Skip to content

1st functional version with OpenShift Monitoring #340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
coulof wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

1st functional version with OpenShift Monitoring #340

coulof wants to merge 1 commit into from

Conversation

@coulof
Copy link
Contributor

@coulof coulof commented Oct 2, 2025

OpenShift comes with kube-state-metrics + Prometheus.

In OCP, the access to Prometheus is on HTTPS + Authentication.

This 1st naive implementation enables the NewPrometheusClient to connect to the endpoint.

Tested with OpenShift 4.19 + Dell CSI driver for PowerStore

@coulof coulof requested a review from a team as a code owner October 2, 2025 09:23
@skoya76 skoya76 requested review from cupnes and llamerada-jp and removed request for daichimukai and satoru-takeuchi October 3, 2025 06:15
@llamerada-jp
Copy link
Contributor

llamerada-jp commented Oct 3, 2025

Thank you for your work.

Is this PR's primary focus on Prometheus's bearer token? And OpenShift is one of the environments utilizing that feature?

Since we cannot provide ongoing support for OpenShift, we want the documentation to target environments using bearer tokens, not specifically OpenShift. Also, is it possible to add connection tests using the bearer token while keeping the existing tests without the bearer token? For continuous development, we'd like to verify this in CI if possible.

Additionally, we have not used this feature either, so we will need time for investigation and review. Please understand that responses may be delayed.

@coulof
Copy link
Contributor Author

coulof commented Oct 3, 2025

Is this PR's primary focus on Prometheus's bearer token? And OpenShift is one of the environments utilizing that feature?

Yes, that is correct !
OpenShift Monitoring comes by default with https & a bearer token. Here is the extract from the Prometheus config:

  scheme: https
  tls_config:
    server_name: api.openshift-apiserver.svc
    ca_file: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
    cert_file: /etc/prometheus/secrets/metrics-client-certs/tls.crt
    key_file: /etc/prometheus/secrets/metrics-client-certs/tls.key
  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

Since we cannot provide ongoing support for OpenShift, we want the documentation to target environments using bearer tokens, not specifically OpenShift.

I will cleanup the documentation to be more generic, is it OK to refer to OpenShift documentation for the token creation or do you want to use only Prometheus/Kubernetes upstream information ?

Also, is it possible to add connection tests using the bearer token while keeping the existing tests without the bearer token? For continuous development, we'd like to verify this in CI if possible.

For the connection tests you mean adding them here : https://github.com/topolvm/pvc-autoresizer/blob/main/test/e2e/Makefile ?

I'm not exactly too sure how to integrate to the existing tests. Do we want a 2nd instance running on the same cluster with https & token enable or complete new section ?

Maybe we can have a quick sync-up call. I'm based in France with a 7h difference vs Japan.

Feel free to send me an email now the commits are signed-off ;-)

@llamerada-jp
Copy link
Contributor

llamerada-jp commented Oct 7, 2025

I will cleanup the documentation to be more generic, is it OK to refer to OpenShift documentation for the token creation or do you want to use only Prometheus/Kubernetes upstream information ?

The use of Prometheus/Kubernetes is preferred. Since we do not use OpenShift, we cannot maintain documentation or provide support for related questions.

For the connection tests you mean adding them here : https://github.com/topolvm/pvc-autoresizer/blob/main/test/e2e/Makefile ?

I'm not exactly too sure how to integrate to the existing tests. Do we want a 2nd instance running on the same cluster with https & token enable or complete new section ?

We considered installing Prometheus in a different namespace, but we recommend the approach of running e2e in a separate environment, as referenced in the metrics-api.

pvc-autoresizer/.github/workflows/e2e.yaml

Lines 48 to 63 in 5fa7fdf

e2e-k8s-with-metrics-api:
name: "e2e-k8s-with-metrics-api"
runs-on: "ubuntu-22.04"
strategy:
matrix:
kubernetes_versions: ["1.33.4", "1.32.8", "1.31.12"]
env:
KUBERNETES_VERSION: ${{ matrix.kubernetes_versions }}
steps:
- uses: actions/checkout@v5
- uses: actions/setup-go@v6
with:
go-version-file: "go.mod"
- run: make -C test/e2e setup
- run: make -C test/e2e init-app-with-metrics-api
- run: make -C test/e2e test

Maybe we can have a quick sync-up call. I'm based in France with a 7h difference vs Japan.

Thank you for your concern. For now, the communication on the issue seems to be working out fine.

@coulof coulof marked this pull request as draft October 13, 2025 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@llamerada-jp llamerada-jp Awaiting requested review from llamerada-jp

@cupnes cupnes Awaiting requested review from cupnes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coulof @llamerada-jp