Hello all! Does anyone know why this

if

is here: https://github.com/rancher/charts/blob/dev-v2.7/charts/rancher-monitoring/102.0.0%2Bup40.1.2/templates/alertmanager/secret.yaml#L4 It is not in the official prometheus-operator chart and it makes changes to alertmanager not apply since the secret already exists. I tried git blaming without success

It’s by design. Noted in the docs in https://ranchermanager.docs.rancher.com/v2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager#multiple-alertmanager-replicas

By default, the Alertmanager Config Secret created by Rancher will never be modified or deleted on an upgrade or uninstall of the rancher-monitoring chart. This restriction prevents users from losing or overwriting their alerting configuration when executing operations on the chart.

Thanks, I eventually found it. I suggest there should be a way to change this behavior to force overwriting it. I am installing rancher-monitoring with Helm in our k8s cluster and I want to change the receiver of the Watchdog to deadmansnitch, in a GitOps matter

I was just about to suggest that 😄. If you’re using Fleet, you can probably use overlays to manage the secret via Git outside the Helm chart as well, ref: https://github.com/rancher/fleet-examples/blob/master/single-cluster/helm-kustomize/fleet.yaml

mimicking what the helm chart does (here https://github.com/rancher/charts/blob/6083dc0adcdfdbb1bce5daf53bb54da9433d7641/charts/rancher-monitoring/102.0.0+up40.1.2/templates/alertmanager/secret.yaml) but in a manually way

yes, you can use the same values setting you are using and then manage the secret with the given name in an overlay file instead. That way on updating the secret in the overlay file in Git, you will be able to see it change on upgrades too

I have also tried using AlertmanagerConfig crds to do this, but it applies namespace matching to the routes/receivers and prefixes it with namespace as well

Yes I think it would be out of scope. Because the only way to assume ownership of an existing resource not tracked by a Helm installation (or left behind by a previous install) to my knowledge would be to deploy a Job with kubectl capabilities to manually modify the resource every time you upgrade Introducing and maintaining a whole new workload that applies on a specific flag for upgrade that needs to be maintained, when an workaround already exists for managing the secret via Fleet GitOps, would be too heavyweight imo.

imo GitOps way should be a first class citizen as I believe is the way to go in the future, and the workaround is far from friendly. It requires more maintenance and knowledge to keep it up to date with rancher-monitoring sane defaults but adding some modifications to it. But I am not thinking of another simpler solution to this problem right now

I used to work on Fleet so 💯% agree 😊 https://rancher-users.slack.com/archives/C3ASABBD1/p1675356994318999?thread_ts=1675348831.603629&channel=C3ASABBD1&message_ts=1675356994.318999