feat: support metrics scrape

[jiuker]

feat: support metrics scrape
fix #2327
we just support /minio/v2/metrics/cluster before
now we can do more type for this
like

prometheusOperatorScrapeMetricsPath:
- /minio/v2/metrics/cluster
- /minio/metrics/v3/api
- /minio/v2/metrics/bucket

default is /minio/v2/metrics/cluster

[harshavardhana]

We should add a way to scrape v3 metrics as well

[cesnietor]

@jiuker is there a way we can create tests for this? since this is a new feature? like an integration test? Thanks.

[jiuker]

Will take a look

[allanrogerr]

@jiuker PTAL - pkg:golang/golang.org/x/[email protected] vulnerability

[allanrogerr]

The only way to remove scrapeConfigs is to set prometheusOperator to false, then re-initialize the array. This does not seem correct.

[jiuker]

Yesh. prometheusOperator: true with this prometheusOperatorScrapeMetricsPath:[] is means default /minio/v2/metrics/cluster like before.
I think we should compatible that user don't set that before. Any advice ? @allanrogerr ?

[ramondeklein]

I guess you mean expectedScrapeConfigs instead of exceptedScrapeConfigs? Or did you mean acceptedScapeConfigs???

[allanrogerr]

Consider the following tenant yaml section; note that v3 cluster metrics is scraped using /minio/v3/metrics/cluster/ (see https://github.com/minio/minio/blob/master/docs/metrics/v3.md):

  prometheusOperator: true
  prometheusOperatorScrapeMetricsPath:
  - /minio/v2/metrics/bucket
  - /minio/v2/metrics/cluster
  - /minio/v2/metrics/node
  - /minio/v2/metrics/resource
  - /minio/v3/metrics/cluster/

v3 metrics scraping is failing with server returned HTTP status 403 Forbidden. Please try and check this.

[jiuker]

Yesh. Should be like /minio/metrics/v3/*, but that can be set with this strings slice field.

[ramondeklein]

I'm no expert on Prometheus metrics and MinIO, but I think this code doesn't work correctly. Please make these changes to AIStor operator and implement proper integration tests.

[ramondeklein]

If you can specify multiple values, then this should probably be:

Suggested change

	PrometheusOperatorScrapeMetricsPath []string `json:"prometheusOperatorScrapeMetricsPath,omitempty"`
	PrometheusOperatorScrapeMetricsPaths []string `json:"prometheusOperatorScrapeMetricsPaths,omitempty"`

[ramondeklein]

Can we add some information about the default (or fallback) value?

[ramondeklein]

Please add some comment that the generation of the scrape configuration always creates a new bearer token, so it shouldn't be included in this check, because it will always result in it being not equal.

How do we make sure the bearer token is updated when the tenant gets assigned other credentials (different access/secret key). This will result in another bearer token (but nothing else), so it will decide that the scape configuration hasn't changed, but Prometheus won't be able to access MinIO with the old token.

[ramondeklein]

Can we change line 146 to include the namespace/tenant that is getting the Prometheus scrape configuration?

[ramondeklein]

I guess you mean expectedScrapeConfigs instead of exceptedScrapeConfigs? Or did you mean acceptedScapeConfigs???

[ramondeklein]

Please address linter issue:

Suggested change

	token, err := jwt.ParseWithClaims(bearerToken, claims, func(token *jwt.Token) (interface{}, error) {
	token, err := jwt.ParseWithClaims(bearerToken, claims, func(_ *jwt.Token) (interface{}, error) {

[ramondeklein]

I think it's a typo:

Suggested change

	var scrapeConfigs, exceptedScrapeConfigs []configmaps.ScrapeConfig
	var scrapeConfigs, expectedScrapeConfigs []configmaps.ScrapeConfig

[jiuker]

should be fine now

[ramondeklein]

When secretKey is changed, then it will not be able to decrypt the existing bearer-token using the new secret key. The function will return an error. That shouldn't be logged, but is expected, but it should set updateScrapeConfig.

[jiuker]

ignored it now