Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ServiceMonitor selectors cannot be changed #790

Closed
raphael-ru opened this issue Dec 10, 2024 · 2 comments
Closed

ServiceMonitor selectors cannot be changed #790

raphael-ru opened this issue Dec 10, 2024 · 2 comments
Labels
kind/bug Something isn't working

Comments

@raphael-ru
Copy link

Adding extra labels to the selector in serviceMonitor does not change the output. Specifically, this line in the falco chart config seems to have no impact.
I unsuccessfully tried defining selector labels both with matchLabels: and without.

Is this intended behavior? (I'm no expert.)

Why does it matter?

  • Our ArgoCd changes the instance label of the Falco Service after deployment. Then, the selector labels used by the ServiceMonitor do not match anymore and the Service is not discovered.
  • I would like to overwrite the app.kubernetes.io/instance: falco selector to solve this issue.

Thank you for your hard work!

How to reproduce it

  • Use the falco helm chart.
  • Change the following settings:
metrics:
  enabled: true

serviceMonitor:
  create: true
  selector:
    app.kubernetes.io/instance: my-falco
    foo: bar
  • Observe generated ServiceMonitor config to see that the defined selectors are missing:
# in ServiceMonitor/falco.yaml
# ...
  selector:
    matchLabels:
      app.kubernetes.io/instance: falco
      app.kubernetes.io/name: falco
      type: falco-metrics

Expected behaviour

The labels defined in the selector section should appear in the final config like this:

# in ServiceMonitor/falco.yaml
# ...
  selector:
    matchLabels:
      app.kubernetes.io/instance: my-falco
      app.kubernetes.io/name: falco
      type: falco-metrics
      foo: bar

Environment

  • Falco version: docker.io/falcosecurity/falco-distroless:0.39.1
  • Falco Helm chart version: 4.15.1
  • System info: not relevant
  • Cloud provider or hardware configuration:
  • OS: not relevant
  • Kernel: not relevant
  • Installation method: Kubernetes via ArgoCD / helm

Additional context

From what I can tell this is because the file charts/falco/templates/serviceMonitor.yaml only has the following section:

  selector:
    matchLabels:
      {{- include "falco.selectorLabels" . | nindent 6 }}
      type: "falco-metrics"

In comparison, adding labels to the ServiceMonitor works. The template code for that section looks as follows:

  labels:
    {{- include "falco.labels" . | nindent 4 }}
    {{- with .Values.serviceMonitor.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}

If the described behavior is not intended, then this might be a good place to start.

@raphael-ru raphael-ru added the kind/bug Something isn't working label Dec 10, 2024
@alacuku
Copy link
Member

alacuku commented Dec 10, 2024

Hi @raphael-ru, thanks for reporting the bug.

I opened a PR with the fix #791.

@raphael-ru
Copy link
Author

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants