From 5381beb3b7e8685db909bfd14f6607c50e67dced Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Fri, 5 Jun 2026 13:36:43 +0000 Subject: [PATCH] monitoring: fix ingress auth-comment guard for loki-write-ingress scripts/tg's check-ingress-auth-comments.py requires the `# auth = "none":` rationale comment DIRECTLY above the `auth = "none"` line; mine was in the module's top block comment, so the guard aborted the whole monitoring apply (this is why the rpi-sofia scrape/alerts/ingress/dashboard never landed on the first push). Move the rationale to the required position. Co-Authored-By: Claude Opus 4.8 --- stacks/monitoring/modules/monitoring/loki_ingress.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/stacks/monitoring/modules/monitoring/loki_ingress.tf b/stacks/monitoring/modules/monitoring/loki_ingress.tf index 6180a209..d50a9213 100644 --- a/stacks/monitoring/modules/monitoring/loki_ingress.tf +++ b/stacks/monitoring/modules/monitoring/loki_ingress.tf @@ -10,7 +10,8 @@ # 10.0.0.0/8) gates the endpoint to LAN/VPN only — the correct model for a # LAN-only Pi, mirroring the idrac-redfish-exporter ingress in this module. module "loki-write-ingress" { - source = "../../../../modules/kubernetes/ingress_factory" + source = "../../../../modules/kubernetes/ingress_factory" + # auth = "none": rpi-sofia's promtail pushes logs programmatically (no browser, no Authentik SSO cookie); gated to LAN/VPN by allow_local_access_only below. auth = "none" namespace = kubernetes_namespace.monitoring.metadata[0].name name = "loki"