Add multi tenant query federation

[simonswine]

What this PR does:

• This intends to allow cross tenant querying. The implemenation follows this proposal

Which issue(s) this PR fixes:

Fixes #923

Checklist/TODO

• Merge Add tenant resolver #3486 first
• Provide a design document with the details of the the form of the implementation (esp. what this would mean for configured tenant limits and metrics exposed about queries)
• Tests updated
• Documentation added
• CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

[simonswine]

I am not too sure if I can cacheGenNumber like that

[jtlisi]

I don't think it's likely it will lead to collisions. However, it will increase the number of characters that prefix the Memcached item key string. This means that for multi-tenant queries across enough tenants caching could break due to the item key being too long. The existing limit is not very high at 150 characters. Multi-tenant queries will already have larger cache item keys since it will contain the concatenation of multiple tenant IDs. The cachegen number will exacerbate this issue further.

There are two options for dealing with this:

1. Ignore the cache generation for multi-tenant queries in this PR. It's not a commonly used feature and IMO it would be fine to ignore it for this PR. It

2. Consolidate the cachegen number into a small, consistent, unique string. One option off the top of my head is to convert the strings to integers and adding them together then use a string of the resulting value. The

My preference would be option 1 since it would reduce the scope of the PR a bit more and make it a bit easier to review. Cache generation handling can be added in a future PR.

[simonswine]

I have deferred that to a future PR as suggested and added a TODO comment

[jtlisi]

This looks great, I added a few questions and nits. I want to go through it one more time before I add an approval. However, I didn't any major issues in my first pass.

[jtlisi]

LGTM

Most of the nits/suggestions are very minor except for the cachegen topic. Once that is sorted I'll approve and see if we can get a second reviewer on this.

[jtlisi]

I don't think it's likely it will lead to collisions. However, it will increase the number of characters that prefix the Memcached item key string. This means that for multi-tenant queries across enough tenants caching could break due to the item key being too long. The existing limit is not very high at 150 characters. Multi-tenant queries will already have larger cache item keys since it will contain the concatenation of multiple tenant IDs. The cachegen number will exacerbate this issue further.

There are two options for dealing with this:

1. Ignore the cache generation for multi-tenant queries in this PR. It's not a commonly used feature and IMO it would be fine to ignore it for this PR. It

2. Consolidate the cachegen number into a small, consistent, unique string. One option off the top of my head is to convert the strings to integers and adding them together then use a string of the resulting value. The

My preference would be option 1 since it would reduce the scope of the PR a bit more and make it a bit easier to review. Cache generation handling can be added in a future PR.

[jtlisi]

thought: We should be able to enable this feature for every e2e test and not have any failures. Doing so could provide a good smoke test for the feature.

[simonswine]

@jtlisi Not entirely sure if you meant to do this locally once or do you want to have that as part of the integration test run by CI?

[simonswine]

This is still a TODO, will look into this tomorrow

[jtlisi]

No need to commit any changes here. Just smoke testing that the tests pass if you enable it for globally on your local should be enough.

[simonswine]

I have done that today and it didn't not come up with any unexpected failure (apart from the Backward_compatibility tests, which is expected as the feature flag is not recognised by them)

[csmarchbanks]

Nice work!

Do we want to have an entirely new package for tenantfederation? It seems like all that is there is a new type of queryable which could also just be added to the querier package. Similarly, should the configuration be a new top level, or nested under querier? One thing that would help me decide is if there is more cross cutting flags that will be needed? Right now the flag is only used in querier related code.

[pstibrany]

Thanks for addressing my feedback. LGTM with few nit comments left.

[pstibrany]

If enabled on all components

All components is somewhat wide... this is only required in query-frontend and querier, right? No other components can use this at the moment. I think we should be bit more specific, to allow people configure it correctly and also not give them false impression that other components use it somehow.

[simonswine]

I have aligned that to the CHANGELOG, see #3250 (comment)

[pstibrany]

I would suggest different name: MinimumOfMaxQueriersPerTenants or SmallestMaxQueriersPerTenant. Now it looks like returning "max" value.

[pstibrany]

Why all? Let's be specific to avoid confusing users.

[simonswine]

I think it needs to be enabled on all Cortex services, because otherwise e.g. the write path would interpret multiple tenants as a single new tenant. Once it is enabled the write path fails as it only supports a single tenant. I have aligned the CHANGELOG with the flags description.

[simonswine]

* `pkg/frontend/transport/handler.go` is still usig `tenant.TenantID`. How should it behave there?

* What do you think about adding a `faillint` rule to fail on `tenant.TenantID` used in `pkg/frontend/...`, `pkg/scheduler/...` and `pkg/querier/tenantfederation/...` to make sure we handle it everywhere (in the future)?

* What's about `tenant.TenantID`  usage in `pkg/querier/queryrange`? Have you checked where we should handle it? For example, I think `limitsMiddleware` should be tenants federation aware at least. This is another package where having a `faillint` may help to prevent future regressions.

@pracucci I think I have addressed all of the remaining points (I think 🙂 ).

Esp those ones had the biggest changes, so certainly are in need for another review:

• The result cache gets skipped once there are more than one tenant b41a4df
• limitsMiddleware is now using the "strictest" of the tenant's limits 0667242
• Fail lint is checking the packages in the query path: e312687

[pracucci]

Thanks a lot @simonswine for your hard work and patiently address all comments! I agree on skipping the query results caching in this PR and address it in a follow up PR (given we have to design how to deal with cache invalidation done for deleted series).

This PR looks in a good shape, considering it's an experimental feature. We can merge this PR, so that we begin testing it, and in the meanwhile you can work on follow up work (eg. query results caching).

[bhiravabhatla]

Is this released as part of 1.6. Could not find this in release notes. Its already present in configuration documentation though.

[pstibrany]

Is this released as part of 1.6. Could not find this in release notes. Its already present in configuration documentation though.

It will be part of Cortex 1.7.

Documentation on the website currently reflects master branch, with latest (unreleased) changes.

[cabrinha]

In order to add Cortex as a datasource for grafana, when using auth and tenants... Whats the config for the datasource need to look like in order to see every tenant in one datasource?

[simonswine]

In order to add Cortex as a datasource for grafana, when using auth and tenants... Whats the config for the datasource need to look like in order to see every tenant in one datasource?

@cabrinha unfortunately there is no way to specify this currently. You need to list the tenants explicitly (separated by a |). If you care about this enough it would be good to create a new issue with a feature request and detailing your use case a bit more.