Add support for ScrapeConfig CRD in Kubernetes

Fixes #1428 Signed-off-by: alex-berger <alex-berger@gmx.ch>
grafana · Feb 7, 2025 · 0d8558e · 0d8558e
1 parent ab09bcb
commit 0d8558e
Show file tree

Hide file tree

Showing 16 changed files with 669 additions and 58 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,8 @@ Main (unreleased)
 
 - (_Experimental_) Add a `stage.windowsevent` block in the `loki.process` component. This aims to replace the existing `stage.eventlogmessage`. (@wildum)
 
+- (_Experimental_) Add support for [ScrapeConfig](https://prometheus-operator.dev/docs/developer/scrapeconfig/) to the `prometheus.operator` component. (@alex-berger)
+
 - Add `pyroscope.relabel` component to modify or filter profiles using Prometheus relabeling rules. (@marcsanmi)
 
 ### Enhancements

diff --git a/docs/sources/reference/compatibility/_index.md b/docs/sources/reference/compatibility/_index.md
@@ -198,6 +198,7 @@ The following components, grouped by namespace, _consume_ Prometheus `MetricsRec
 {{< collapse title="prometheus" >}}
 - [prometheus.operator.podmonitors](../components/prometheus/prometheus.operator.podmonitors)
 - [prometheus.operator.probes](../components/prometheus/prometheus.operator.probes)
+- [prometheus.operator.scrapeconfigs](../components/prometheus/prometheus.operator.scrapeconfigs)
 - [prometheus.operator.servicemonitors](../components/prometheus/prometheus.operator.servicemonitors)
 - [prometheus.receive_http](../components/prometheus/prometheus.receive_http)
 - [prometheus.relabel](../components/prometheus/prometheus.relabel)

diff --git a/docs/sources/reference/components/prometheus/prometheus.operator.scrapeconfigs.md b/docs/sources/reference/components/prometheus/prometheus.operator.scrapeconfigs.md
@@ -0,0 +1,260 @@
+---
+canonical: https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.operator.scrapeconfigs/
+aliases:
+  - ../prometheus.operator.scrapeconfigs/ # /docs/alloy/latest/reference/components/prometheus.operator.scrapeconfigs/
+description: Learn about prometheus.operator.scrapeconfigs
+title: prometheus.operator.scrapeconfigs
+---
+
+# prometheus.operator.scrapeconfigs
+
+`prometheus.operator.scrapeconfigs` discovers [ScrapeConfig](https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1alpha1.ScrapeConfig) resources in your kubernetes cluster and scrapes the targets they reference. This component performs three main functions:
+
+1. Discover ScrapeConfig resources from your Kubernetes cluster.
+2. Scrape metrics from the targets, and forward them to a receiver.
+
+The default configuration assumes {{< param "PRODUCT_NAME" >}} is running inside a Kubernetes cluster, and uses the in-cluster configuration to access the Kubernetes API. It can be run from outside the cluster by supplying connection info in the `client` block, but network level access to scrapeconfigs is required to scrape metrics from them.
+
+scrapeconfigs may reference secrets for authenticating to targets to scrape them. In these cases, the secrets are loaded and refreshed only when the ScrapeConfig is updated or when this component refreshes its' internal state, which happens on a 5-minute refresh cycle.
+
+## Usage
+
+```alloy
+prometheus.operator.scrapeconfigs "LABEL" {
+    forward_to = RECEIVER_LIST
+}
+```
+
+## Arguments
+
+The following arguments are supported:
+
+Name | Type | Description | Default | Required
+---- | ---- | ----------- | ------- | --------
+`forward_to` | `list(MetricsReceiver)` | List of receivers to send scraped metrics to. | | yes
+`namespaces` | `list(string)` | List of namespaces to search for ScrapeConfig resources. If not specified, all namespaces will be searched. || no
+`informer_sync_timeout` | `duration` | Timeout for initial sync of ScrapeConfig resources. | `1m` | no
+
+## Blocks
+
+The following blocks are supported inside the definition of `prometheus.operator.scrapeconfigs`:
+
+Hierarchy | Block | Description | Required
+--------- | ----- | ----------- | --------
+client | [client][] | Configures Kubernetes client used to find scrapeconfigs. | no
+client > basic_auth | [basic_auth][] | Configure basic authentication to the Kubernetes API. | no
+client > authorization | [authorization][] | Configure generic authorization to the Kubernetes API. | no
+client > oauth2 | [oauth2][] | Configure OAuth2 for authenticating to the Kubernetes API. | no
+client > oauth2 > tls_config | [tls_config][] | Configure TLS settings for connecting to the Kubernetes API. | no
+client > tls_config | [tls_config][] | Configure TLS settings for connecting to the Kubernetes API. | no
+rule | [rule][] | Relabeling rules to apply to discovered targets. | no
+scrape | [scrape][] | Default scrape configuration to apply to discovered targets. | no
+selector | [selector][] | Label selector for which scrapeconfigs to discover. | no
+selector > match_expression | [match_expression][] | Label selector expression for which scrapeconfigs to discover. | no
+clustering | [clustering][] | Configure the component for when {{< param "PRODUCT_NAME" >}} is running in clustered mode. | no
+
+The `>` symbol indicates deeper levels of nesting. For example, `client >
+basic_auth` refers to a `basic_auth` block defined
+inside a `client` block.
+
+[client]: #client-block
+[basic_auth]: #basic_auth-block
+[authorization]: #authorization-block
+[oauth2]: #oauth2-block
+[tls_config]: #tls_config-block
+[selector]: #selector-block
+[match_expression]: #match_expression-block
+[rule]: #rule-block
+[scrape]: #scrape-block
+[clustering]: #clustering-block
+
+### client block
+
+The `client` block configures the Kubernetes client used to discover scrapeconfigs. If the `client` block isn't provided, the default in-cluster
+configuration with the service account of the running {{< param "PRODUCT_NAME" >}} pod is
+used.
+
+The following arguments are supported:
+
+Name                     | Type                | Description                                                   | Default | Required
+-------------------------|---------------------|---------------------------------------------------------------|---------|---------
+`api_server`             | `string`            | URL of the Kubernetes API server.                             |         | no
+`kubeconfig_file`        | `string`            | Path of the `kubeconfig` file to use for connecting to Kubernetes. |    | no
+`bearer_token_file`      | `string`            | File containing a bearer token to authenticate with.          |         | no
+`bearer_token`           | `secret`            | Bearer token to authenticate with.                            |         | no
+`enable_http2`           | `bool`              | Whether HTTP2 is supported for requests.                      | `true`  | no
+`follow_redirects`       | `bool`              | Whether redirects returned by the server should be followed.  | `true`  | no
+`proxy_url`              | `string`            | HTTP proxy to send requests through.                          |         | no
+`no_proxy`               | `string`            | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no
+`proxy_from_environment` | `bool`              | Use the proxy URL indicated by environment variables.         | `false` | no
+`proxy_connect_header`   | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. |         | no
+
+ At most, one of the following can be provided:
+ - [`bearer_token` argument][client].
+ - [`bearer_token_file` argument][client].
+ - [`basic_auth` block][basic_auth].
+ - [`authorization` block][authorization].
+ - [`oauth2` block][oauth2].
+
+{{< docs/shared lookup="reference/components/http-client-proxy-config-description.md" source="alloy" version="<ALLOY_VERSION>" >}}
+
+### basic_auth block
+
+{{< docs/shared lookup="reference/components/basic-auth-block.md" source="alloy" version="<ALLOY_VERSION>" >}}
+
+### authorization block
+
+{{< docs/shared lookup="reference/components/authorization-block.md" source="alloy" version="<ALLOY_VERSION>" >}}
+
+### oauth2 block
+
+{{< docs/shared lookup="reference/components/oauth2-block.md" source="alloy" version="<ALLOY_VERSION>" >}}
+
+### tls_config block
+
+{{< docs/shared lookup="reference/components/tls-config-block.md" source="alloy" version="<ALLOY_VERSION>" >}}
+
+### rule block
+
+{{< docs/shared lookup="reference/components/rule-block.md" source="alloy" version="<ALLOY_VERSION>" >}}
+
+### scrape block
+
+{{< docs/shared lookup="reference/components/prom-operator-scrape.md" source="alloy" version="<ALLOY_VERSION>" >}}
+
+### selector block
+
+The `selector` block describes a Kubernetes label selector for scrapeconfigs.
+
+The following arguments are supported:
+
+Name | Type | Description | Default | Required
+---- | ---- | ----------- | ------- | --------
+`match_labels` | `map(string)` | Label keys and values used to discover resources. | `{}` | no
+
+When the `match_labels` argument is empty, all ScrapeConfig resources will be matched.
+
+### match_expression block
+
+The `match_expression` block describes a Kubernetes label matcher expression for
+scrapeconfigs discovery.
+
+The following arguments are supported:
+
+Name | Type | Description | Default | Required
+---- | ---- | ----------- | ------- | --------
+`key` | `string` | The label name to match against. | | yes
+`operator` | `string` | The operator to use when matching. | | yes
+`values`| `list(string)` | The values used when matching. | | no
+
+The `operator` argument must be one of the following strings:
+
+* `"In"`
+* `"NotIn"`
+* `"Exists"`
+* `"DoesNotExist"`
+
+If there are multiple `match_expressions` blocks inside of a `selector` block, they are combined together with AND clauses.
+
+### clustering block
+
+Name | Type | Description | Default | Required
+---- | ---- | ----------- | ------- | --------
+`enabled` | `bool` | Enables sharing targets with other cluster nodes. | `false` | yes
+
+When {{< param "PRODUCT_NAME" >}} is [using clustering][], and `enabled` is set to true,
+then this component instance opts-in to participating in
+the cluster to distribute scrape load between all cluster nodes.
+
+Clustering assumes that all cluster nodes are running with the same
+configuration file, and that all
+`prometheus.operator.scrapeconfigs` components that have opted-in to using clustering, over
+the course of a scrape interval have the same configuration.
+
+All `prometheus.operator.scrapeconfigs` components instances opting in to clustering use target
+labels and a consistent hashing algorithm to determine ownership for each of
+the targets between the cluster peers. Then, each peer only scrapes the subset
+of targets that it is responsible for, so that the scrape load is distributed.
+When a node joins or leaves the cluster, every peer recalculates ownership and
+continues scraping with the new target set. This performs better than hashmod
+sharding where _all_ nodes have to be re-distributed, as only 1/N of the
+target's ownership is transferred, but is eventually consistent (rather than
+fully consistent like hashmod sharding is).
+
+If {{< param "PRODUCT_NAME" >}} is _not_ running in clustered mode, then the block is a no-op, and
+`prometheus.operator.scrapeconfigs` scrapes every target it receives in its arguments.
+
+[using clustering]: ../../../../get-started/clustering/
+
+## Exported fields
+
+`prometheus.operator.scrapeconfigs` does not export any fields. It forwards all metrics it scrapes to the receiver configures with the `forward_to` argument.
+
+## Component health
+
+`prometheus.operator.scrapeconfigs` is reported as unhealthy when given an invalid configuration, Prometheus components fail to initialize, or the connection to the Kubernetes API could not be established properly.
+
+## Debug information
+
+`prometheus.operator.scrapeconfigs` reports the status of the last scrape for each configured
+scrape job on the component's debug endpoint, including discovered labels, and the last scrape time.
+
+It also exposes some debug information for each ScrapeConfig it has discovered, including any errors found while reconciling the scrape configuration from the ScrapeConfig.
+
+## Debug metrics
+
+`prometheus.operator.scrapeconfigs` does not expose any component-specific debug metrics.
+
+## Example
+
+This example discovers all scrapeconfigs in your cluster, and forwards collected metrics to a `prometheus.remote_write` component.
+
+```alloy
+prometheus.remote_write "staging" {
+  // Send metrics to a locally running Mimir.
+  endpoint {
+    url = "http://mimir:9009/api/v1/push"
+
+    basic_auth {
+      username = "example-user"
+      password = "example-password"
+    }
+  }
+}
+
+prometheus.operator.scrapeconfigs "scrapeconfigs" {
+    forward_to = [prometheus.remote_write.staging.receiver]
+}
+```
+
+This example will limit discovered scrapeconfigs to ones with the label `team=ops` in a specific namespace: `my-app`.
+
+```alloy
+prometheus.operator.scrapeconfigs "scrapeconfigs" {
+    forward_to = [prometheus.remote_write.staging.receiver]
+    namespaces = ["my-app"]
+    selector {
+        match_expression {
+            key = "team"
+            operator = "In"
+            values = ["ops"]
+        }
+    }
+}
+```
+
+<!-- START GENERATED COMPATIBLE COMPONENTS -->
+
+## Compatible components
+
+`prometheus.operator.scrapeconfigs` can accept arguments from the following components:
+
+- Components that export [Prometheus `MetricsReceiver`](../../../compatibility/#prometheus-metricsreceiver-exporters)
+
+
+{{< admonition type="note" >}}
+Connecting some components may not be sensible or components may require further configuration to make the connection work correctly.
+Refer to the linked documentation for more details.
+{{< /admonition >}}
+
+<!-- END GENERATED COMPATIBLE COMPONENTS -->
diff --git a/docs/sources/set-up/migrate/from-operator.md b/docs/sources/set-up/migrate/from-operator.md
@@ -12,7 +12,7 @@ weight: 120
 
 You can migrate from Grafana Agent Operator to {{< param "PRODUCT_NAME" >}}.
 
-- The Monitor types (`PodMonitor`, `ServiceMonitor`, `Probe`, and `PodLogs`) are all supported natively by {{< param "PRODUCT_NAME" >}}.
+- The Monitor types (`PodMonitor`, `ServiceMonitor`, `Probe`, `ScrapeConfig`, and `PodLogs`) are all supported natively by {{< param "PRODUCT_NAME" >}}.
 - The parts of Grafana Agent Operator that deploy Grafana Agent, `GrafanaAgent`, `MetricsInstance`, and `LogsInstance` CRDs, are deprecated.
 
 ## Deploy {{% param "PRODUCT_NAME" %}} with Helm
@@ -62,7 +62,7 @@ You can migrate from Grafana Agent Operator to {{< param "PRODUCT_NAME" >}}.
 A `MetricsInstance` resource primarily defines:
 
 - The remote endpoints Grafana Agent should send metrics to.
-- The `PodMonitor`, `ServiceMonitor`, and `Probe` resources this {{< param "PRODUCT_NAME" >}} should discover.
+- The `PodMonitor`, `ServiceMonitor`, `ScrapeConfig`, and `Probe` resources this {{< param "PRODUCT_NAME" >}} should discover.
 
 You can use these functions in {{< param "PRODUCT_NAME" >}} with the `prometheus.remote_write`, `prometheus.operator.podmonitors`, `prometheus.operator.servicemonitors`, and `prometheus.operator.probes` components respectively.
 
@@ -108,7 +108,7 @@ Replace the following:
 
 - _`<PROMETHEUS_URL>`_: The endpoint you want to send metrics to.
 
-This configuration discovers all `PodMonitor`, `ServiceMonitor`, and `Probe` resources in your cluster that match the label selector `instance=primary`.
+This configuration discovers all `PodMonitor`, `ServiceMonitor`, `ScrapeConfig`, and `Probe` resources in your cluster that match the label selector `instance=primary`.
 It then scrapes metrics from the targets and forward them to your remote write endpoint.
 
 You may need to customize this configuration further if you use additional features in your `MetricsInstance` resources.
@@ -118,6 +118,7 @@ Refer to the documentation for the relevant components for additional informatio
 - [`prometheus.remote_write`][prometheus.remote_write]
 - [`prometheus.operator.podmonitors`][prometheus.operator.podmonitors]
 - [`prometheus.operator.servicemonitors`][prometheus.operator.servicemonitors]
+- [`prometheus.operator.scrapeconfigs`][prometheus.operator.scrapeconfigs]
 - [`prometheus.operator.probes`][prometheus.operator.probes]
 - [`prometheus.scrape`][prometheus.scrape]
 

diff --git a/go.mod b/go.mod
@@ -156,9 +156,9 @@ require (
 	github.com/prometheus-community/postgres_exporter v0.11.1
 	github.com/prometheus-community/stackdriver_exporter v0.15.1
 	github.com/prometheus-community/windows_exporter v0.27.4-0.20241010144849-a0f6d3bcf9a4 // if you update the windows_exporter version, make sure to update the PROM_WIN_EXP_VERSION in _index
-	github.com/prometheus-operator/prometheus-operator v0.66.0
-	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.66.0
-	github.com/prometheus-operator/prometheus-operator/pkg/client v0.66.0
+	github.com/prometheus-operator/prometheus-operator v0.69.1
+	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.69.1
+	github.com/prometheus-operator/prometheus-operator/pkg/client v0.69.1
 	github.com/prometheus/blackbox_exporter v0.24.1-0.20230623125439-bd22efa1c900
 	github.com/prometheus/client_golang v1.20.5
 	github.com/prometheus/client_model v0.6.1
@@ -476,7 +476,6 @@ require (
 	github.com/eapache/queue v1.1.0 // indirect
 	github.com/edsrzf/mmap-go v1.1.0 // indirect
 	github.com/efficientgo/core v1.0.0-rc.2 // indirect
-	github.com/efficientgo/tools/core v0.0.0-20220817170617-6c25e3b627dd // indirect
 	github.com/elastic/go-grok v0.3.1 // indirect
 	github.com/elastic/go-sysinfo v1.8.1 // indirect
 	github.com/elastic/go-windows v1.0.1 // indirect
@@ -499,7 +498,7 @@ require (
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
-	github.com/go-kit/kit v0.13.0 // indirect
+	github.com/go-kit/kit v0.13.0
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
@@ -707,7 +706,7 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c // indirect
 	github.com/prometheus-community/go-runit v0.1.0 // indirect
-	github.com/prometheus-community/prom-label-proxy v0.6.0 // indirect
+	github.com/prometheus-community/prom-label-proxy v0.7.0 // indirect
 	github.com/prometheus/alertmanager v0.27.0 // indirect
 	github.com/prometheus/exporter-toolkit v0.13.2 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
@@ -883,9 +882,6 @@ require (
 	github.com/containers/common v0.61.0 // indirect
 	github.com/deneonet/benc v1.1.2 // indirect
 	github.com/itchyny/timefmt-go v0.1.6 // indirect
-	github.com/onsi/ginkgo/v2 v2.21.0 // indirect
-	github.com/onsi/gomega v1.35.1 // indirect
-	go.etcd.io/bbolt v1.3.11 // indirect
 )
 
 // NOTE: replace directives below must always be *temporary*.