*: Update docs with latest Telemeter architecture #430
Conversation
Signed-off-by: Saswata Mukherjee <[email protected]>
Signed-off-by: Saswata Mukherjee <[email protected]>
Signed-off-by: Saswata Mukherjee <[email protected]>
| 2. This handler uses [`tollbooth.NewAuthorizer`](https://github.com/openshift/telemeter/blob/master/pkg/authorize/tollbooth/tollbooth.go) which implements the [`authorize.ClusterAuthorizer`](https://github.com/openshift/telemeter/blob/master/pkg/authorize/cluster.go) interface, to authorize that particular cluster. It uses [`authorize.AgainstEndpoint`](https://github.com/openshift/telemeter/blob/a30ef1e07eb12468cdcbdcf6fde45469a9fa5d60/pkg/authorize/handler.go#L65) to send the cluster ID and token as a POST request to the authorization server (configured via `--authorize`). The authorization server returns a 200 status code, if the cluster is identified correctly. | ||
| 3. `tollbooth.AuthorizeCluster` returns a subject which is used as the client identifier in a generated signed JWT which is returned to the telemeter-client, along with any labels. | ||
|
|
||
| ## /metrics/v1/receive endpoint (receive metrics in prompb.WriteRequest format from any client) |
There was a problem hiding this comment.
There is no mention but I'm guessing that here we also check if the prometheus is not going over the rate-limiting for the ID of the cluster
There was a problem hiding this comment.
Also, does the whole maintaining timestamp drift also happen on this endpoint?
There was a problem hiding this comment.
So regarding rate limiting requests based on cluster ID, I don't think we do it for metrics/v1/receive currently as per the handler https://github.com/openshift/telemeter/blob/master/cmd/telemeter-server/main.go#L528. This route isn't really used at the moment, except by perhaps Hypershift.
And we do not modify the timestamps in the Prometheus remote write request in any way. We only drop certain timeseries in the request or drop labels. 🙂
There was a problem hiding this comment.
OK perfect! I just mentioned it in case you wanted to mention it on the doc! 👌
Signed-off-by: Saswata Mukherjee <[email protected]>
There was a problem hiding this comment.
Look good to me 💯 Not adding lgmt right away in case @saswatamcode wants the input of more members of the team, otherwise, I'm happy to add it
openshift-ci
bot
added
the
approved
|
/retest |
|
/test e2e-aws-ovn |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JoaoBraveCoding, PhilipGough, saswatamcode The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@saswatamcode: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This PR updates the README with the latest Telemeter architecture and operational paths, along with a diagram.
Feel free to correct me if I am wrong somewhere, as this is not a super familiar path. 🙂
Rendered here: https://github.com/saswatamcode/telemeter/blob/docs/README.md
Also, will add
mdoxfor docs check purposes once in #428 once this is merged!