Skip to content

Commit 2e08789

Browse files
mburke5678mburke5678
authored
Merge pull request #72324 from gwynnemonahan/OSSM-6010
OSSM-6010 [DOC] Update user-workload monitoring so Kiali can fetch metrics from Thanos
2 parents 9ec9049 + 7cd1089 commit 2e08789

File tree

1 file changed

+42
-26
lines changed

1 file changed

+42
-26
lines changed

modules/ossm-integrating-with-user-workload-monitoring.adoc

Lines changed: 42 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -19,31 +19,47 @@ The following steps show how to integrate Service Mesh with user-workload monito
1919
2020
.Procedure
2121

22-
. Create a token to Thanos for Kiali by running the following commands:
22+
. Grant the `cluster-monitoring-view` role to the Kiali Service Account, replacing `<kiali-namespace>` with the name of the Kiali deployment namespace:
2323
+
24-
.. Set the `SECRET` environment variable by running the following command:
25-
+
26-
[source,terminal]
27-
----
28-
$ SECRET=`oc get secret -n openshift-user-workload-monitoring |
29-
grep prometheus-user-workload-token | head -n 1 | awk '{print $1 }'`
30-
----
31-
+
32-
.. Set the `TOKEN` environment variable by running the following command:
33-
+
34-
[source,terminal]
24+
[source,yaml]
3525
----
36-
$ TOKEN=`oc get secret $SECRET -n openshift-user-workload-monitoring -o jsonpath='{.data.token}' | base64 -d`
26+
apiVersion: rbac.authorization.k8s.io/v1
27+
kind: ClusterRoleBinding
28+
metadata:
29+
name: kiali-monitoring-rbac
30+
roleRef:
31+
apiGroup: rbac.authorization.k8s.io
32+
kind: ClusterRole
33+
name: cluster-monitoring-view
34+
subjects:
35+
- kind: ServiceAccount
36+
name: kiali-service-account
37+
namespace: <kiali-namespace>
3738
----
39+
40+
. Configure Kiali for user-workload monitoring:
3841
+
39-
.. Create a token to Thanos for Kiali by running the following command:
40-
+
41-
[source,terminal]
42+
[source,yaml]
4243
----
43-
$ oc create secret generic thanos-querier-web-token -n istio-system --from-literal=token=$TOKEN
44+
apiVersion: kiali.io/v1alpha1
45+
kind: Kiali
46+
metadata:
47+
name: kiali-user-workload-monitoring
48+
namespace: istio-system
49+
spec:
50+
external_services:
51+
prometheus:
52+
auth:
53+
token: secret:thanos-querier-web-token:token
54+
type: bearer
55+
use_kiali_token: false
56+
query_scope:
57+
mesh_id: "basic-istio-system"
58+
thanos_proxy:
59+
enabled: true
60+
url: https://thanos-querier.openshift-monitoring.svc.cluster.local:9091
4461
----
45-
46-
. Configure Kiali for user-workload monitoring:
62+
** If you use Istio Operator 2.4, use this configuration to configure Kiali for user-workload monitoring:
4763
+
4864
[source,yaml]
4965
----
@@ -52,15 +68,15 @@ kind: Kiali
5268
metadata:
5369
name: kiali-user-workload-monitoring
5470
namespace: istio-system
55-
spec:
56-
external_services:
57-
istio:
71+
spec:
72+
external_services:
73+
istio:
5874
config_map_name: istio-<smcp-name>
5975
istio_sidecar_injector_config_map_name: istio-sidecar-injector-<smcp-name>
6076
istiod_deployment_name: istiod-<smcp-name>
6177
url_service_version: 'http://istiod-<smcp-name>.istio-system:15014/version'
62-
prometheus:
63-
auth:
78+
prometheus:
79+
auth:
6480
token: secret:thanos-querier-web-token:token
6581
type: bearer
6682
use_kiali_token: false
@@ -168,7 +184,7 @@ spec:
168184
====
169185
If there is only one mesh using user-workload monitoring, then both the `mesh_id` relabeling and the `spec.prometheus.query_scope` field in the Kiali resource are optional (but the `query_scope` field given here should be removed if the `mesh_id` label is removed).
170186

171-
If multiple mesh instances on the cluster may use user-workload monitoring, then both the `mesh_id` relabelings and the `spec.prometheus.query_scope` field in the Kiali resource are required. This ensures that Kiali only sees metrics from its associated mesh.
187+
If multiple mesh instances on the cluster might use user-workload monitoring, then both the `mesh_id` relabelings and the `spec.prometheus.query_scope` field in the Kiali resource are required. This ensures that Kiali only sees metrics from its associated mesh.
172188

173189
If you are not deploying Kiali, you can still apply `mesh_id` relabeling so that metrics from different meshes can be distinguished from one another.
174190
====
@@ -227,7 +243,7 @@ spec:
227243
====
228244
If there is only one mesh using user-workload monitoring, then both the `mesh_id` relabeling and the `spec.prometheus.query_scope` field in the Kiali resource are optional (but the `query_scope` field given here should be removed if the `mesh_id` label is removed).
229245
230-
If multiple mesh instances on the cluster may use user-workload monitoring, then both the `mesh_id` relabelings and the `spec.prometheus.query_scope` field in the Kiali resource are required. This ensures that Kiali only sees metrics from its associated mesh.
246+
If multiple mesh instances on the cluster might use user-workload monitoring, then both the `mesh_id` relabelings and the `spec.prometheus.query_scope` field in the Kiali resource are required. This ensures that Kiali only sees metrics from its associated mesh.
231247
232248
If you are not deploying Kiali, you can still apply `mesh_id` relabeling so that metrics from different meshes can be distinguished from one another.
233249
====

0 commit comments

Comments
 (0)