diff --git a/Documentation/commands/analyze/index.md b/Documentation/commands/analyze/index.md index 959e310..f099e61 100644 --- a/Documentation/commands/analyze/index.md +++ b/Documentation/commands/analyze/index.md @@ -91,3 +91,19 @@ Alertmanager configuration must be provided in one of the following ways: * As a Kubernetes secret provided by the user, that needs to ensure the data is stored in a file called alertmanager.yaml * The Operator will provide a default generated Kubernetes secret to use * Via the AlertmanagerConfig CRDs (Custom Resource Definitions), that should be matched by a Namespace selector in a given namespace, a ConfigSelector or the ConfigSelector Name + +## Analyze Prometheus Agent + +### Prometheus Agent Existence + +The Prometheus Agent object must exist in the Kubernetes cluster, which can be confirmed by checking for the presence of the Prometheus Agent CR (Custom Resource) in the specified namespace and under the given name. + +### Prometheus Agent RBAC Rules + +The Prometheus Agent server requires proper RBAC (Role-Based Access Control) rules to function correctly. This means the service account associated with the Prometheus Agent must have permissions aligned with the Prometheus Agent CRDs (Custom Resource Definitions) present in the cluster. + +Since Prometheus Agent just reads Objects in the Kubernetes API, it requires the get, list, and watch actions. As Prometheus Agent can also be used to scrape metrics from the Kubernetes apiserver, it also requires access to the /metrics/ endpoint of it. In addition to the rules for Prometheus Agent itself, the Prometheus Agent needs to be able to get configmaps to be able to pull in rule files from configmap objects. + +### Prometheus Agent Namespace Selectors and Service Selectors + +The Prometheus Agent server relies on proper service discovery to function correctly. To achieve this, we must ensure that any defined Namespace Selector corresponds to an existing namespace. Similarly, for Service Selectors, it is crucial that they align with existing resources. Whether using ServiceMonitor, PodMonitor, ScrapeConfig or Probe, the respective Custom Resource (CR) must exist and be properly matched.