Add multi tenant query federation#3250
Conversation
simonswine
force-pushed
the
crosstenant
branch
from
a72bd88 to
761a1d4
Compare
simonswine
force-pushed
the
crosstenant
branch
3 times, most recently
from
fc84860 to
023f1f1
Compare
simonswine
force-pushed
the
crosstenant
branch
2 times, most recently
from
1d43854 to
3ceeb5e
Compare
simonswine
force-pushed
the
crosstenant
branch
from
3ceeb5e to
62363b0
Compare
simonswine
changed the title
simonswine
force-pushed
the
crosstenant
branch
2 times, most recently
from
2a41025 to
d815857
Compare
simonswine
force-pushed
the
crosstenant
branch
from
d815857 to
c3dfd31
Compare
pkg/api/middlewares.go
Outdated
There was a problem hiding this comment.
I am not too sure if I can cacheGenNumber like that
There was a problem hiding this comment.
I don't think it's likely it will lead to collisions. However, it will increase the number of characters that prefix the Memcached item key string. This means that for multi-tenant queries across enough tenants caching could break due to the item key being too long. The existing limit is not very high at 150 characters. Multi-tenant queries will already have larger cache item keys since it will contain the concatenation of multiple tenant IDs. The cachegen number will exacerbate this issue further.
There are two options for dealing with this:
-
Ignore the cache generation for multi-tenant queries in this PR. It's not a commonly used feature and IMO it would be fine to ignore it for this PR. It
-
Consolidate the cachegen number into a small, consistent, unique string. One option off the top of my head is to convert the strings to integers and adding them together then use a string of the resulting value. The
My preference would be option 1 since it would reduce the scope of the PR a bit more and make it a bit easier to review. Cache generation handling can be added in a future PR.
There was a problem hiding this comment.
I have deferred that to a future PR as suggested and added a TODO comment
simonswine
changed the title
simonswine
force-pushed
the
crosstenant
branch
from
c3dfd31 to
c3432b1
Compare
jtlisi
left a comment
jtlisi
left a comment
There was a problem hiding this comment.
This looks great, I added a few questions and nits. I want to go through it one more time before I add an approval. However, I didn't any major issues in my first pass.
simonswine
force-pushed
the
crosstenant
branch
from
c3432b1 to
a6211ef
Compare
jtlisi
left a comment
jtlisi
left a comment
There was a problem hiding this comment.
LGTM
Most of the nits/suggestions are very minor except for the cachegen topic. Once that is sorted I'll approve and see if we can get a second reviewer on this.
pkg/api/middlewares.go
Outdated
There was a problem hiding this comment.
I don't think it's likely it will lead to collisions. However, it will increase the number of characters that prefix the Memcached item key string. This means that for multi-tenant queries across enough tenants caching could break due to the item key being too long. The existing limit is not very high at 150 characters. Multi-tenant queries will already have larger cache item keys since it will contain the concatenation of multiple tenant IDs. The cachegen number will exacerbate this issue further.
There are two options for dealing with this:
-
Ignore the cache generation for multi-tenant queries in this PR. It's not a commonly used feature and IMO it would be fine to ignore it for this PR. It
-
Consolidate the cachegen number into a small, consistent, unique string. One option off the top of my head is to convert the strings to integers and adding them together then use a string of the resulting value. The
My preference would be option 1 since it would reduce the scope of the PR a bit more and make it a bit easier to review. Cache generation handling can be added in a future PR.
There was a problem hiding this comment.
thought: We should be able to enable this feature for every e2e test and not have any failures. Doing so could provide a good smoke test for the feature.
There was a problem hiding this comment.
@jtlisi Not entirely sure if you meant to do this locally once or do you want to have that as part of the integration test run by CI?
There was a problem hiding this comment.
This is still a TODO, will look into this tomorrow
There was a problem hiding this comment.
No need to commit any changes here. Just smoke testing that the tests pass if you enable it for globally on your local should be enough.
There was a problem hiding this comment.
I have done that today and it didn't not come up with any unexpected failure (apart from the Backward_compatibility tests, which is expected as the feature flag is not recognised by them)
csmarchbanks
left a comment
csmarchbanks
left a comment
There was a problem hiding this comment.
Nice work!
Do we want to have an entirely new package for tenantfederation? It seems like all that is there is a new type of queryable which could also just be added to the querier package. Similarly, should the configuration be a new top level, or nested under querier? One thing that would help me decide is if there is more cross cutting flags that will be needed? Right now the flag is only used in querier related code.
simonswine
force-pushed
the
crosstenant
branch
from
a6211ef to
3bc1204
Compare
This experimental feature allows queries to cover data from more than a single Cortex tenant and can be activated by supplying `-tenant-federation.enabled` to all cortex instances. To query multiple tenants a `|` separated tenant list can be specified in the `X-Scope-OrgID` header. The source tenant of a metric will be exposed in the label `__tenant_id__`. Signed-off-by: Christian Simon <[email protected]>
This ensures the limit is aggregated correctly of the setting of each individual tenant. It also implements the logic for the v2 query frontend. Signed-off-by: Christian Simon <[email protected]>
Signed-off-by: Christian Simon <[email protected]>
Signed-off-by: Christian Simon <[email protected]>
Regexp matcher need to be initialized, this adds a test for regexp matcher and fixes the underlying issue. Signed-off-by: Christian Simon <[email protected]>
Signed-off-by: Christian Simon <[email protected]>
Signed-off-by: Christian Simon <[email protected]>
…ication Signed-off-by: Christian Simon <[email protected]>
Signed-off-by: Christian Simon <[email protected]>
Signed-off-by: Christian Simon <[email protected]>
Signed-off-by: Christian Simon <[email protected]>
Signed-off-by: Christian Simon <[email protected]>
To avoid any future regressions in the multi tenant support within the query path, a faillint command tests if TenantID is used and if it finds one, it suggestest using TenantIDs instead> Signed-off-by: Christian Simon <[email protected]>
Signed-off-by: Christian Simon <[email protected]>
simonswine
force-pushed
the
crosstenant
branch
from
891e692 to
54b9981
Compare
@pracucci I think I have addressed all of the remaining points (I think 🙂 ). Esp those ones had the biggest changes, so certainly are in need for another review: |
|
Thanks a lot @simonswine for your hard work and patiently address all comments! I agree on skipping the query results caching in this PR and address it in a follow up PR (given we have to design how to deal with cache invalidation done for deleted series). This PR looks in a good shape, considering it's an experimental feature. We can merge this PR, so that we begin testing it, and in the meanwhile you can work on follow up work (eg. query results caching). |
Signed-off-by: Christian Simon <[email protected]>
|
Is this released as part of 1.6. Could not find this in release notes. Its already present in configuration documentation though. |
It will be part of Cortex 1.7. Documentation on the website currently reflects |
|
In order to add Cortex as a datasource for grafana, when using auth and tenants... Whats the config for the datasource need to look like in order to see every tenant in one datasource? |
@cabrinha unfortunately there is no way to specify this currently. You need to list the tenants explicitly (separated by a |
* Add tenant query federation This experimental feature allows queries to cover data from more than a single Cortex tenant and can be activated by supplying `-tenant-federation.enabled` to all cortex instances. To query multiple tenants a `|` separated tenant list can be specified in the `X-Scope-OrgID` header. The source tenant of a metric will be exposed in the label `__tenant_id__`. Signed-off-by: Christian Simon <[email protected]> * Aggregate the limit of maxQueriers correctly This ensures the limit is aggregated correctly of the setting of each individual tenant. It also implements the logic for the v2 query frontend. Signed-off-by: Christian Simon <[email protected]> * Fix tenant labels and make LabelNames more efficient Signed-off-by: Christian Simon <[email protected]> * Use tsdb_errors for error handling Signed-off-by: Christian Simon <[email protected]> * Fix uninitialized label matcher Regexp matcher need to be initialized, this adds a test for regexp matcher and fixes the underlying issue. Signed-off-by: Christian Simon <[email protected]> * Use map for filterValuesByMatchers to reduce allocations Signed-off-by: Christian Simon <[email protected]> * Address review suggestions Signed-off-by: Christian Simon <[email protected]> * Add validation.SmallestPositiveNonZeroIntPerTenant to avoid code duplication Signed-off-by: Christian Simon <[email protected]> * Add limitations and experimental status to docs Signed-off-by: Christian Simon <[email protected]> * Remove unnecessary cast of defaultTenantLabel Signed-off-by: Christian Simon <[email protected]> * Handle query-range limits for multi tenant queries Signed-off-by: Christian Simon <[email protected]> * Skip results cache, if multi tenants query Signed-off-by: Christian Simon <[email protected]> * Add failint to ensure query path supports multiple tenants To avoid any future regressions in the multi tenant support within the query path, a faillint command tests if TenantID is used and if it finds one, it suggestest using TenantIDs instead> Signed-off-by: Christian Simon <[email protected]> * Align CHANGELOG line with the flag description Signed-off-by: Christian Simon <[email protected]> * Add a limitation about missing results cache Signed-off-by: Christian Simon <[email protected]>
* Add tenant query federation This experimental feature allows queries to cover data from more than a single Cortex tenant and can be activated by supplying `-tenant-federation.enabled` to all cortex instances. To query multiple tenants a `|` separated tenant list can be specified in the `X-Scope-OrgID` header. The source tenant of a metric will be exposed in the label `__tenant_id__`. Signed-off-by: Christian Simon <[email protected]> * Aggregate the limit of maxQueriers correctly This ensures the limit is aggregated correctly of the setting of each individual tenant. It also implements the logic for the v2 query frontend. Signed-off-by: Christian Simon <[email protected]> * Fix tenant labels and make LabelNames more efficient Signed-off-by: Christian Simon <[email protected]> * Use tsdb_errors for error handling Signed-off-by: Christian Simon <[email protected]> * Fix uninitialized label matcher Regexp matcher need to be initialized, this adds a test for regexp matcher and fixes the underlying issue. Signed-off-by: Christian Simon <[email protected]> * Use map for filterValuesByMatchers to reduce allocations Signed-off-by: Christian Simon <[email protected]> * Address review suggestions Signed-off-by: Christian Simon <[email protected]> * Add validation.SmallestPositiveNonZeroIntPerTenant to avoid code duplication Signed-off-by: Christian Simon <[email protected]> * Add limitations and experimental status to docs Signed-off-by: Christian Simon <[email protected]> * Remove unnecessary cast of defaultTenantLabel Signed-off-by: Christian Simon <[email protected]> * Handle query-range limits for multi tenant queries Signed-off-by: Christian Simon <[email protected]> * Skip results cache, if multi tenants query Signed-off-by: Christian Simon <[email protected]> * Add failint to ensure query path supports multiple tenants To avoid any future regressions in the multi tenant support within the query path, a faillint command tests if TenantID is used and if it finds one, it suggestest using TenantIDs instead> Signed-off-by: Christian Simon <[email protected]> * Align CHANGELOG line with the flag description Signed-off-by: Christian Simon <[email protected]> * Add a limitation about missing results cache Signed-off-by: Christian Simon <[email protected]>
* Add tenant resolver (cortexproject/cortex#3486) * Add tenant resolver package This implements the multi tenant resolver as described by the [proposal] for multi tenant query-federation. By default it behaves like before, but it's implementation can be swapped out. [proposal]: cortexproject/cortex#3364 Signed-off-by: Christian Simon <[email protected]> * Replace usages of `ExtractOrgID` Use TenantID or UserID depending on which of the methods are meant to be used. Signed-off-by: Christian Simon <[email protected]> * Replace usages of `ExtractOrgIDFromHTTPRequest` This is replaced by ExtractTenantIDFromHTTPRequest, which makes sure that exactly one tenant ID is set. Signed-off-by: Christian Simon <[email protected]> * Add methods to `tenant` package to use resolver directly Signed-off-by: Christian Simon <[email protected]> * Remove UserID method from Resolver interface We need a better definition for what we are trying to achieve with UserID before we can add it to the interface Signed-off-by: Christian Simon <[email protected]> * Update comment on the TenantID/TenantIDs Signed-off-by: Christian Simon <[email protected]> * Improve performance of NormalizeTenantIDs - reduce allocations by reusing the input slice during de-duplication Signed-off-by: Christian Simon <[email protected]> * Add multi tenant query federation (cortexproject/cortex#3250) * Add tenant query federation This experimental feature allows queries to cover data from more than a single Cortex tenant and can be activated by supplying `-tenant-federation.enabled` to all cortex instances. To query multiple tenants a `|` separated tenant list can be specified in the `X-Scope-OrgID` header. The source tenant of a metric will be exposed in the label `__tenant_id__`. Signed-off-by: Christian Simon <[email protected]> * Aggregate the limit of maxQueriers correctly This ensures the limit is aggregated correctly of the setting of each individual tenant. It also implements the logic for the v2 query frontend. Signed-off-by: Christian Simon <[email protected]> * Fix tenant labels and make LabelNames more efficient Signed-off-by: Christian Simon <[email protected]> * Use tsdb_errors for error handling Signed-off-by: Christian Simon <[email protected]> * Fix uninitialized label matcher Regexp matcher need to be initialized, this adds a test for regexp matcher and fixes the underlying issue. Signed-off-by: Christian Simon <[email protected]> * Use map for filterValuesByMatchers to reduce allocations Signed-off-by: Christian Simon <[email protected]> * Address review suggestions Signed-off-by: Christian Simon <[email protected]> * Add validation.SmallestPositiveNonZeroIntPerTenant to avoid code duplication Signed-off-by: Christian Simon <[email protected]> * Add limitations and experimental status to docs Signed-off-by: Christian Simon <[email protected]> * Remove unnecessary cast of defaultTenantLabel Signed-off-by: Christian Simon <[email protected]> * Handle query-range limits for multi tenant queries Signed-off-by: Christian Simon <[email protected]> * Skip results cache, if multi tenants query Signed-off-by: Christian Simon <[email protected]> * Add failint to ensure query path supports multiple tenants To avoid any future regressions in the multi tenant support within the query path, a faillint command tests if TenantID is used and if it finds one, it suggestest using TenantIDs instead> Signed-off-by: Christian Simon <[email protected]> * Align CHANGELOG line with the flag description Signed-off-by: Christian Simon <[email protected]> * Add a limitation about missing results cache Signed-off-by: Christian Simon <[email protected]> * Restrict path segments in TenantIDs (cortexproject/cortex#4375) (cortexproject/cortex#4376) This prevents paths generated from TenantIDs to become vulnerable to path traversal attacks. CVE-2021-36157 Signed-off-by: Christian Simon <[email protected]> * Update nolint statement Co-authored-by: Bryan Boreham <[email protected]>
7 participants
What this PR does:
Which issue(s) this PR fixes:
Fixes #923
Checklist/TODO
CHANGELOG.mdupdated - the order of entries should be[CHANGE],[FEATURE],[ENHANCEMENT],[BUGFIX]