Conversation
zohar7ch
force-pushed
the
zohar7ch/auto-enable-metrics-collection-traffic
branch
4 times, most recently
from
eb814ca to
63e4ba7
Compare
zohar7ch
commented
Mar 23, 2025
zohar7ch
force-pushed
the
zohar7ch/auto-enable-metrics-collection-traffic
branch
2 times, most recently
from
cbf0e64 to
d92bbf9
Compare
zohar7ch
changed the title
zohar7ch
commented
Mar 24, 2025
zohar7ch
force-pushed
the
zohar7ch/auto-enable-metrics-collection-traffic
branch
6 times, most recently
from
2ba5a80 to
59c110c
Compare
zohar7ch
force-pushed
the
zohar7ch/auto-enable-metrics-collection-traffic
branch
5 times, most recently
from
796292b to
9001174
Compare
zohar7ch
changed the title
prometheus.io/scrape
zohar7ch
force-pushed
the
zohar7ch/auto-enable-metrics-collection-traffic
branch
from
8ccb754 to
aa8b06d
Compare
zohar7ch
force-pushed
the
zohar7ch/auto-enable-metrics-collection-traffic
branch
from
884c50d to
a1c5c51
Compare
omris94
approved these changes
Mar 27, 2025
src/operator/controllers/metrics_collection_traffic/network_policy_handler.go
Outdated
Show resolved
Hide resolved
zohar7ch
force-pushed
the
zohar7ch/auto-enable-metrics-collection-traffic
branch
from
a1c5c51 to
149ccb0
Compare
To support the new "auto-enable metrics collection traffic" feature, we need to obtain a new configuration. Since there is a strong correlation between metrics collection traffic and external traffic — both of which are actions intentionally performed by the developer in their environment with the expectation that they will work with Otterize — we use the same configuration value for both features.
Since marking a resource in Kubernetes for metrics scraping is a common and may affect many resources, we aim to make the network policy more restrictive. To achieve this, we obtain a configuration that identifies the metrics scraping server. This allows us to create a network policy that only permits traffic between the metrics scraping server and the deployment. If we don't receive this configuration, we treat the situation as if automatic enabling of metrics collection traffic is set to off.
We no longer use CLI for passing parameters to the operator (we use environments variables), so it is OK to remove the old value (AllowExternalTraffic), but there isn't any meaning in adding the new flag
zohar7ch
force-pushed
the
zohar7ch/auto-enable-metrics-collection-traffic
branch
from
6be4468 to
9dfb822
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
By setting intentsOperator.operator.automateThirdPartyNetworkPolicies and intentsOperator.operator.metricsScrapingServiceConfigs - Otterize can now automatically enable traffic from Prometheus server to any other workload marked with
prometheus.io/scrapeannotation.You no longer have to create client-intents from the scraping server to your workloads.
References
Testing
Unit tests & e2e test were added
Checklist