mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
130 lines
5.2 KiB
Plaintext
130 lines
5.2 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * monitoring/configuring-the-monitoring-stack.adoc
|
|
|
|
:_content-type: PROCEDURE
|
|
[id="configuring_remote_write_storage_{context}"]
|
|
= Configuring remote write storage
|
|
|
|
[role="_abstract"]
|
|
You can configure remote write storage to enable Prometheus to send ingested metrics to remote systems for long-term storage.
|
|
Doing so has no impact on how or for how long Prometheus stores metrics.
|
|
|
|
.Prerequisites
|
|
|
|
* *If you are configuring core {product-title} monitoring components:*
|
|
** You have access to the cluster as a user with the `cluster-admin` role.
|
|
** You have created the `cluster-monitoring-config` `ConfigMap` object.
|
|
* *If you are configuring components that monitor user-defined projects:*
|
|
** You have access to the cluster as a user with the `cluster-admin` role or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
|
|
** You have created the `user-workload-monitoring-config` `ConfigMap` object.
|
|
* You have installed the OpenShift CLI (`oc`).
|
|
* You have set up a remote write compatible endpoint (such as Thanos) and know the endpoint URL.
|
|
See the link:https://prometheus.io/docs/operating/integrations/#remote-endpoints-and-storage[Prometheus remote endpoints and storage documentation] for information about endpoints that are compatible with the remote write feature.
|
|
* You have set up authentication credentials in a `Secret` object for the remote write endpoint.
|
|
You must create the secret in the same namespace as the Prometheus object for which you configure remote write: the `openshift-monitoring` namespace for default platform monitoring or the `openshift-user-workload-monitoring` namespace for user workload monitoring.
|
|
|
|
+
|
|
[CAUTION]
|
|
====
|
|
To reduce security risks, use HTTPS and authentication to send metrics to an endpoint.
|
|
====
|
|
|
|
.Procedure
|
|
|
|
Follow these steps to configure remote write for default platform monitoring in the `cluster-monitoring-config` config map in the `openshift-monitoring` namespace.
|
|
|
|
[NOTE]
|
|
====
|
|
If you configure remote write for the Prometheus instance that monitors user-defined projects, make similar edits to the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` namespace.
|
|
Note that the Prometheus config map component is called `prometheus` in the `user-workload-monitoring-config` `ConfigMap` object and not `prometheusK8s`, as it is in the `cluster-monitoring-config` `ConfigMap` object.
|
|
====
|
|
|
|
. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc -n openshift-monitoring edit configmap cluster-monitoring-config
|
|
----
|
|
|
|
. Add a `remoteWrite:` section under `data/config.yaml/prometheusK8s`.
|
|
|
|
. Add an endpoint URL and authentication credentials in this section:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: cluster-monitoring-config
|
|
namespace: openshift-monitoring
|
|
data:
|
|
config.yaml: |
|
|
prometheusK8s:
|
|
remoteWrite:
|
|
- url: "https://remote-write-endpoint.example.com" <1>
|
|
<endpoint_authentication_credentials> <2>
|
|
----
|
|
+
|
|
<1> The URL of the remote write endpoint.
|
|
<2> The authentication method and credentials for the endpoint.
|
|
Currently supported authentication methods are AWS Signature Version 4, authentication using HTTP an `Authorization` request header, basic authentication, OAuth 2.0, and TLS client.
|
|
See _Supported remote write authentication settings_ below for sample configurations of supported authentication methods.
|
|
|
|
. Add write relabel configuration values after the authentication credentials:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: cluster-monitoring-config
|
|
namespace: openshift-monitoring
|
|
data:
|
|
config.yaml: |
|
|
prometheusK8s:
|
|
remoteWrite:
|
|
- url: "https://remote-write-endpoint.example.com"
|
|
<endpoint_authentication_credentials>
|
|
<write_relabel_configs> <1>
|
|
----
|
|
<1> The write relabel configuration settings.
|
|
+
|
|
For `<write_relabel_configs>` substitute a list of write relabel configurations for metrics that you want to send to the remote endpoint.
|
|
+
|
|
The following sample shows how to forward a single metric called `my_metric`:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: cluster-monitoring-config
|
|
namespace: openshift-monitoring
|
|
data:
|
|
config.yaml: |
|
|
prometheusK8s:
|
|
remoteWrite:
|
|
- url: "https://remote-write-endpoint.example.com"
|
|
writeRelabelConfigs:
|
|
- sourceLabels: [__name__]
|
|
regex: 'my_metric'
|
|
action: keep
|
|
|
|
----
|
|
+
|
|
See the link:https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[Prometheus relabel_config documentation] for information about write relabel configuration options.
|
|
|
|
. Save the file to apply the changes to the `ConfigMap` object.
|
|
The pods affected by the new configuration restart automatically.
|
|
+
|
|
[NOTE]
|
|
====
|
|
Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
|
|
====
|
|
+
|
|
[WARNING]
|
|
====
|
|
Saving changes to a monitoring `ConfigMap` object might redeploy the pods and other resources in the related project. Saving changes might also restart the running monitoring processes in that project.
|
|
====
|