Adopt bb-common for Netpol, AuthorizationPolicy, Istio resources
General MR
Summary
- Replaces network policies generated by Alloy package with policies created via bb-common
- Replaces base Istio resource creation with bb-common Istio generated resources
- Adds a very gluon script test asserting pod logs are shipped to Loki
Relevant logs/screenshots
Tested with Umbrella branch - alloy-bb-common-integration
Linked Issue
Upgrade Notices
Alloy is now leveraging our bb-common integration for network policies and istio-related resources. Please refer to this blog post for additional information on the integration.
Previously, non-default enabled components like alloy-receiver were not included in default-deny policies unless explicitly included via defaultSelectorValues. This update includes all pods in the namespace in he default-deny policy and only permits traffic for alloy-logs by default, if you are enabling alloy-receiver or other components besides alloy-logs you must create additional network policy to permit that traffic.
For instance to enable alloy-receiver and permit ingress traffic to it:
alloy:
values:
upstream:
alloy-receiver:
enabled: true
alloy:
extraPorts:
- name: "otlp-grpc"
port: 4317
targetPort: 4317
protocol: "TCP"
networkPolicies:
ingress:
to:
alloy-receiver:4317:
from:
k8s:
"*/*": trueUmbrella Branch
alloy-bb-common-integration
x