Skip to content

Latest commit

 

History

History
49 lines (37 loc) · 1.9 KB

README.md

File metadata and controls

49 lines (37 loc) · 1.9 KB

Istio-enabled kube-prometheus-stack

An example repository showing how the kube-prometheus-stack Helm chart could be patched to support Istio without modifying Kubernetes resources after installing the chart.

Based on prometheus-community/helm-charts#145.

I used the post-renderer technique with kustomize (see 1, 2) to patch the existing and inject extra resources into the helm-generated k8s manifests.

Prerequisites

  • Kustomize 3.5+ installed in $PATH.
  • Helm 3.1+ installed.
  • A k8s cluster (or use helm template instead of helm upgrade -i in the command below)

Usage

  1. Create the metrics namespace and enable Istio injection for the namespace.
  2. Make the kustomize-pipe executable: chmod +x kustomize-pipe.
  3. Run:
    helm upgrade -i monitoring prometheus-community/kube-prometheus-stack \
      --namespace metrics \
      --values values.yaml \
      --post-renderer ./kustomize-pipe \
      --debug --dry-run

The command will install the kube-prometheus-stack chart using values.yaml with Istio-specific patches applied by Kustomize (see kustomization.yaml):

  • Enforces Istio mTLS for the namespace while allowing Prometheus k8s service discovery (networking.yaml).
  • Patches specific ServiceMonitors to use the injected Istio mTLS certificates.
  • Sets appProtocol: http to known Service ports to fix the Istio protocol selection.