Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
m
many-evening-49066
02/02/2023, 2:40 PMHello all!
Does anyone know why this
ifc
clean-spoon-54156
02/02/2023, 4:36 PMIt’s by design. Noted in the docs in https://ranchermanager.docs.rancher.com/v2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager#multiple-alertmanager-replicas
By default, the Alertmanager Config Secret created by Rancher will never be modified or deleted on an upgrade or uninstall of the rancher-monitoring chart. This restriction prevents users from losing or overwriting their alerting configuration when executing operations on the chart.The lookup call ensures we do not apply the resource on a re-install if the secret exists to overwrite its contents (which would anyways cause for helm installation to fail, since Helm cannot assume ownership of an existing resource)
m
many-evening-49066
02/02/2023, 4:38 PMThanks, I eventually found it. I suggest there should be a way to change this behavior to force overwriting it.
I am installing rancher-monitoring with Helm in our k8s cluster and I want to change the receiver of the Watchdog to deadmansnitch, in a GitOps matter
Meaning my source of truth is git, and I indeed want it to be overwritten. I found a way to mitigate this, by:
• disabling the secret creation by enabling this flag:
alertmanager:
alertmanagerSpec:
useExistingSecret: truealertmanager-rancher-monitoring-alertmanageralertmanager.yamlrancher_defaults.tmplc
clean-spoon-54156
02/02/2023, 4:42 PMI was just about to suggest that 😄. If you’re using Fleet, you can probably use overlays to manage the secret via Git outside the Helm chart as well, ref: https://github.com/rancher/fleet-examples/blob/master/single-cluster/helm-kustomize/fleet.yaml
👍 1
m
many-evening-49066
02/02/2023, 4:42 PMmimicking what the helm chart does (here https://github.com/rancher/charts/blob/6083dc0adcdfdbb1bce5daf53bb54da9433d7641/charts/rancher-monitoring/102.0.0+up40.1.2/templates/alertmanager/secret.yaml)
but in a manually way
we're using fleet, but we want to change it after installation, to update it
c
clean-spoon-54156
02/02/2023, 4:44 PMyes, you can use the same values setting you are using and then manage the secret with the given name in an overlay file instead. That way on updating the secret in the overlay file in Git, you will be able to see it change on upgrades too
m
many-evening-49066
02/02/2023, 4:44 PMI have also tried using AlertmanagerConfig crds to do this, but it applies namespace matching to the routes/receivers and prefixes it with namespace as well
do you think it is out of the scope of rancher to offer a flag/boolean (e.g.
alwaysOverwriteSecretI can open a PR for this
c
clean-spoon-54156
02/02/2023, 4:51 PMYes I think it would be out of scope. Because the only way to assume ownership of an existing resource not tracked by a Helm installation (or left behind by a previous install) to my knowledge would be to deploy a Job with kubectl capabilities to manually modify the resource every time you upgrade
Introducing and maintaining a whole new workload that applies on a specific flag for upgrade that needs to be maintained, when an workaround already exists for managing the secret via Fleet GitOps, would be too heavyweight imo.
If a fix was simpler than that, feel free to open up a PR! But I recommend going the overlay route first
m
many-evening-49066
02/02/2023, 4:56 PMimo GitOps way should be a first class citizen as I believe is the way to go in the future, and the workaround is far from friendly. It requires more maintenance and knowledge to keep it up to date with rancher-monitoring sane defaults but adding some modifications to it.
But I am not thinking of another simpler solution to this problem right now
➕ 1
👍 1
Very grateful for your help Arvind! 😄
Have a wonderful day
👍 1
c
clean-spoon-54156
02/02/2023, 5:00 PMI used to work on Fleet so 💯% agree 😊 https://rancher-users.slack.com/archives/C3ASABBD1/p1675356994318999?thread_ts=1675348831.603629&channel=C3ASABBD1&message_ts=1675356994.318999
Same to you!
😊 1