UNCLASSIFIED - NO CUI

fix 502 block_all errors when Istio hardened mode is enabled

Dustin Hilgaertnerrequested to merge
feature/alloy-86-502-error-v2 into main

General MR

Summary

alloy-metrics couldn't communicate with alloy-receiver on port 12345 when Istio hardened mode was enabled, resulting in 502 block_all errors.

Added NetworkPolicy ingress rules in chart/values.yaml that generate both NetworkPolicies and AuthorizationPolicies for:

  • alloy-receiver:12345 (from alloy-metrics and Prometheus)
  • alloy-logs:12345 (from alloy-metrics and Prometheus)
  • alloy-metrics:12345 (from Prometheus)

Relevant logs/screenshots

Verification:

  • Before fix: 1 ingress NetworkPolicy, 1 AuthorizationPolicy
  • After fix: 5 ingress NetworkPolicies, 5 AuthorizationPolicies
  • All alloy pods running healthy (3/3)
  • No block_all or 502 errors in logs

Linked Issue

issue

Upgrade Notices

N/A

Merge request reports

UNCLASSIFIED - NO CUI