• OpenShift - Kubernetes

How to Achieve Multi-tenant Observability with Grafana

Observability is a crucial part of the reliable operation of our OpenShift offering. However, we encountered a few challenges when attempting to grant our customers access to their relevant Loki logs and their Prometheus metrics while isolating them from other users and applications (multi-tenancy). So, we built a TEMPLE guardian to control access to the different areas of our temple: Multena. But what does Multena do exactly?

The Problems we Solved

Multena solves numerous problems we encountered when offering Grafana to our customers. 

Multi Tenancy

Multena ist short for MULti TENAncy. Multena allows us to securely provide every user in our cluster with the correct observability data on a namespace level. Admins can see the whole cluster; users can see the namespace where they can access pods. Importantly, this is not limited to one namespace, one of the most demanding challenges.

One Grafana for Everybody?

It allows us to create a single pane of glass: One Grafana instance for all observability interactions. This simplifies infrastructure and reduces resource costs. While this is also solvable using a Grafana enterprise license, we wanted a free solution. It also enables us to use a single data source for metrics and logs (traces planned for the future). 

OAuth 

Multena requires OAuth, thus guaranteeing secure and user-specific access management. Unauthenticated users can’t see anything, and authenticated users can, via the Grafana forward-OAuth option, see only their data. 

K8s? 

It was also important to us that Multena is flexible enough to work outside a Kubernetes / OpenShift environment. Therefore, you can choose between an RBAC collector (used to gather role permission inside k8s), an SQL database, or a config map to retrieve the respective permissions.

Give it a Try!

If you use Loki for log storage and/or a Prometheus API-style metrics database, try it yourself and get ready for multi-tenant observability: https://github.com/gepaplexx/multena-proxy.

Hast du näheres Interesse?

geschrieben von:
Constantin
WordPress Cookie Plugin von Real Cookie Banner