-
Notifications
You must be signed in to change notification settings - Fork 495
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
charts: allow cross namespace metrics scraping #854
charts: allow cross namespace metrics scraping #854
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/run-e2e-in-kind |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
All of K8s security comes down to namespaces, so this is a big grant. I think we should come up with some alternative models of deployment here. I think we should definitely have an option to not support cross-namespace requests here (and thus this type of lightning deployment). In the cloud one will want to stream to and from object storage and not retain a backup on the PVC. |
* update conflicts check and add test file * delete test file
What problem does this PR solve?
Allow Prometheus to scrape cross namespace pods. The tidb-lightning chart may be deployed in the upstream tidb cluster to use the adhoc backup PVC. So Prometheus needs to scrape metrics cross namespace.
What is changed and how does it work?
The rbac rule of Prometheus changed to use cluster role and cluster role binding in order scrape cross namespace.
Check List
Tests
Manual test
Code changes
Side effects
None
Related changes
Does this PR introduce a user-facing change?: