Add support for PMM v3
Description
Environment
clones
is cloned by
is triggering
Activity
The secrets now look like this:
apiVersion: v1
kind: Secret
metadata:
name: my-cluster-name-secrets
type: Opaque
stringData:
MONGODB_BACKUP_USER: backup
MONGODB_BACKUP_PASSWORD: backup123456
MONGODB_DATABASE_ADMIN_USER: databaseAdmin
MONGODB_DATABASE_ADMIN_PASSWORD: databaseAdmin123456
MONGODB_CLUSTER_ADMIN_USER: clusterAdmin
MONGODB_CLUSTER_ADMIN_PASSWORD: clusterAdmin123456
MONGODB_CLUSTER_MONITOR_USER: clusterMonitor
MONGODB_CLUSTER_MONITOR_PASSWORD: clusterMonitor123456
MONGODB_USER_ADMIN_USER: userAdmin
MONGODB_USER_ADMIN_PASSWORD: userAdmin123456
#PMM_SERVER_API_KEY: apikey
#PMM_SERVER_USER: admin
#PMM_SERVER_PASSWORD: admin
PMM_SERVER_TOKEN: token
Notice the new secret key/value pair: PMM_SERVER_TOKEN
If only the old PMM_SERVER_API_KEY exists and is set to a non-empty value, a PMM2 client is assumed and the image configured for the PMM client container should be compatible with PMM2. If the PMM_SERVER_TOKEN exists and is set to a non-empty value, PMM3 is assumed and the image configured for the PMM client container should be compatible with PMM3. If both exist and have a non-empty value, priority goes to PMM3.
With PMM3, we have a new auth method that works with service accounts and tokens.
Users should log in to PMM3, create a service account (if no account exists e.g. because we have a fresh deployment) and generate a token. Then this token can be added to the aforementioned secret for the authentication of the pmm clients with the pmm server. Rotating the token means that a new token is generated under the same service account or under a new service account. After that, the aforementioned secret key/value pair should be updated.
The related PMM3 document is this: https://docs.percona.com/percona-monitoring-and-management/3/api/authentication.html
For the PSMDB operator, both PMM2 and PMM3 should work. For now, we also support 2 different e2e tests to cover each scenario. Note that PMM2 is reaching its EOL so some PMM2 related CR configuration is deprecated and will be removed in future operator releases.
We should include in our documentation that for PMM, we support only setups where PMM Server version is equal to or newer than the PMM Client.
Please, when the issue is done and there is a release, close the Issue in GitHub
Details
Details
Assignee
Reporter
Labels
Needs QA
Needs Doc
Story Points
Sprint
Fix versions
Priority
Medium
PMM v3 is in development and in some RC/tech preview state and we need to see what is needed to add support for it. Something like when we had migration from PMM v1 to v2.
At the current moment there are two visible issues:
we only support pmm client v2 docker images which don’t work with PMM server v3
for PMM v3 we will need to set environment variables for PMM client containers differently
This is what env variables are currently set:
│ Environment: │ │ PMM_SERVER: 3.144.107.133 │ │ CLIENT_PORT_LISTEN: 7777 │ │ CLIENT_PORT_MIN: 30100 │ │ CLIENT_PORT_MAX: 30105 │ │ POD_NAME: mysql-blo-pxc-1 (v1:metadata.name) │ │ POD_NAMESPASE: everest-ui (v1:metadata.namespace) │ │ PMM_AGENT_SERVER_ADDRESS: 3.144.107.133 │ │ PMM_AGENT_SERVER_USERNAME: api_key │ │ PMM_AGENT_SERVER_PASSWORD: <set to the key 'pmmserverkey' in secret 'internal-mysql-blo'> Optional: false │ │ PMM_AGENT_LISTEN_PORT: 7777 │ │ PMM_AGENT_PORTS_MIN: 30100 │ │ PMM_AGENT_PORTS_MAX: 30105 │ │ PMM_AGENT_CONFIG_FILE: /usr/local/percona/pmm2/config/pmm-agent.yaml │ │ PMM_AGENT_SERVER_INSECURE_TLS: 1 │ │ PMM_AGENT_LISTEN_ADDRESS: 0.0.0.0 │ │ PMM_AGENT_SETUP_METRICS_MODE: push │ │ PMM_AGENT_SETUP: 1 │ │ PMM_AGENT_SETUP_FORCE: 1 │ │ PMM_AGENT_SETUP_NODE_TYPE: container │ │ PMM_AGENT_SETUP_NODE_NAME: $(POD_NAMESPASE)-$(POD_NAME) │ │ DB_TYPE: mysql │ │ DB_USER: monitor │ │ DB_PASSWORD: <set to the key 'monitor' in secret 'internal-mysql-blo'> Optional: false │ │ DB_ARGS: --query-source=perfschema │ │ DB_CLUSTER: pxc │ │ DB_HOST: localhost │ │ DB_PORT: 33062 │ │ CLUSTER_NAME: mysql-blo │ │ PMM_ADMIN_CUSTOM_PARAMS: │ │ PMM_AGENT_PRERUN_SCRIPT: /var/lib/mysql/pmm-prerun.sh │ │ PMM_AGENT_SIDECAR: true │ │ PMM_AGENT_SIDECAR_SLEEP: 5 │ │ PMM_AGENT_PATHS_TEMPDIR: /tmp