Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Custom Netpols for Prometheus Stack Package #996

Closed
joelmccoy opened this issue Nov 9, 2024 · 1 comment · Fixed by #997
Closed

Allow Custom Netpols for Prometheus Stack Package #996

joelmccoy opened this issue Nov 9, 2024 · 1 comment · Fixed by #997
Labels
enhancement New feature or request

Comments

@joelmccoy
Copy link
Contributor

joelmccoy commented Nov 9, 2024
edited
Loading

Is your feature request related to a problem? Please describe.

Currently, alertmanager can't reach outside the monitoring namespace with the default netpols deployed with core. This is a problem, because it is typical to setup alertmanager with some sort of notification system (i.e. slack, email, etc). Currently there is no way to route this traffic out of alertmanager. And since each destination is going to be different for each customer, it makes sense to allow them to configure this themselves. Recommend we add a custom value that can be overriden and allows netpols for unanticipated scenarios

Describe the solution you'd like

  • Given a deploy of uds-core
  • When a user specifies an override value to add a custom netpol to the prometheus-stack package to allow alertmanager traffic to their end destination
  • Then alertmanager is able to properly send alerts to their notification system

Describe alternatives you've considered

  • Deploy a custom package with a single netpol manifest in it (feels overkill to create a package for this single use case that could be override-able with a value)
  • Set a blanket allow alertmanager egress to everywhere (probably not the best for security reasons)

Additional context

Originally mentioned this in a comment here, but feel that this is a different problem and merits it's own issue
@joelmccoy joelmccoy added the enhancement New feature or request label Nov 9, 2024
@joelmccoy joelmccoy mentioned this issue Nov 9, 2024
Merged
5 tasks
@joelmccoy joelmccoy changed the title Allow Custom Netpols for Montoring Package/Layer Allow Custom Netpols for Prometheus Stack Package Nov 9, 2024
@joelmccoy
Copy link
Contributor Author

Looks to be a duplicate / subset of #951

mjnagel added a commit that referenced this issue Nov 18, 2024
@joelmccoy @noahpb @mjnagel
feat: add ability to add custom netpols for prometheus-stack package (#…
472f9c5 
…997)

## Description

Adds a value to allow custom netpols for the prometheus-stack package.
Following a similar pattern that we use for
[vector](https://github.com/defenseunicorns/uds-core/blob/v0.31.2/src/vector/chart/values.yaml#L4-L19).
Additionally added some documentation on how to override and add custom
netpols to prometheus stack and vector.

## Related Issue

Fixes #996 

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

---------

Co-authored-by: Noah <[email protected]>
Co-authored-by: Micah Nagel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add ability to add custom netpols for prometheus-stack package defenseunicorns/uds-core
1 participant
@joelmccoy