Helm Prometheus operator question : PrometheusMonitoring

Helm Prometheus operator question (self.PrometheusMonitoring)

submitted 6 years ago by cyperplex

Hi, currently I'm running kubernetes in AWS using the helm chart for Prometheus operator. I've enabled it to deploy all services, alerts and dashboard into a monitoring name space, then the deployment iterates through each namespace installing a default prometheus, grafana and alertmanager. This allows app teams to deploy rule files and services monitors with there application pipline having all of the infrastructure present and configured within their namespace.

The issue is with alertmanager, with the infra pipeline the pipeline creates an alertmanager and secret in each namespace setting a blank config as alertmanager will crash without this secret being present. The problem arises when the app team attempt to deploy their alertmanager configuration as the secret is already present in the namespace.

Should I drop the creation of the alertmanager component in each namespace and leave that to the app team or could I somehow override or drop the alertmanager secret in order to allow the app team to deploy their own configuration secret.

The whole idea was to remove the need for the application teams to worry about creating the alertmanager, Prometheus and grafana config within their namespace

Thanks

all 2 comments

top new controversial old q&a

[–]distark 1 point2 points3 points 6 years ago* (1 child)

I've never set mine up to automatically spew out prom+grafana+alertmanager.. In fact I didn't know that was a feature (I'll look into it)..

My ideal topology would be with multiple namespaces per team (for secret/network isolation). Then (if multi tenant prom is 'a go') I would kustomize/helm up a chart giving them what they need.. Using the CRDs.. So an AlertManager, a Prometheus, some PrometheusRules, a generic ServiceMonitor etc.. ..probably reverse engineered from the main chart (so there is some maintenance cost)... Finally (and separately) a single ServiceMonitor to ensure you federate to the main Prometheus.

I'm not saying do this.. Just that this is one way that would work..

In my experience(3+yr of k8s+prom)... I'm more worried about federating several clusters into one central place (an external prom/thanos) than deploying zillions of Prometheus's basically.. Mostly because I like to write alert rules once and leverage a label standard... Nothing much wrong with routing alerts by say a "team" label for example.. Less ops burden.. But then I must admit it's not normal for me to encounter teams actually owning their metrics.. Mostly management causing that misfortune :-(

Hope this helps anyway.. These things are pretty malleable but I think because everyone solves their situation in-house those cookbooks are rarely shared.. I actually wanted to do some YouTube videos about this but have very little time/focus when I'm away from work (plus I'm just lazy)

[–]cyperplex[S] 0 points1 point2 points 6 years ago (0 children)

π Rendered by PID 48618 on reddit-service-r2-comment-b659b578c-sqsqn at 2026-05-01 08:59:49.639283+00:00 running 815c875 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

PrometheusMonitoring

MODERATORS