OU-1055: Improve docs for Perses Dashboard #999
OU-1055: Improve docs for Perses Dashboard #999openshift-merge-bot[bot] merged 3 commits intorhobs:mainfrom
Conversation
zhuje
changed the title
|
@zhuje: This pull request references OU-1055 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.22.0" version, but no target version was set. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
zhuje
force-pushed
the
ou1055-docs-secrets
branch
from
020111e to
4596ea2
Compare
| > **Automatic Datasource Detection**: Notice that the above example does not set a specific datasource for the dashboard. This is because Perses will automatically detect the available datasources in the namespace and use the default one it finds. A specific datasource can be set by adding a `datasource` field in the panel query or by adding a datasource variable to the dashboard so users can select the datasource they want to use. | ||
|
|
||
| ## Secrets | ||
| Perses secrets are exclusively managed by the Perses Operator with PersesDatasource and PersesGlobalDatasource resources under the client field for proxy configuration. Review the [perses-operator API docs](https://github.com/rhobs/perses-operator/blob/main/docs/api.md) for full specifications. |
There was a problem hiding this comment.
should we link to the upstream repository?
There was a problem hiding this comment.
I think we should keep the /rhobs/perses-operator link because it reflects what is deployed with the observability operator.
| Perses secrets are exclusively managed by the Perses Operator with PersesDatasource and PersesGlobalDatasource resources under the client field for proxy configuration. Review the [perses-operator API docs](https://github.com/rhobs/perses-operator/blob/main/docs/api.md) for full specifications. | ||
|
|
||
| > [!IMPORTANT] | ||
| To configure a secret to be used for proxy authentication, you can create a Kubernetes Secret with the necessary credentials and reference it in the `client` field used for the datasource proxy configuration. This will create a Perses secret in the project corresponding to the namespace where the CR is created. The secret will be named after the Datasource name with a `-secret` suffix. The secret must be referenced in `spec.config.spec.proxy.spec.secret`. |
There was a problem hiding this comment.
This will create a Perses secret in the project corresponding to the namespace where the CR is created
IIUC PersesGlobalDatasource are cluster-scoped resources? If yes where is the secret created in that case?
There was a problem hiding this comment.
Yes, PersesGlobalDatasource is a cluster-scoped resource. Perses GlobalSecrets are created at the cluster level in the Perses backend rather than within any specific project.
| basicAuth: | ||
| type: secret | ||
| name: k8s-basicauth-secret-name | ||
| namespace: optional-namespacename # if the secret resides in another namespace |
There was a problem hiding this comment.
From a security standpoint, it's far from ideal. Does it mean that I can lookup secrets in any namespace?
There was a problem hiding this comment.
This is a good point. I will discuss this change with the upstream community for a future perses release.
There was a problem hiding this comment.
After discussing with Gabriel, this property is optional and is also restricted by user's access to the namespace via RBAC.
|
On second thought, the information I wrote in the previous commit was sourced from the docs in /perses-operator. I've updated the commit to point directly to https://github.com/rhobs/perses-operator/blob/main/docs/user-guide.md instead. This establishes a single source of truth and avoids the need to maintain duplicate information in both places. I pointed to /rhobs/perses-operator rather than /perses/operator because /rhobs/perses-operator is the version that is shipped with the observability-operator. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jgbernalp, zhuje The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
4 participants
JIRA https://issues.redhat.com/browse/OU-1055