Istio-enabled kube-prometheus-stack

An example repository showing how the kube-prometheus-stack Helm chart could be patched to support Istio without modifying Kubernetes resources after installing the chart.

Based on prometheus-community/helm-charts#145.

I used the post-renderer technique with kustomize (see 1, 2) to patch the existing and inject extra resources into the helm-generated k8s manifests.

Prerequisites

• Kustomize 3.5+ installed in $PATH.
• Helm 3.1+ installed.
• A k8s cluster (or use helm template instead of helm upgrade -i in the command below)

Usage

1. Create the metrics namespace and enable Istio injection for the namespace.
2. Make the kustomize-pipe executable: chmod +x kustomize-pipe.
3. Run:

   helm upgrade -i monitoring prometheus-community/kube-prometheus-stack \
     --namespace metrics \
     --values values.yaml \
     --post-renderer ./kustomize-pipe \
     --debug --dry-run

The command will install the kube-prometheus-stack chart using values.yaml with Istio-specific patches applied by Kustomize (see kustomization.yaml):

• Enforces Istio mTLS for the namespace while allowing Prometheus k8s service discovery (networking.yaml).
• Patches specific ServiceMonitors to use the injected Istio mTLS certificates.
• Sets appProtocol: http to known Service ports to fix the Istio protocol selection.