Ignore drift detection on PrometheusRule CR generated by Loki HelmRelease
What does this MR do and why?
This MR is adding driftdetection.ignore rule on loki HelmRelease, so that the drift on PrometheusRule CR is ignored by the Helm controller. This is because of rancher-monitoring-admission webhook is adding an annotation to PrometheusRule prometheus-operator-validated: true. This annotation will be added to each custom resource named PrometheusRule present in any namespace.
Drift Info
Action: [2025-08-27T19:37:51.238Z] PrometheusRule/loki/loki-loki-alerts changed (1 additions, 0 changes, 0 removals)\nPrometheusRule/loki/loki-loki-rules changed (1 additions, 0 changes, 0 removals)","type":"Warning","object":{"kind":"HelmRelease","namespace":"sylva-system","name":"loki","uid":"61a6559b-9548-410c-b499-14bd10bb69b5","apiVersion":"helm.toolkit.fluxcd.io/v2","resourceVersion":"109208"},"reason":"DriftDetected}Webhooks from monitoring stack:
$ kubectl get mutatingwebhookconfiguration rancher-monitoring-admission
NAME WEBHOOKS AGE
rancher-monitoring-admission 1 12h
$ kubectl get validatingwebhookconfiguration rancher-monitoring-admission
NAME WEBHOOKS AGE
rancher-monitoring-admission 1 12hSolution:
In the Loki unit, driftDetection has been configured for prometheusRule resources so that the Helm controller ignores them whenever the annotation prometheus-operator-validated: true is applied to prometheusRule CR within the Loki namespace:
helmrelease_spec:
driftDetection:
ignore:
- paths:
- /metadata/annotations/prometheus-operator-validated
target:
group: monitoring.coreos.com
kind: PrometheusRuleRelated reference(s)
Closes #2746 (closed)
Test coverage
CI configuration
Below you can choose test deployment variants to run in this MR's CI.
Click to open to CI configuration
Legend:
| Icon | Meaning | Available values |
|---|---|---|
| Infra Provider |
capd, capo, capm3
|
|
| Bootstrap Provider |
kubeadm (alias kadm), rke2, okd, ck8s
|
|
| Node OS |
ubuntu, suse, na
|
|
| Deployment Options |
light-deploy, dev-sources, ha, misc, maxsurge-0, logging, no-logging
|
|
| Pipeline Scenarios | Available scenario list and description |
-
🎬 preview☁️ capd🚀 kadm🐧 ubuntu -
🎬 preview☁️ capo🚀 rke2🐧 suse -
🎬 preview☁️ capm3🚀 rke2🐧 ubuntu -
☁️ capd🚀 kadm🛠️ light-deploy🐧 ubuntu -
☁️ capd🚀 rke2🛠️ light-deploy🐧 suse -
☁️ capo🚀 rke2🐧 suse -
☁️ capo🚀 kadm🐧 ubuntu -
☁️ capo🚀 rke2🐧 ubuntu🛠️ ha,logging -
☁️ capo🚀 rke2🎬 rolling-update🛠️ ha🐧 ubuntu -
☁️ capo🚀 kadm🎬 wkld-k8s-upgrade🐧 ubuntu -
☁️ capo🚀 rke2🎬 rolling-update-no-wkld🛠️ ha🐧 suse -
☁️ capo🚀 rke2🎬 sylva-upgrade-from-1.4.x🛠️ ha🐧 ubuntu -
☁️ capo🚀 rke2🎬 sylva-upgrade-from-1.4.x🛠️ ha,misc🐧 ubuntu -
☁️ capo🚀 rke2🛠️ ha,misc🐧 ubuntu -
☁️ capm3🚀 rke2🐧 suse -
☁️ capm3🚀 kadm🐧 ubuntu -
☁️ capm3🚀 ck8s🐧 ubuntu -
☁️ capm3🚀 rke2🐧 ubuntu🛠️ ha,logging -
☁️ capm3🚀 kadm🎬 rolling-update-no-wkld🛠️ ha,misc🐧 ubuntu -
☁️ capm3🚀 rke2🎬 wkld-k8s-upgrade🛠️ ha🐧 suse -
☁️ capm3🚀 kadm🎬 rolling-update🛠️ ha🐧 ubuntu -
☁️ capm3🚀 rke2🎬 sylva-upgrade-from-1.4.x🛠️ ha🐧 suse -
☁️ capm3🚀 rke2🛠️ misc,ha🐧 suse -
☁️ capm3🚀 rke2🎬 sylva-upgrade-from-1.4.x🛠️ ha,misc🐧 suse -
☁️ capm3🚀 kadm🎬 rolling-update🛠️ ha🐧 suse -
☁️ capm3🚀 ck8s🎬 rolling-update🛠️ ha🐧 ubuntu -
☁️ capm3🚀 rke2|okd🎬 no-update🐧 ubuntu|na -
☁️ capm3🚀 kadm🛠️ ha,logging🐧 ubuntu
Global config for deployment pipelines
-
autorun pipelines -
allow failure on pipelines -
record sylvactl events
Notes:
- Enabling
autorunwill make deployment pipelines to be run automatically without human interaction - Disabling
allow failurewill make deployment pipelines mandatory for pipeline success. - if both
autorunandallow failureare disabled, deployment pipelines will need manual triggering but will be blocking the pipeline
Be aware: after configuration change, pipeline is not triggered automatically.
Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.