From f87a96dfb785352e3b610eb4cec91d7e591bd55b Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 10 Dec 2024 11:08:48 -0700 Subject: [PATCH] chore: remove loki peerauth exception (#1106) ## Description Upstream [grafana docs](https://grafana.com/docs/loki/latest/setup/install/istio/) do not indicate that this is necessary, likely it was used in the past when services did not have the correct appProtocol. This may be causing issues with our Loki clustering, but overall removing it improves our security posture. I also removed the action used during our cutover from promtail -> vector. ## Related Issue N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Steps to Validate Recommend deploying Loki with an install and upgrade and validating functionality: ```console # Deploy slim-dev from last release uds deploy oci://ghcr.io/defenseunicorns/packages/uds/bundles/k3d-core-slim-dev:0.32.1 --confirm # (optional) Deploy monitoring layer for visualizing/querying loki easier uds zarf p deploy oci://ghcr.io/defenseunicorns/packages/uds/core-monitoring:0.32.1-upstream --confirm # (for testing upgrade) Deploy logging layer from last release uds zarf p deploy oci://ghcr.io/defenseunicorns/packages/uds/core-logging:0.32.1-upstream --confirm # Deploy logging from this branch (this includes an upgrade to the Loki version from main) uds run test:single-layer --set layer=logging # (optional) run the e2e tests for grafana which test the loki datasource uds run -f src/grafana/tasks.yaml e2e-test --set FULL_CORE=true ``` ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --- .../loki-simple-scalable.yaml | 20 ------------------- src/vector/common/zarf.yaml | 6 ------ 2 files changed, 26 deletions(-) delete mode 100644 src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml diff --git a/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml b/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml deleted file mode 100644 index 12ac3e56b..000000000 --- a/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial - -{{- if .Capabilities.APIVersions.Has "security.istio.io/v1beta1" }} -apiVersion: "security.istio.io/v1beta1" -kind: PeerAuthentication -metadata: - name: loki-simple-scalable - namespace: {{ .Release.Namespace }} -spec: - mtls: - mode: STRICT - selector: - matchLabels: - app.kubernetes.io/name: loki - portLevelMtls: - # GRPC exception to support Loki internal communication - "9095": - mode: PERMISSIVE -{{- end }} diff --git a/src/vector/common/zarf.yaml b/src/vector/common/zarf.yaml index 0468f1ccc..9054977fb 100644 --- a/src/vector/common/zarf.yaml +++ b/src/vector/common/zarf.yaml @@ -24,12 +24,6 @@ components: - ../values/values.yaml actions: onDeploy: - before: - - description: Remove Promtail Components if necessary - mute: true - cmd: | - ./zarf package remove core --components promtail --confirm || true # Ensure this doesn't error on installs and upgrades when Promtail no longer exists - ./zarf tools kubectl delete ns promtail || true # Ensure this doesn't error on installs and upgrades when Promtail no longer exists after: - description: Validate Vector Package maxTotalSeconds: 300