viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

monitoring: fix ingress auth-comment guard for loki-write-ingress
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Details
ci/woodpecker/push/build-cli Pipeline was successful
Details

Browse source 
scripts/tg's check-ingress-auth-comments.py requires the `# auth = "none":`
rationale comment DIRECTLY above the `auth = "none"` line; mine was in the
module's top block comment, so the guard aborted the whole monitoring apply
(this is why the rpi-sofia scrape/alerts/ingress/dashboard never landed on the
first push). Move the rationale to the required position.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-06-05 13:36:43 +00:00
parent c059405632
commit 5381beb3b7
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
stacks/monitoring/modules/monitoring/loki_ingress.tf
View file

@ -10,7 +10,8 @@
# 10.0.0.0/8) gates the endpoint to LAN/VPN only the correct model for a
# LAN-only Pi, mirroring the idrac-redfish-exporter ingress in this module.
module "loki-write-ingress" {
source = "../../../../modules/kubernetes/ingress_factory"
source = "../../../../modules/kubernetes/ingress_factory"
# auth = "none": rpi-sofia's promtail pushes logs programmatically (no browser, no Authentik SSO cookie); gated to LAN/VPN by allow_local_access_only below.
auth = "none"
namespace = kubernetes_namespace.monitoring.metadata[0].name
name = "loki"