UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

Add service monitor to Alloy/values.yaml

Merged Add service monitor to Alloy/values.yaml
alloy-servicemonitor into master
All threads resolved!
Merged Kirby Liu requested to merge alloy-servicemonitor into master
All threads resolved!

Package Merge Request

Package Changes

Enable the service monitors for alloy as well as configure the tls config with scheme=https through the postrenderers since the upstream override charts don't allow changes to scheme without affecting inter-deployment traffic since it isn't configured for istio peer istio convoy.

Package MR

N/A

For Issue

Closes big-bang/product/packages/alloy#83 (closed)

Upgrade Notices

N/A

Edited by Michael Martin

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Kirby Liu resolved all threads

    resolved all threads

  • Kirby Liu added 1 commit

    added 1 commit

    Compare with previous version

  • Michael Martin approved this merge request

    approved this merge request

  • Michael Martin changed the description

    changed the description

  • Michael Martin unapproved this merge request

    unapproved this merge request

    • Michael Martin
      Michael Martin @michaelmartin ·
      Owner
      Resolved by Michael Martin

      @kliu some suggestions. I think we're using (include "istioEnabled" . ) in several logic statements. And, I think we're using it incorrectly. As written like that, it will always evaluate to true. We're going to need to fix this in multiple areas.

      I tested and suggest these changes:

      At the top of the helmRelease, define this:

      {{- $isStrictIstio := and (eq (include "istioEnabled" .) "true") (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.alloy.values) "STRICT") -}}

      For the logic block, do this:

        {{- toYaml $fluxSettingsAlloy | nindent 2 }}
  {{- if or .Values.addons.alloy.postRenderers (and .Values.monitoring.enabled $isStrictIstio ) }}
  postRenderers:
  {{- if and .Values.monitoring.enabled $isStrictIstio }}
  {{- include "alloy.istioPostRenderers" . | nindent 4 }}
  {{- end }}
  {{- with .Values.addons.alloy.postRenderers }}
  {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- end }}

      As I tested this, the behavior works as expected with enabling and disabling monitoring and/or istio and adding in a custom .Values.addons.alloy.postRenderers

      If you can double-check that, we can alert the team that (include "istioEnabled" . ) in a logic statement will need to be fixed.

      Edited by Michael Martin
  • **** requested review from @chris.oconnell

    requested review from @chris.oconnell

  • Kirby Liu added 1 commit

    added 1 commit

    • 99d5dc24 - updated istio peer auth logic

    Compare with previous version

  • Michael Martin resolved all threads

    resolved all threads

  • Michael Martin resolved all threads

    resolved all threads

  • Michael Martin approved this merge request

    approved this merge request

  • Michael Martin
    Michael Martin @michaelmartin ·
    Owner

    verified postRenderers come into the helmRelease based on what's enabled/defined.

  • Michael Martin merged

    merged

  • Michael Martin mentioned in commit 4a7f3ff6

    mentioned in commit 4a7f3ff6

    • Please register or sign in to reply

    UNCLASSIFIED - NO CUI