cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Inconsistent containers injection rules behavior

Anonymous
Not applicable

Hi guys.

 

So, I'm testing rules behavior since a Client wants to have full stack operator deployment, but only does code inject in specific namespaces. (We are using the new operator).

 

To do it we are using the Containers monitoring Rules, setting a "No monitor if Kubernetes Namespace exists" as the bottom rule. And setting a Monitor if Kube namespace equals "XXXX" as a top rule.

 

We got 2 applications that we are testing, a NodeJS and a Golang one, in different Namespaces. In the settings of the PG/PGI both show as "Partially off, caused by container injection rule".

The rule pointing to the "No monitor if Kubernetes Namespace exists". 

 

But the NodeJS one works anyway and the Golang doesn't.   Checking the pod in /opt/I found OA path, so the injection works...

 

I had to "Force" to ON the Golang simple app in the PG settings to make it work.

 

Thing is, it's a simple workaround, but AFAIK the rules should be executed in order. And the bottom rule should not execute if the first cover it? The point would be that if I reverse the order of the rule, the pod does not get injected by OA, as expected and there is no OA path in /opt/.

 

Did anyone found this behavior?

1 REPLY 1

ChadTurner
Leader

Were you able to get any information on this? 

-Chad