C1: review CC observability-stack-audit (extend to k3s) #353

Merged

eblume merged 1 commit from review/cc-observability-stack-audit-2026-05-11 into main 2026-05-11 16:10:40 -07:00

Conversation 0 Commits 1 Files changed 2 +9 -4

eblume commented 2026-05-11 15:11:13 -07:00

Owner

Copy link

Summary

• Recurring compensating-control review (oldest stale control: 42 days).
• Verified the control is in effect on both clusters:
  • alloy-k8s on minikube-indri — Synced/Healthy, DaemonSet 1/1 ready
  • alloy-ringtail on k3s-ringtail — Synced/Healthy
  • loki (monitoring/loki-0) — Running, receiving logs (52 restarts in 18h is worth watching but not blocking review)
• Generalized the description: previously named only minikube, but the indri→ringtail migration means we now operate two clusters and both rely on this control.
• Added a follow-up note: enabling native apiserver audit logging is far more tractable on k3s (--audit-log-path / --audit-policy-file) than it was on minikube — worth revisiting once the migration concludes.

Test plan

• prek hooks pass
• Verified alloy + loki status via kubectl --context=minikube-indri and argocd app get

Notes

• No deployment changes.

## Summary - Recurring compensating-control review (oldest stale control: 42 days). - Verified the control is in effect on both clusters: - `alloy-k8s` on minikube-indri — Synced/Healthy, DaemonSet 1/1 ready - `alloy-ringtail` on k3s-ringtail — Synced/Healthy - `loki` (`monitoring/loki-0`) — Running, receiving logs (52 restarts in 18h is worth watching but not blocking review) - Generalized the description: previously named only minikube, but the indri→ringtail migration means we now operate two clusters and both rely on this control. - Added a follow-up note: enabling native apiserver audit logging is far more tractable on k3s (`--audit-log-path` / `--audit-policy-file`) than it was on minikube — worth revisiting once the migration concludes. ## Test plan - [x] `prek` hooks pass - [x] Verified alloy + loki status via `kubectl --context=minikube-indri` and `argocd app get` ## Notes - No deployment changes.

eblume added 1 commit 2026-05-11 15:11:14 -07:00

C1: review CC observability-stack-audit (extend to k3s) ... 28c722e88d

Recurring compensating-control review. Verified:

- alloy-k8s: Synced/Healthy on minikube-indri (DaemonSet 1/1 ready)
- alloy-ringtail: Synced/Healthy on k3s-ringtail
- loki (monitoring/loki-0): Running, receiving logs

The previous description named only minikube, but BlumeOps now runs two
clusters with the migration to ringtail in progress. Generalized the
description and notes to cover both, and added a follow-up note that
enabling native apiserver audit logging is much more tractable on k3s
than it was on minikube.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

eblume merged commit f83be3bf37 into main 2026-05-11 16:10:40 -07:00

eblume referenced this pull request from a commit 2026-05-11 16:10:42 -07:00

C1: review CC observability-stack-audit (extend to k3s) (#353)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!353

No description provided.