+
79
+
### Alertmanager Existence
80
+
81
+
The Alertmanager object must exist in the Kubernetes cluster, which can be confirmed by checking for the presence of the Prometheus CR (Custom Resource) in the specified namespace and under the given name.
82
+
83
+
### Alertmanager Configuration
84
+
85
+
Alertmanager configuration must be provided in one of the following ways:
86
+
87
+
-**User-provided Kubernetes Secret**: The user must ensure the configuration data is stored in a file named `alertmanager.yaml`.
88
+
-**Default Kubernetes Secret**: The Operator will generate and provide a default secret for use.
89
+
-**AlertmanagerConfig CRDs (Custom Resource Definitions)**: These must match a **Namespace Selector** in the specified namespace, a **ConfigSelector**, or the **ConfigSelector Name**.
90
+
91
+
* As a Kubernetes secret provided by the user, that needs to ensure the data is stored in a file called alertmanager.yaml
92
+
* The Operator will provide a default generated Kubernetes secret to use
93
+
* Via the AlertmanagerConfig CRDs (Custom Resource Definitions), that should be matched by a Namespace selector in a given namespace, a ConfigSelector or the ConfigSelector Name
0 commit comments