The current need is that now that we have metricsinfra alerts showing up on prod alertmanager (alerts.wikimedia.org), we (wmcs, the ones responsible for monitoring those alerts) want to be able to filter them easily by adding the label 'team="wmcs"'.
That will enable also paging through victorops for critical alerts.
Given that, the idea is to enable adding custom labels at the project level to all the projects.
The restrictions are:
- Not every project should be able to add the 'team=wmcs' alert, as not every project should be monitored/page us
Restrict the labels that can be added by user role
This means having a list of labels that are restricted, and limit to global admins the right to add this labels. Allowing any other admins to add their own custom labels.
Allow only adding the 'team' label, and restrict who can add 'wmcs'
Similar as the above, but only allowing to add the 'team' label.
Allow only a subset of labels, and restrict who can add 'team=wmcs'
Get a list of labels that you can add at the project label, ex:
- team
- service
- any others?
And restrict who can add 'team=wmcs' as above.
Allow adding labels only to cloud roots
Do not allow anyone to add any extra labels, except to the cloud roots.
Current task
Given that we don't have yet an interface for users to interact with it (except roots going to the DB), this task is to add support for specifying any labels at the project level, and will be decided and implemented later when we have a user interface, if we only allow only cloud roots or any user, or any more fine grained control.