K8s-monitoring for Alloy to move from v1 to v2
K8s-monitoring chart has a v1 to v2 upgrade details on the move: https://github.com/grafana/k8s-monitoring-helm/blob/main/charts/k8s-monitoring/docs/Migration.md. The referenced charts are https://github.com/grafana/k8s-monitoring-helm/tree/main/charts with v2 being just k8s-monitoring and k8s-monitoring-v1 as v1.
The 2.0 release of the k8s-monitoring Helm chart includes major changes from the 1.x version. Many of the features have been re-arranged to be organized around features, rather than data types (e.g. metrics, logs, etc.). This document will explain how the settings have changed, feature-by-feature, and how to migrate your v1 values.yaml file.
In v1, many features were enabled by default. Cluster metrics, pod logs, cluster events, etc... In v2, all features are disabled by default, which leads your values file to better reflect your desired feature set.
We should work towards upgrading our alloy chart to follow. There is work to
- Configure the wrapper chart to work with upstream with referencing v2
- Test upgrade from the v2 to v1, document changes that we need to include in the breaking change. If needed write a documentation on migration
- Deploys same deployment as what we have by default for v1.
- Test package works
Designs
Blocks
Activity
added statusready-to-work teamObservability labels
added alloy label
This relates to #70 (closed). Closing this story will close issue #70 (closed).
Edited by Kirby Liuchanged iteration to Big Bang Iterations Jan 21, 2025 - Feb 3, 2025
mentioned in issue #70 (closed)
added priority2 label
marked this issue as blocking #72 (closed)
assigned to @kliu
assigned to @blairbowden
-
Need to work through security contexts
Warning InstallFailed 2m41s helm-controller Helm install failed for release monitoring/monitoring-alloy with chart k8s-monitoring@2.0.4-bb.0: failed to create resource │ │ : admission webhook "validate.kyverno.svc-fail" denied the request: │ │ │ │ resource DaemonSet/monitoring/monitoring-alloy-alloy-receiver was blocked due to the following policies │ │ │ │ restrict-capabilities: │ │ autogen-capabilities: 'validation failure: validation error: Adding of additional │ │ capabilities beyond the allowed set is not allowed. The fields spec.containers[*].securityContext.capabilities.add, │ │ spec.initContainers[*].securityContext.capabilities.add, and spec.ephemeralContainers[*].securityContext.capabilities.add │ │ must be in the allowed list. rule autogen-capabilities failed at path /securityContext/capabilities/add/' │ │ │ │ Last Helm logs: │ │ │ │ 2025-01-30T18:22:04.316363188Z: Created a new ClusterRole called "monitoring-alloy-alloy-receiver" in │ │ │ │ 2025-01-30T18:22:04.328821525Z: Created a new ClusterRole called "monitoring-alloy-kepler-clusterrole" in │ │ │ │ 2025-01-30T18:22:04.340925507Z: Created a new ClusterRoleBinding called "monitoring-alloy-alloy-metrics" in │ │ │ │ 2025-01-30T18:22:04.353482965Z: Created a new ClusterRoleBinding called "monitoring-alloy-alloy-receiver" in │ │ │ │ 2025-01-30T18:22:04.365104041Z: Created a new ClusterRoleBinding called "monitoring-alloy-kepler-clusterrole-binding" in │ │ │ │ 2025-01-30T18:22:04.38368784Z: Created a new Service called "monitoring-alloy-alloy-metrics-cluster" in monitoring │ │ │ │ 2025-01-30T18:22:04.426279471Z: Created a new Service called "monitoring-alloy-alloy-metrics" in monitoring │ │ │ │ 2025-01-30T18:22:04.472364663Z: Created a new Service called "monitoring-alloy-alloy-receiver" in monitoring │ │ │ │ 2025-01-30T18:22:04.537053454Z: Created a new Service called "monitoring-alloy-kepler" in monitoring │ │ │ │ 2025-01-30T18:22:04.606001954Z: Created a new Service called "monitoring-alloy-windows-exporter" in monitoring │ │ Normal UninstallSucceeded 2m31s helm-controller Helm uninstall remediation for release monitoring/monitoring-alloy.v1 with chart k8s-monitoring@2.0.4-bb.0 succeeded │ │ Warning InstallFailed 2m9s helm-controller Helm install failed for release monitoring/monitoring-alloy with chart k8s-monitoring@2.0.4-bb.0: 3 errors occurred: │ │ * admission webhook "validate.kyverno.svc-fail" denied the request: │ │ │ │ resource DaemonSet/monitoring/monitoring-alloy-alloy-receiver was blocked due to the following policies │ │ │ │ restrict-capabilities: │ │ autogen-capabilities: 'validation failure: validation error: Adding of additional │ │ capabilities beyond the allowed set is not allowed. The fields spec.containers[*].securityContext.capabilities.add, │ │ spec.initContainers[*].securityContext.capabilities.add, and spec.ephemeralContainers[*].securityContext.capabilities.add │ │ must be in the allowed list. rule autogen-capabilities failed at path /securityContext/capabilities/add/' │ │ │ │ * admission webhook "validate.kyverno.svc-fail" denied the request: │ │ │ │ resource DaemonSet/monitoring/monitoring-alloy-kepler was blocked due to the following policies │ │ │ │ restrict-host-ports: │ │ autogen-host-ports: 'validation failure: validation error: The host port used is │ │ not allowed. The fields spec.containers[*].ports[*].hostPort, spec.initContainers[*].ports[*].hostPort, │ │ and spec.ephemeralContainers[*].ports[*].hostPort must only include ports from │ │ the allowed list. rule autogen-host-ports failed at path /ports/0/hostPort/' │ │ restrict-image-registries: │ │ autogen-validate-registries: 'validation failure: validation error: Image registry │ │ is not in the approved list. rule autogen-validate-registries failed at path /image/' │ │ │ │ * admission webhook "validate.kyverno.svc-fail" denied the request: │ │ │ │ resource StatefulSet/monitoring/monitoring-alloy-alloy-metrics was blocked due to the following policies │ │ │ │ restrict-capabilities: │ │ autogen-capabilities: 'validation failure: validation error: Adding of additional │ │ capabilities beyond the allowed set is not allowed. The fields spec.containers[*].securityContext.capabilities.add, │ │ spec.initContainers[*].securityContext.capabilities.add, and spec.ephemeralContainers[*].securityContext.capabilities.add │ │ must be in the allowed list. rule autogen-capabilities failed at path /securityContext/capabilities/add/' │ │Edited by Kirby Liu -
alloy-receiver is getting the following error
│ Error: /etc/alloy/config.alloy:226:29: illegal character U+003A ':' │ │ │ │ Error: /etc/alloy/config.alloy:226:29: expected block label, got ILLEGAL │ │ Error: could not perform the initial load successfully │ │ interrupt received │ │ Stream closed EOF for monitoring/monitoring-alloy-alloy-receiver-5mk6p (alloy) removed iteration Big Bang Iterations Jan 21, 2025 - Feb 3, 2025
changed iteration to Big Bang Iterations Feb 4, 2025 - Feb 17, 2025
added statusdoing label and removed statusready-to-work label
mentioned in merge request !73 (merged)
mentioned in merge request big-bang/bigbang!5740 (merged)
mentioned in issue big-bang/bigbang#2485 (closed)
mentioned in issue #75
added statusreview label and removed statusdoing label
removed iteration Big Bang Iterations Feb 4, 2025 - Feb 17, 2025
changed iteration to Big Bang Iterations Feb 18, 2025 - Mar 3, 2025
mentioned in merge request big-bang/bigbang!5802 (merged)
closed with merge request big-bang/bigbang!5802 (merged)
mentioned in commit big-bang/bigbang@b482315e
removed statusreview label