Rename metricsScrapingServiceConfigs to prometheusServerConfigs

zohar7ch · zohar7ch · commit 8717cf7c8891 · 2025-03-25T10:40:40.000+02:00
diff --git a/intents-operator/README.md b/intents-operator/README.md
@@ -45,8 +45,8 @@
 | `operator.enableIstioPolicyCreation`               | Whether the operator should create Istio authorization policies according to ClientIntents                                                                                                                                                                                                                                                             | `true`                                                               |
 | `operator.ingressControllerConfigs`                | Restricts the automatically created external traffic network policies to only allow access to an ingress controller within the cluster. Only relevant if you use an in-cluster ingress controller, such as nginx or HAProxy. A list of objects with keys `name`, `namespace` and `kind`, such as `ingress-nginx-controller`, `nginx` and `Deployment`. | `(none)`                                                             |
 | `operator.ingressControllerAWSALBExempt`           | If set to true, the operator will allow all traffic if an Ingress is managed by the AWS ALB Ingress Controller.                                                                                                                                                                                                                                        | `false`                                                              |
-| `operator.automateThirdPartyNetworkPolicies`       | `ifBlockedByOtterize`, `off` or `always`. Automatically creates network policies to allow required traffic from load balancers, reverse proxies, and Prometheus by tracking Service and Ingress resources, as well as Prometheus scrape annotations. To enable metrics scraping by metrics, `metricsScrapingServiceConfigs` must be set as well        | `ifBlockedByOtterize`                                                |
-| `operator.metricsScrapingServiceConfigs`           | Restricts the automatically created network policies for scraping metrics to only be accessed by the scraping service. A list of objects with keys `name`, `namespace` and `kind`, such as `Deployment`.                                                                                                                                               | `(none)`                                                             |
+| `operator.automateThirdPartyNetworkPolicies`       | `ifBlockedByOtterize`, `off` or `always`. Automatically creates network policies to allow required traffic from load balancers, reverse proxies, and Prometheus by tracking Service and Ingress resources, as well as Prometheus scrape annotations. To enable Prometheus metrics scraping traffic, `prometheusServerConfigs` must be set as well      | `ifBlockedByOtterize`                                                |
+| `operator.prometheusServerConfigs`                 | Restricts the automatically created network policies for Prometheus metrics scraping to only originate from Prometheus server. A list of objects with keys `name`, `namespace` and `kind`, such as `Deployment`.                                                                                                                                       | `(none)`                                                             |
 | `operator.externallyManagedPolicyWorkloads`        | Workloads assumed to have externally managed network policies, allowing traffic to/from them. Otterize Cloud will not suggest new ClientIntents for these workloads.                                                                                                                                                                                   | `(none)`                                                             |
 | `operator.resources`                               | Resources override.                                                                                                                                                                                                                                                                                                                                    |                                                                      |
 | `operator.enableDatabasePolicyCreation`            | Whether the operator should create database policies according to ClientIntents                                                                                                                                                                                                                                                                        | `true`                                                               |
diff --git a/intents-operator/templates/extended-config-configmap.yaml b/intents-operator/templates/extended-config-configmap.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.global.aws.rolesAnywhere.enabled .Values.operator.ingressControllerConfigs .Values.operator.externallyManagedPolicyWorkloads .Values.operator.metricsScrapingServiceConfigs }}
+{{- if or .Values.global.aws.rolesAnywhere.enabled .Values.operator.ingressControllerConfigs .Values.operator.externallyManagedPolicyWorkloads .Values.operator.prometheusServerConfigs }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -42,12 +42,12 @@ data:
         kind: {{ $workload.kind | quote | required "Workload kind required: kind" }}
     {{- end }}
   {{- end }}
-  {{- if .Values.operator.metricsScrapingServiceConfigs }}
-    metricsScrapingService:
-    {{- range $config := .Values.operator.metricsScrapingServiceConfigs }}
-      - name: {{ $config.name | quote | required "metricsScrapingService name required: name" }}
-        namespace: {{ $config.namespace | quote | required "metricsScrapingService namespace required: namespace" }}
-        kind: {{ $config.kind | quote | required "metricsScrapingService kind required: kind" }}
+  {{- if .Values.operator.prometheusServerConfigs }}
+    prometheusServerConfigs:
+    {{- range $config := .Values.operator.prometheusServerConfigs }}
+      - name: {{ $config.name | quote | required "prometheusServerConfigs name required: name" }}
+        namespace: {{ $config.namespace | quote | required "prometheusServerConfigs namespace required: namespace" }}
+        kind: {{ $config.kind | quote | required "prometheusServerConfigs kind required: kind" }}
     {{- end }}
   {{- end }}
 {{- end }}
diff --git a/intents-operator/templates/intents-operator-deployment.yaml b/intents-operator/templates/intents-operator-deployment.yaml
@@ -280,7 +280,7 @@ spec:
           name: spiffe
           readOnly: true
 {{- end }}
-{{- if or .Values.global.aws.rolesAnywhere.enabled .Values.operator.ingressControllerConfigs .Values.operator.externallyManagedPolicyWorkloads .Values.operator.metricsScrapingServiceConfigs }}
+{{- if or .Values.global.aws.rolesAnywhere.enabled .Values.operator.ingressControllerConfigs .Values.operator.externallyManagedPolicyWorkloads .Values.operator.prometheusServerConfigs }}
         - name: extended-config
           mountPath: /etc/otterize
           readOnly: true
@@ -353,7 +353,7 @@ spec:
             aws.spiffe.csi.cert-manager.io/enable: "true"
             spiffe.csi.cert-manager.io/fs-group: "65532"
 {{- end }}
-{{- if or .Values.global.aws.rolesAnywhere.enabled .Values.operator.ingressControllerConfigs .Values.operator.externallyManagedPolicyWorkloads  .Values.operator.metricsScrapingServiceConfigs }}
+{{- if or .Values.global.aws.rolesAnywhere.enabled .Values.operator.ingressControllerConfigs .Values.operator.externallyManagedPolicyWorkloads  .Values.operator.prometheusServerConfigs }}
       - name: extended-config
         configMap:
           name: intents-operator-config
diff --git a/intents-operator/values.yaml b/intents-operator/values.yaml
@@ -40,8 +40,7 @@ operator:
 #      namespace: ingress-nginx
 #      kind: Deployment
 
-  metricsScrapingServiceConfigs: # restrict network policies created by automateThirdPartyNetworkPolicies for metrics scraping (like Prometheus) to be accessed
-  # only from the scraping server.
+  prometheusServerConfigs: # Restricts the automatically created network policies for Prometheus metrics scraping to only originate from Prometheus server
   #    - name: prometheus-server
   #      namespace: prometheus
   #      kind: Deployment
@@ -66,7 +65,7 @@ operator:
   #                                     may need a manually created network policy to allow the traffic
   # - `always`                        - create network policies for every relevant service, regardless of whether it is protected
   #                                     by otterize or not
-  # To enable metrics scraping by metrics, `metricsScrapingServiceConfigs` must be set as well
+  # To enable Prometheus metrics scraping traffic, `prometheusServerConfigs` must be set as well
   automateThirdPartyNetworkPolicies: ifBlockedByOtterize
   enableIstioPolicyCreation: true
   enableDatabasePolicyCreation: true
