Fix/kustomize examples (#23)

* auto update kustomize version

* update readme

* feat: provide overlay examples

* feat: provide overlay examples

* remove test server

* newline

* newline

.github/workflows/semantic-release.yaml

@@ -19,4 +19,6 @@ jobs:
         uses: go-semantic-release/[email protected]
         with:
           github-token: ${{ secrets.PAT }}
-          allow-initial-development-versions: true
+          allow-initial-development-versions: true
+          extra-plugins: |
+            @semantic-release/exec

.releaserc

@@ -0,0 +1,7 @@
+{
+  "plugins": [
+    ["@semantic-release/exec", {
+      "publishCmd": "sed -i 's/\(newTag:\).*/\1 ${nextRelease.version}/' deploy/kustomize/overlays/*/kustomization.yaml"
+    }],
+  ]
+}

README.md

@@ -4,26 +4,19 @@ This repository creates and publishes Docker image for deployment of Alertmanage
 
 This proxy is useful for preventing sensitive information (e.g. IP addressess, hostnames, alert descriptions, etc.) leaving organisational boundaries when monitoring is outsourced to external entity.
 
-For convenience, Dockerfile to couple filtering proxy with Signalilo is also provided.
+For convenience, Dockerfile and deployment to couple filtering proxy with Signalilo is also provided.
 
 ## Installation
 
-See `deploy/` for Kustomize based deployment.
+See `deploy/kustomize` for Kustomize based deployment.
 
 ## Configuration
 
-Patch ConfigMaps using Kustomize overlay. Example provided in `deploy/overlays/example`.
-
-Separately deploy Secret named `signalilo`, containing key/value pairs:
-
-```
-SIGNALILO_ALERTMANAGER_BEARER_TOKEN: foo
-SIGNALILO_ICINGA_PASSWORD: bar
-```
+Patch ConfigMaps using Kustomize overlay. Examples provided in `deploy/kustomize/overlays`.
 
 ### Proxy
 
-Implicitly uses default HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables
+Implicitly uses default HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables.
 
 ### Alertmanager
 
@@ -34,7 +27,7 @@ receivers:
   - name: Default
     webhook_configs:
       - url: >-
-          http://signalilo-scrubbed.signalilo-scrubbed.svc.cluster.local:8080/webhook
+          http://scrubbed.scrubbed.svc.cluster.local:8080/webhook
         send_resolved: true
         http_config:
           bearer_token: "foo"

deploy/kustomize/base/configmap-scrubbed.yaml → deploy/kustomize/base/configmap.yaml

@@ -8,7 +8,7 @@ data:
   SCRUBBED_ALERT_LABELS: alertname severity
   SCRUBBED_COMMON_ANNOTATIONS: ''
   SCRUBBED_COMMON_LABELS: alertname severity
-  SCRUBBED_DESTINATION_URL: 'http://signalilo-scrubbed:8888/webhook'
+  SCRUBBED_DESTINATION_URL: 'http://receiver:8888/webhook'
   SCRUBBED_GROUP_LABELS: ''
   SCRUBBED_LISTEN_PORT: '8080'
   SCRUBBED_LOG_LEVEL: INFO

deploy/kustomize/base/deployment.yaml

@@ -1,57 +1,17 @@
 kind: Deployment
 apiVersion: apps/v1
 metadata:
-  name: signalilo-scrubbed
+  name: scrubbed
 spec:
   replicas: 1
   selector: {}
   template:
     spec:
-      serviceAccountName: signalilo-scrubbed
+      serviceAccountName: scrubbed
       tolerations:
         - effect: NoSchedule
           operator: Exists
       containers:
-        - resources:
-            limits:
-              cpu: 20m
-              memory: 32Mi
-            requests:
-              cpu: 10m
-              memory: 16Mi
-          readinessProbe:
-            httpGet:
-              path: /healthz
-              port: 8888
-              scheme: HTTP
-            timeoutSeconds: 1
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
-          terminationMessagePath: /dev/termination-log
-          name: signalilo
-          command:
-            - signalilo
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 8888
-              scheme: HTTP
-            timeoutSeconds: 1
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
-          ports:
-            - containerPort: 8888
-              protocol: TCP
-          imagePullPolicy: Always
-          terminationMessagePolicy: File
-          envFrom:
-            - configMapRef:
-                name: signalilo
-            - secretRef:
-                name: signalilo
-          image: 'signalilo-scrubbed'
         - resources:
             limits:
               cpu: 100m
@@ -89,7 +49,7 @@ spec:
           envFrom:
             - configMapRef:
                 name: scrubbed
-          image: signalilo-scrubbed
+          image: scrubbed
       restartPolicy: Always
       terminationGracePeriodSeconds: 10
       dnsPolicy: ClusterFirst

deploy/kustomize/base/kustomization.yaml

@@ -2,20 +2,15 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- serviceaccount.yaml
-- deployment.yaml
-- service.yaml
-- configmap-scrubbed.yaml
-- configmap-signalilo.yaml
-- prometheusrule.yaml
-
-images:
-- name: signalilo-scrubbed
-  newName: quay.io/adfinis/signalilo-scrubbed
-  newTag: v0.2.0
+  - namespace.yaml
+  - serviceaccount.yaml
+  - deployment.yaml
+  - service.yaml
+  - configmap.yaml
+  - prometheusrule.yaml
 
 labels:
-- includeSelectors: true
-  pairs:
-    app.kubernetes.io/component: alerting
-    app.kubernetes.io/name: signalilo-scrubbed
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/component: alerting
+      app.kubernetes.io/name: scrubbed

deploy/kustomize/overlays/example/namespace.yaml → deploy/kustomize/base/namespace.yaml

@@ -1,4 +1,4 @@
 kind: Namespace
 apiVersion: v1
 metadata:
-  name: signalilo-scrubbed
+  name: scrubbed

deploy/kustomize/base/service.yaml

@@ -1,7 +1,7 @@
 kind: Service
 apiVersion: v1
 metadata:
-  name: signalilo-scrubbed
+  name: scrubbed
 spec:
   sessionAffinityConfig:
     clientIP:
@@ -11,10 +11,6 @@ spec:
       protocol: TCP
       port: 8080
       targetPort: 8080
-    - name: signalilo
-      protocol: TCP
-      port: 8888
-      targetPort: 8888
   internalTrafficPolicy: Cluster
   type: ClusterIP
   ipFamilyPolicy: SingleStack

deploy/kustomize/base/serviceaccount.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: signalilo-scrubbed
+  name: scrubbed

deploy/kustomize/overlays/standalone/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: scrubbed
+
+images:
+  - name: scrubbed
+    newName: quay.io/adfinis/scrubbed
+    newTag: v0.2.0
+
+resources:
+  - ../../base

deploy/kustomize/overlays/example/configmap-signalilo-patch.yaml → deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml

@@ -2,7 +2,12 @@ kind: ConfigMap
 apiVersion: v1
 metadata:
   name: signalilo
+immutable: false
 data:
+  SIGNALILO_ALERTMANAGER_PLUGINOUTPUT_ANNOTATIONS: |
+    description
+    message
+  SIGNALILO_ALERTMANAGER_PORT: "8888"
   SIGNALILO_ICINGA_CA: |
     -----BEGIN CERTIFICATE-----
     ...

deploy/kustomize/overlays/with-signalilo/deployment-patch.yaml

@@ -0,0 +1,48 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: scrubbed
+spec:
+  template:
+    spec:
+      containers:
+        - resources:
+            limits:
+              cpu: 20m
+              memory: 32Mi
+            requests:
+              cpu: 10m
+              memory: 16Mi
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8888
+              scheme: HTTP
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          terminationMessagePath: /dev/termination-log
+          name: signalilo
+          command:
+            - signalilo
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8888
+              scheme: HTTP
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          ports:
+            - containerPort: 8888
+              protocol: TCP
+          imagePullPolicy: Always
+          terminationMessagePolicy: File
+          envFrom:
+            - configMapRef:
+                name: signalilo
+            - secretRef:
+                name: signalilo
+          image: scrubbed

deploy/kustomize/overlays/with-signalilo/kustomization.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: scrubbed
+
+images:
+  - name: scrubbed
+    newName: quay.io/adfinis/scrubbed-signalilo
+    newTag: v0.2.0
+
+resources:
+  - ../../base
+  - secret-signalilo.yaml
+  - configmap-signalilo.yaml
+
+patches:
+  - path: deployment-patch.yaml
+  - path: service-patch.yaml

deploy/kustomize/overlays/example/secret-signalilo.yaml → deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml

@@ -4,4 +4,4 @@ metadata:
   name: signalilo
 stringData::
   SIGNALILO_ALERTMANAGER_BEARER_TOKEN: foo
-  SIGNALILO_ICINGA_PASSWORD: bar
+  SIGNALILO_ICINGA_PASSWORD: bar

deploy/kustomize/overlays/with-signalilo/service-patch.yaml

@@ -0,0 +1,10 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: scrubbed
+spec:
+  ports:
+    - name: signalilo
+      protocol: TCP
+      port: 8888
+      targetPort: 8888