K8SPSMDB-1268 Documented support for PMM 3 #261
Conversation
modified: docs/assets/fragments/monitor-db.txt modified: docs/monitoring.md
There was a problem hiding this comment.
Pull Request Overview
Documents Operator support for PMM 3 alongside PMM 2, updates links to PMM 3 docs, and revises setup instructions (authentication and secrets) accordingly.
- Update PMM references/links from PMM 2 to PMM 3, including QAN and pmm-admin docs
- Add PMM 3 authentication flow (Grafana service accounts) and secret keys guidance
- Adjust OS-specific tab labels and clarify configuration examples
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 11 comments.
| File | Description |
|---|---|
| docs/monitoring.md | Updates profiling/QAN links to PMM 3, refines examples and OS tab headings, and keeps secret patch examples |
| docs/assets/fragments/monitor-db.txt | Reworks monitoring section to cover PMM 2 and PMM 3, adds auth/secret instructions for both, reorganizes install flow and references |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| Key using `curl` and `jq` utilities. Replace `<login>:<password>@<server_host>` placeholders with your real PMM Server login, password, and hostname in the following command: | ||
|
|
||
| ``` {.bash data-prompt="$" } | ||
| $ API_KEY=$(curl --insecure -X POST -H "Content-Type: application/json" -d '{"name":"operator", "role": "Admin"}' "https://<login>:<password>@<server_host>/graph/api/auth/keys" | jq .key) |
There was a problem hiding this comment.
The Secret name in the example output is singular ('...-secret') but the docs and YAML use plural ('my-cluster-name-secrets'). Change to secret/my-cluster-name-secrets created.
Copilot uses AI. Check for mistakes.
| 1. Authorize PMM Client within PMM Server. | ||
| ### Configure authentication | ||
|
|
||
| === "PMM3" |
There was a problem hiding this comment.
[nitpick] For consistency with the rest of the document ('PMM 2', 'PMM 3'), use a space in the tab labels: 'PMM 3' and 'PMM 2'.
Copilot uses AI. Check for mistakes.
|
|
||
| When you create a service account token, you can select its lifetime: it can be either a permanent token that never expires or the one with the expiration date. PMM server cannot rotate service account tokens after they expire. So you must take care of reconfiguring PMM Client in this case. | ||
|
|
||
| === "PMM2" |
There was a problem hiding this comment.
[nitpick] For consistency with the rest of the document ('PMM 2', 'PMM 3'), use a space in the tab labels: 'PMM 3' and 'PMM 2'.
Copilot uses AI. Check for mistakes.
Co-authored-by: Copilot <[email protected]>
it-percona
temporarily deployed
to
K8SPSMDB-1268-Doc-PMM3 - percona-mongodb-operator PR #261
Render
Destroyed
Co-authored-by: Copilot <[email protected]>
it-percona
temporarily deployed
to
K8SPSMDB-1268-Doc-PMM3 - percona-mongodb-operator PR #261
Render
Destroyed
Co-authored-by: Copilot <[email protected]>
it-percona
temporarily deployed
to
K8SPSMDB-1268-Doc-PMM3 - percona-mongodb-operator PR #261
Render
Destroyed
Co-authored-by: Copilot <[email protected]>
nastena1606
force-pushed
the
K8SPSMDB-1268-Doc-PMM3
branch
from
df74b7b to
44c14c6
Compare
docs/assets/fragments/monitor-db.txt
Outdated
|
|
||
| 2. Edit the [deploy/secrets.yaml :octicons-link-external-16:](https://github.com/percona/percona-server-mongodb-operator/blob/main/deploy/secrets.yaml) secrets file and specify the PMM API key for the ``PMM_SERVER_API_KEY`` option. | ||
| 3. Apply the configuration for the changes to take effect. | ||
| The API key is not rotated. |
There was a problem hiding this comment.
I think it is about the fact that our API keys (same as tokens) aren't going to be rotated automatically, and the user has to rotate them manually.
There was a problem hiding this comment.
Some linves above we mention:
When you create a service account token, you can select its lifetime: it can be either a permanent token that never expires or the one with the expiration date. PMM server cannot rotate service account tokens after they expire. So you must take care of reconfiguring PMM Client in this case.
Maybe we should clarify that further for the API keys (used for PMM2).
docs/assets/fragments/monitor-db.txt
Outdated
|
|
||
| === "PMM3" | ||
|
|
||
| PMM3 uses Grafana service accounts to control access to PMM server components and resources. To authenticate in PMM server, you need a service account token. [Generate a service account and token :octicons-link-external-16:](https://docs.percona.com/percona-monitoring-and-management/3/api/authentication.html?h=authe#generate-a-service-account-and-token). Specify the Admin role for the service account. |
There was a problem hiding this comment.
Should we mention Grafana here? I think we can omit this.
docs/assets/fragments/monitor-db.txt
Outdated
|
|
||
| 2. Edit the [deploy/secrets.yaml :octicons-link-external-16:](https://github.com/percona/percona-server-mongodb-operator/blob/main/deploy/secrets.yaml) secrets file and specify the PMM API key for the ``PMM_SERVER_API_KEY`` option. | ||
| 3. Apply the configuration for the changes to take effect. | ||
| The API key is not rotated. |
There was a problem hiding this comment.
I think it is about the fact that our API keys (same as tokens) aren't going to be rotated automatically, and the user has to rotate them manually.
docs/assets/fragments/monitor-db.txt
Outdated
|
|
||
| 2. Edit the [deploy/secrets.yaml :octicons-link-external-16:](https://github.com/percona/percona-server-mongodb-operator/blob/main/deploy/secrets.yaml) secrets file and specify the PMM API key for the ``PMM_SERVER_API_KEY`` option. | ||
| 3. Apply the configuration for the changes to take effect. | ||
| The API key is not rotated. |
There was a problem hiding this comment.
Some linves above we mention:
When you create a service account token, you can select its lifetime: it can be either a permanent token that never expires or the one with the expiration date. PMM server cannot rotate service account tokens after they expire. So you must take care of reconfiguring PMM Client in this case.
Maybe we should clarify that further for the API keys (used for PMM2).
docs/assets/fragments/monitor-db.txt
Outdated
|
|
||
| 2. Apply the configuration for the changes to take effect. | ||
| ```{.text .no-copy} | ||
| secret/my-cluster-name-secret created |
There was a problem hiding this comment.
I think this should be plural, given that before we mentioned my-cluster-name-secrets
docs/monitoring.md
Outdated
| === ":simple-linux: on Linux" | ||
|
|
||
| ```{.bash data-prompt="$"} | ||
| $ kubectl patch secret/my-cluster-name-secrets -p '{"data":{"PMM_SERVER_API_KEY": '$(echo -n new_key | base64 --wrap=0)'}}' |
There was a problem hiding this comment.
Should we use TOKEN here for the example? Mainly because it is our recommended version.
docs/monitoring.md
Outdated
| === ":simple-apple: on macOS" | ||
|
|
||
| ```{.bash data-prompt="$"} | ||
| $ kubectl patch secret/my-cluster-name-secrets -p '{"data":{"PMM_SERVER_API_KEY": '$(echo -n new_key | base64)'}}' |
There was a problem hiding this comment.
Should we use TOKEN here for the example? Mainly because it is our recommended version.
docs/assets/fragments/monitor-db.txt
Outdated
| !!! warning | ||
|
|
||
| The API key is not rotated. | ||
| The API key is not rotated automatically when it expired. You must manually recreate it and reconfigure the PMM Client. |
There was a problem hiding this comment.
I think we need to use simple present here i.e. automatically when it expires
nastena1606
added
the
pending release
4 participants
modified: docs/assets/fragments/monitor-db.txt
modified: docs/monitoring.md