Merge branch 'enable-mTLS-for-loki' into 'master'

Loki: mTLS STRICT for metrics

Closes platform-one/big-bang/apps/sandbox/loki#25 and platform-one/big-bang/apps/sandbox/loki#24

See merge request platform-one/big-bang/bigbang!2009

chart/templates/logging/loki/values.yaml

@@ -24,6 +24,15 @@ monitoring:
 {{- if (eq .Values.loki.strategy "scalable") }}
   serviceMonitor:
     enabled: {{ .Values.monitoring.enabled }}
+    # conditional passes only for default istio: enabled, mTLS: SCRICT
+    {{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.loki.values) "STRICT") }}
+    scheme: https
+    tlsConfig:
+      caFile: /etc/prom-certs/root-cert.pem
+      certFile: /etc/prom-certs/cert-chain.pem
+      keyFile: /etc/prom-certs/key.pem
+      insecureSkipVerify: true  # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+    {{- end }}
 {{- end }}
 
 istio:
@@ -55,6 +64,15 @@ monolith:
   enabled: {{ eq .Values.loki.strategy "monolith" }}
   serviceMonitor:
     enabled: {{ .Values.monitoring.enabled }}
+    # conditional passes only for default istio: enabled, mTLS: SCRICT
+    {{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.loki.values) "STRICT") }}
+    scheme: https
+    tlsConfig:
+      caFile: /etc/prom-certs/root-cert.pem
+      certFile: /etc/prom-certs/cert-chain.pem
+      keyFile: /etc/prom-certs/key.pem
+      insecureSkipVerify: true  # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+    {{- end }}
 {{- if (eq .Values.loki.strategy "monolith") }}
 read:
   disabled: true

chart/values.yaml

@@ -509,7 +509,7 @@ loki:
   git:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
     path: "./chart"
-    tag: "1.7.6-bb.2"
+    tag: "1.8.10-bb.1"
 
   # -- Flux reconciliation overrides specifically for the Loki Package
   flux: {}