feat: update to using default scrapeclass for tls config #517
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
needs docs and there are a couple of things to potentially remove that i left for someone if they wanted to test locally in review. Namely additional resources in the app-tenant test app and commented out values in the pepr chart import components values file that doesnt actually need to be there for things to work. @mjnagel If you want to take a look LMK any feedback. After changing the behavior for the scrape classes i verified the changes i made to make the existing uds-core monitors match by deploying both from this branch and from main and doing an yaml diff of the prometheus config yaml of both deployments. |
zachariahmiller
changed the title
|
Made an initial attempt at the docs. Not sure how yall want to communicate new vs existing/deprecated behavior format wise especially given that these docs feed into the site. |
mjnagel
requested changes
Jul 9, 2024
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
|
@mjnagel I believe i resolved all your comments. Please take a look again when you get a chance. |
mjnagel
previously approved these changes
Jul 11, 2024
mjnagel
dismissed
their stale review
Dismissing approval temporarily - metrics-server seems to have an issue...investigating.
mjnagel
reviewed
Jul 11, 2024
mjnagel
previously approved these changes
Jul 11, 2024
mjnagel
reviewed
Jul 11, 2024
mjnagel
approved these changes
Jul 11, 2024
UnicornChance
approved these changes
Jul 11, 2024
rjferguson21
approved these changes
Jul 11, 2024
mjnagel
added a commit
that referenced
this pull request
Jul 12, 2024
## Description This PR has a few follow-on changes for #517: - Slightly reworded/ordered documentation to focus on current setup rather than deprecated setup - Updated code to support `podSelector` or `selector` for pod monitor generation - Updated mutation logic for servicemonitors to: - Combine conditionals for exemption - Add a new `uds/skip-mutate` annotation for exemption - Clarify deprecation of tlsConfig mutation (not scheme) - Added mutation logic for podmonitors to: - Allow for exempting podmonitors from default scrape class via annotation or injection detection - Mutate `scheme` to `https` if not exempted - Switched core podmonitors to use `uds/skip-mutate` annotation rather than explicit scrape class - Deleted example test monitoring from other test-apps and enabled pod + svc monitor for podinfo (since it exposes a real metrics endpoint) ## Related Issue No issue opened as this PR was just merged. ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
mjnagel
pushed a commit
that referenced
this pull request
Jul 12, 2024
🤖 I have created a release *beep* *boop* --- ## [0.24.0](v0.23.0...v0.24.0) (2024-07-12) ### ⚠ BREAKING CHANGES * set istio passthrough gateway as optional component (#547) ### Features * add unicorn flavor to uds-core ([#507](#507)) ([a412581](a412581)) * added standalone dns service for loki ([#548](#548)) ([e2efdf9](e2efdf9)) * enable authservice integration ([#201](#201)) ([1d4df64](1d4df64)) * set istio passthrough gateway as optional component (#547) ([e1cab61](e1cab61)) * update to using default scrapeclass for tls config ([#517](#517)) ([258bb6b](258bb6b)) ### Bug Fixes * decouple `devMode` and postgres egress ([#554](#554)) ([1a98779](1a98779)) * grafana logout not working in some environments ([#559](#559)) ([ccb9d9e](ccb9d9e)) * initial creation of child logging ([#533](#533)) ([00a5140](00a5140)) * podmonitor mTLS mutations ([#566](#566)) ([eb613e1](eb613e1)) ### Miscellaneous * add util function for purging orphans ([#565](#565)) ([e84229a](e84229a)) * allow istio proxy injection in zarf ignored namespaces (#513) ([8921b58](8921b58)) * **deps:** update githubactions upload-artifact to v4.3.4 ([#543](#543)) ([20889f2](20889f2)) * **deps:** update grafana helm chart to v8.3.2 ([#542](#542)) ([8ec260c](8ec260c)) * **deps:** update pepr dependencies (jest, uds-common) ([#537](#537)) ([547c0bf](547c0bf)) * **deps:** update promtail helm chart to v6.16.3 ([#538](#538)) ([48b3fea](48b3fea)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
add pod monitors to uds-core operator automation and UDS package CR monitor spec.
update to using default scrapeClass for tls config in prometheus and "exempt" class to override default tls config
update core components existing pod and service monitor implementations to fit with the new default scrapeClass implementation
migrate pepr over to using the generated helm based implementation to facilitate ability to override and align zarf.yaml composition organization with the other packages.
add authorization to the endpoint configuration options for monitors
Related Issue
Fixes #417
Type of change
Checklist before merging