Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add monitoring virtualservices for alertmanager / prometheus #977

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: add monitoring virtualservices for alertmanager / prometheus #977

wants to merge 4 commits into from

Conversation

joelmccoy
Copy link
Contributor

@joelmccoy joelmccoy commented Nov 3, 2024
edited
Loading

Description

  • Adds virtualservice on admin gateway for prometheus prom.uds.dev
  • Adds virtualservice on admin gateway for alertmanager alerts.uds.dev
  • Exposes values that allow for custom netpols in the monitoring package (useful for allowing alertmanager to send alerts out of namespace)
  • reordered k3d-standard packages so that authservice is deployed after keycloak

Related Issue

Fixes #967

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Checklist before merging

@joelmccoy joelmccoy requested a review from a team as a code owner November 3, 2024 02:41
joelmccoy
joelmccoy commented Nov 3, 2024
View reviewed changes
packages/standard/zarf.yaml
@@ -91,12 +97,6 @@ components:
import:
path: ../monitoring

# Authservice
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved this up the list in the standard bundle as it should be deployed after keycloak. and tests were failing as monitoring gets deployed before authservice if left alone.

src/prometheus-stack/chart/templates/uds-package.yaml
- service: prometheus-operated
selector:
app: prometheus
host: prom
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

open to other names here 🤷

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently we have grafana and neuvector, might suggest we keep with that pattern and just use the full product name here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(alternatively we could try and lean more into functionality based naming like sso is, so alerts and metrics?)

@joelmccoy
Copy link
Contributor Author

Note: I originally tried to put authservice in front of these things, but it prevents grafana from pulling from prometheus, and prevents prometheus from sending alerts to alertmanager :/. Hopefully it is just ok to put these on the admin gateway, but if not, what we might have to do is create an extra service, expose this, and put authservice in front of it (while still allowing the old service to be reached without authservice).

mjnagel
mjnagel reviewed Nov 4, 2024
View reviewed changes
Copy link
Contributor

@mjnagel mjnagel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I definitely would prefer to put these behind authservice if possible. I know historically when working on Big Bang we were able to use authz policies to allow specific traffic, but there may have been some other caveats with that. cc @bburky if you have thoughts on how to enable this (basically looking to protect prometheus/alertmanager with authservice but also ensure services are able to communicate internal to the cluster still as expected).

src/prometheus-stack/chart/templates/uds-package.yaml
- service: prometheus-operated
selector:
app: prometheus
host: prom
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently we have grafana and neuvector, might suggest we keep with that pattern and just use the full product name here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjnagel mjnagel mjnagel left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Expose Prometheus Endpoint and Alertmanager Service on Admin Gateway
2 participants
@joelmccoy @mjnagel