From 3f980a212989fc81c2e752ef3a7b34b0d3e3f87f Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Mon, 5 Aug 2024 12:43:02 +0200 Subject: [PATCH 1/7] auto update kustomize version --- .github/workflows/semantic-release.yaml | 4 +++- .releaserc | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 .releaserc diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml index 52217e4..96adeab 100644 --- a/.github/workflows/semantic-release.yaml +++ b/.github/workflows/semantic-release.yaml @@ -19,4 +19,6 @@ jobs: uses: go-semantic-release/action@v1.23 with: github-token: ${{ secrets.PAT }} - allow-initial-development-versions: true \ No newline at end of file + allow-initial-development-versions: true + extra-plugins: | + @semantic-release/exec \ No newline at end of file diff --git a/.releaserc b/.releaserc new file mode 100644 index 0000000..69745ea --- /dev/null +++ b/.releaserc @@ -0,0 +1,7 @@ +{ + "plugins": [ + ["@semantic-release/exec", { + "publishCmd": "sed -i 's/\(newTag:\).*/\1 ${nextRelease.version}/' deploy/kustomize/overlays/*/kustomization.yaml" + }], + ] +} From 4a99f42b43f390679401c54360d8fa9f7db1b86f Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Mon, 5 Aug 2024 12:43:17 +0200 Subject: [PATCH 2/7] update readme --- README.md | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 711587e..2ddf2d6 100644 --- a/README.md +++ b/README.md @@ -4,26 +4,19 @@ This repository creates and publishes Docker image for deployment of Alertmanage This proxy is useful for preventing sensitive information (e.g. IP addressess, hostnames, alert descriptions, etc.) leaving organisational boundaries when monitoring is outsourced to external entity. -For convenience, Dockerfile to couple filtering proxy with Signalilo is also provided. +For convenience, Dockerfile and deployment to couple filtering proxy with Signalilo is also provided. ## Installation -See `deploy/` for Kustomize based deployment. +See `deploy/kustomize` for Kustomize based deployment. ## Configuration -Patch ConfigMaps using Kustomize overlay. Example provided in `deploy/overlays/example`. - -Separately deploy Secret named `signalilo`, containing key/value pairs: - -``` -SIGNALILO_ALERTMANAGER_BEARER_TOKEN: foo -SIGNALILO_ICINGA_PASSWORD: bar -``` +Patch ConfigMaps using Kustomize overlay. Examples provided in `deploy/kustomize/overlays`. ### Proxy -Implicitly uses default HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables +Implicitly uses default HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables. ### Alertmanager @@ -34,7 +27,7 @@ receivers: - name: Default webhook_configs: - url: >- - http://signalilo-scrubbed.signalilo-scrubbed.svc.cluster.local:8080/webhook + http://scrubbed.scrubbed.svc.cluster.local:8080/webhook send_resolved: true http_config: bearer_token: "foo" From a1d8b4d7e2996bf0a68081a2cd78101a88214a7f Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Mon, 5 Aug 2024 12:43:43 +0200 Subject: [PATCH 3/7] feat: provide overlay examples --- server.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100755 server.py diff --git a/server.py b/server.py new file mode 100755 index 0000000..cc1a545 --- /dev/null +++ b/server.py @@ -0,0 +1,27 @@ +#!/bin/env python3 + +from http.server import BaseHTTPRequestHandler, HTTPServer + +class SimpleHTTPRequestHandler(BaseHTTPRequestHandler): + def do_POST(self): + # Log the received request + content_length = int(self.headers['Content-Length']) + post_data = self.rfile.read(content_length) + print(f"Received POST request with data: {post_data.decode('utf-8')}") + + # Send response status code + self.send_response(200) + # Send headers + self.send_header('Content-type', 'text/plain') + self.end_headers() + # Send response body + self.wfile.write(b"200 OK") + +def run(server_class=HTTPServer, handler_class=SimpleHTTPRequestHandler, port=8081): + server_address = ('', port) + httpd = server_class(server_address, handler_class) + print(f"Starting httpd server on port {port}") + httpd.serve_forever() + +if __name__ == '__main__': + run() From 2e8f8e10cd9bff31b04a24eb34fcadb98a20b531 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Mon, 5 Aug 2024 12:44:21 +0200 Subject: [PATCH 4/7] feat: provide overlay examples --- .../kustomize/base/configmap-signalilo.yaml | 16 ------- ...configmap-scrubbed.yaml => configmap.yaml} | 2 +- deploy/kustomize/base/deployment.yaml | 46 ++---------------- deploy/kustomize/base/kustomization.yaml | 25 ++++------ .../{overlays/example => base}/namespace.yaml | 2 +- deploy/kustomize/base/service.yaml | 6 +-- deploy/kustomize/base/serviceaccount.yaml | 2 +- .../overlays/example/kustomization.yaml | 12 ----- .../overlays/standalone/kustomization.yaml | 12 +++++ .../configmap-signalilo.yaml} | 7 ++- .../with-signalilo/deployment-patch.yaml | 48 +++++++++++++++++++ .../with-signalilo/kustomization.yaml | 18 +++++++ .../secret-signalilo.yaml | 0 .../with-signalilo/service-patch.yaml | 10 ++++ 14 files changed, 111 insertions(+), 95 deletions(-) delete mode 100644 deploy/kustomize/base/configmap-signalilo.yaml rename deploy/kustomize/base/{configmap-scrubbed.yaml => configmap.yaml} (82%) rename deploy/kustomize/{overlays/example => base}/namespace.yaml (60%) delete mode 100644 deploy/kustomize/overlays/example/kustomization.yaml create mode 100644 deploy/kustomize/overlays/standalone/kustomization.yaml rename deploy/kustomize/overlays/{example/configmap-signalilo-patch.yaml => with-signalilo/configmap-signalilo.yaml} (67%) create mode 100644 deploy/kustomize/overlays/with-signalilo/deployment-patch.yaml create mode 100644 deploy/kustomize/overlays/with-signalilo/kustomization.yaml rename deploy/kustomize/overlays/{example => with-signalilo}/secret-signalilo.yaml (100%) create mode 100644 deploy/kustomize/overlays/with-signalilo/service-patch.yaml diff --git a/deploy/kustomize/base/configmap-signalilo.yaml b/deploy/kustomize/base/configmap-signalilo.yaml deleted file mode 100644 index e6127b0..0000000 --- a/deploy/kustomize/base/configmap-signalilo.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: signalilo -immutable: false -data: - SIGNALILO_ALERTMANAGER_PLUGINOUTPUT_ANNOTATIONS: | - description - message - SIGNALILO_ALERTMANAGER_PORT: '8888' - SIGNALILO_ICINGA_CA: '' - SIGNALILO_ICINGA_DEBUG: '0' - SIGNALILO_ICINGA_HOSTNAME: '' - SIGNALILO_ICINGA_URL: '' - SIGNALILO_ICINGA_USERNAME: '' - SIGNALILO_UUID: '' diff --git a/deploy/kustomize/base/configmap-scrubbed.yaml b/deploy/kustomize/base/configmap.yaml similarity index 82% rename from deploy/kustomize/base/configmap-scrubbed.yaml rename to deploy/kustomize/base/configmap.yaml index 91dedfb..4af8ac7 100644 --- a/deploy/kustomize/base/configmap-scrubbed.yaml +++ b/deploy/kustomize/base/configmap.yaml @@ -8,7 +8,7 @@ data: SCRUBBED_ALERT_LABELS: alertname severity SCRUBBED_COMMON_ANNOTATIONS: '' SCRUBBED_COMMON_LABELS: alertname severity - SCRUBBED_DESTINATION_URL: 'http://signalilo-scrubbed:8888/webhook' + SCRUBBED_DESTINATION_URL: 'http://receiver:8888/webhook' SCRUBBED_GROUP_LABELS: '' SCRUBBED_LISTEN_PORT: '8080' SCRUBBED_LOG_LEVEL: INFO diff --git a/deploy/kustomize/base/deployment.yaml b/deploy/kustomize/base/deployment.yaml index 772e1cf..6c71275 100644 --- a/deploy/kustomize/base/deployment.yaml +++ b/deploy/kustomize/base/deployment.yaml @@ -1,57 +1,17 @@ kind: Deployment apiVersion: apps/v1 metadata: - name: signalilo-scrubbed + name: scrubbed spec: replicas: 1 selector: {} template: spec: - serviceAccountName: signalilo-scrubbed + serviceAccountName: scrubbed tolerations: - effect: NoSchedule operator: Exists containers: - - resources: - limits: - cpu: 20m - memory: 32Mi - requests: - cpu: 10m - memory: 16Mi - readinessProbe: - httpGet: - path: /healthz - port: 8888 - scheme: HTTP - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - terminationMessagePath: /dev/termination-log - name: signalilo - command: - - signalilo - livenessProbe: - httpGet: - path: /healthz - port: 8888 - scheme: HTTP - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - ports: - - containerPort: 8888 - protocol: TCP - imagePullPolicy: Always - terminationMessagePolicy: File - envFrom: - - configMapRef: - name: signalilo - - secretRef: - name: signalilo - image: 'signalilo-scrubbed' - resources: limits: cpu: 100m @@ -89,7 +49,7 @@ spec: envFrom: - configMapRef: name: scrubbed - image: signalilo-scrubbed + image: scrubbed restartPolicy: Always terminationGracePeriodSeconds: 10 dnsPolicy: ClusterFirst diff --git a/deploy/kustomize/base/kustomization.yaml b/deploy/kustomize/base/kustomization.yaml index e6523aa..a794247 100644 --- a/deploy/kustomize/base/kustomization.yaml +++ b/deploy/kustomize/base/kustomization.yaml @@ -2,20 +2,15 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- serviceaccount.yaml -- deployment.yaml -- service.yaml -- configmap-scrubbed.yaml -- configmap-signalilo.yaml -- prometheusrule.yaml - -images: -- name: signalilo-scrubbed - newName: quay.io/adfinis/signalilo-scrubbed - newTag: v0.2.0 + - namespace.yaml + - serviceaccount.yaml + - deployment.yaml + - service.yaml + - configmap.yaml + - prometheusrule.yaml labels: -- includeSelectors: true - pairs: - app.kubernetes.io/component: alerting - app.kubernetes.io/name: signalilo-scrubbed + - includeSelectors: true + pairs: + app.kubernetes.io/component: alerting + app.kubernetes.io/name: scrubbed diff --git a/deploy/kustomize/overlays/example/namespace.yaml b/deploy/kustomize/base/namespace.yaml similarity index 60% rename from deploy/kustomize/overlays/example/namespace.yaml rename to deploy/kustomize/base/namespace.yaml index 4392712..a7dbfcd 100644 --- a/deploy/kustomize/overlays/example/namespace.yaml +++ b/deploy/kustomize/base/namespace.yaml @@ -1,4 +1,4 @@ kind: Namespace apiVersion: v1 metadata: - name: signalilo-scrubbed + name: scrubbed diff --git a/deploy/kustomize/base/service.yaml b/deploy/kustomize/base/service.yaml index b3bed64..b56ccbb 100644 --- a/deploy/kustomize/base/service.yaml +++ b/deploy/kustomize/base/service.yaml @@ -1,7 +1,7 @@ kind: Service apiVersion: v1 metadata: - name: signalilo-scrubbed + name: scrubbed spec: sessionAffinityConfig: clientIP: @@ -11,10 +11,6 @@ spec: protocol: TCP port: 8080 targetPort: 8080 - - name: signalilo - protocol: TCP - port: 8888 - targetPort: 8888 internalTrafficPolicy: Cluster type: ClusterIP ipFamilyPolicy: SingleStack diff --git a/deploy/kustomize/base/serviceaccount.yaml b/deploy/kustomize/base/serviceaccount.yaml index b94a50d..563f0ff 100644 --- a/deploy/kustomize/base/serviceaccount.yaml +++ b/deploy/kustomize/base/serviceaccount.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: signalilo-scrubbed + name: scrubbed diff --git a/deploy/kustomize/overlays/example/kustomization.yaml b/deploy/kustomize/overlays/example/kustomization.yaml deleted file mode 100644 index adbb877..0000000 --- a/deploy/kustomize/overlays/example/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: signalilo-scrubbed - -resources: - - namespace.yaml - - ../../base - - secret-signalilo.yaml - -patches: - - path: configmap-signalilo-patch.yaml diff --git a/deploy/kustomize/overlays/standalone/kustomization.yaml b/deploy/kustomize/overlays/standalone/kustomization.yaml new file mode 100644 index 0000000..7971b0a --- /dev/null +++ b/deploy/kustomize/overlays/standalone/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: scrubbed + +images: + - name: scrubbed + newName: quay.io/adfinis/scrubbed + newTag: v0.2.0 + +resources: + - ../../base diff --git a/deploy/kustomize/overlays/example/configmap-signalilo-patch.yaml b/deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml similarity index 67% rename from deploy/kustomize/overlays/example/configmap-signalilo-patch.yaml rename to deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml index 6d030a9..8bb0d91 100644 --- a/deploy/kustomize/overlays/example/configmap-signalilo-patch.yaml +++ b/deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml @@ -2,7 +2,12 @@ kind: ConfigMap apiVersion: v1 metadata: name: signalilo +immutable: false data: + SIGNALILO_ALERTMANAGER_PLUGINOUTPUT_ANNOTATIONS: | + description + message + SIGNALILO_ALERTMANAGER_PORT: '8888' SIGNALILO_ICINGA_CA: | -----BEGIN CERTIFICATE----- ... @@ -13,4 +18,4 @@ data: https://master1.icinga.example.com:5665 https://master2.icinga.example.com:5665 SIGNALILO_ICINGA_USERNAME: api-username - SIGNALILO_UUID: 00000000-0000-0000-0000-000000000000 + SIGNALILO_UUID: 00000000-0000-0000-0000-000000000000 \ No newline at end of file diff --git a/deploy/kustomize/overlays/with-signalilo/deployment-patch.yaml b/deploy/kustomize/overlays/with-signalilo/deployment-patch.yaml new file mode 100644 index 0000000..ccedaa8 --- /dev/null +++ b/deploy/kustomize/overlays/with-signalilo/deployment-patch.yaml @@ -0,0 +1,48 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: scrubbed +spec: + template: + spec: + containers: + - resources: + limits: + cpu: 20m + memory: 32Mi + requests: + cpu: 10m + memory: 16Mi + readinessProbe: + httpGet: + path: /healthz + port: 8888 + scheme: HTTP + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: /dev/termination-log + name: signalilo + command: + - signalilo + livenessProbe: + httpGet: + path: /healthz + port: 8888 + scheme: HTTP + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + ports: + - containerPort: 8888 + protocol: TCP + imagePullPolicy: Always + terminationMessagePolicy: File + envFrom: + - configMapRef: + name: signalilo + - secretRef: + name: signalilo + image: scrubbed diff --git a/deploy/kustomize/overlays/with-signalilo/kustomization.yaml b/deploy/kustomize/overlays/with-signalilo/kustomization.yaml new file mode 100644 index 0000000..6425a88 --- /dev/null +++ b/deploy/kustomize/overlays/with-signalilo/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: scrubbed + +images: + - name: scrubbed + newName: quay.io/adfinis/scrubbed-signalilo + newTag: v0.2.0 + +resources: + - ../../base + - secret-signalilo.yaml + - configmap-signalilo.yaml + +patches: + - path: deployment-patch.yaml + - path: service-patch.yaml diff --git a/deploy/kustomize/overlays/example/secret-signalilo.yaml b/deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml similarity index 100% rename from deploy/kustomize/overlays/example/secret-signalilo.yaml rename to deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml diff --git a/deploy/kustomize/overlays/with-signalilo/service-patch.yaml b/deploy/kustomize/overlays/with-signalilo/service-patch.yaml new file mode 100644 index 0000000..90ec4c7 --- /dev/null +++ b/deploy/kustomize/overlays/with-signalilo/service-patch.yaml @@ -0,0 +1,10 @@ +kind: Service +apiVersion: v1 +metadata: + name: scrubbed +spec: + ports: + - name: signalilo + protocol: TCP + port: 8888 + targetPort: 8888 From 756d7bcf250e0c3d57abd47286608cace9ad3b49 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Mon, 5 Aug 2024 12:46:49 +0200 Subject: [PATCH 5/7] remove test server --- server.py | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100755 server.py diff --git a/server.py b/server.py deleted file mode 100755 index cc1a545..0000000 --- a/server.py +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/env python3 - -from http.server import BaseHTTPRequestHandler, HTTPServer - -class SimpleHTTPRequestHandler(BaseHTTPRequestHandler): - def do_POST(self): - # Log the received request - content_length = int(self.headers['Content-Length']) - post_data = self.rfile.read(content_length) - print(f"Received POST request with data: {post_data.decode('utf-8')}") - - # Send response status code - self.send_response(200) - # Send headers - self.send_header('Content-type', 'text/plain') - self.end_headers() - # Send response body - self.wfile.write(b"200 OK") - -def run(server_class=HTTPServer, handler_class=SimpleHTTPRequestHandler, port=8081): - server_address = ('', port) - httpd = server_class(server_address, handler_class) - print(f"Starting httpd server on port {port}") - httpd.serve_forever() - -if __name__ == '__main__': - run() From 780ab98e57e94ff42fa6216d87b5e3d1e2278577 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Mon, 5 Aug 2024 12:47:54 +0200 Subject: [PATCH 6/7] newline --- .github/workflows/semantic-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml index 96adeab..bcda64d 100644 --- a/.github/workflows/semantic-release.yaml +++ b/.github/workflows/semantic-release.yaml @@ -21,4 +21,4 @@ jobs: github-token: ${{ secrets.PAT }} allow-initial-development-versions: true extra-plugins: | - @semantic-release/exec \ No newline at end of file + @semantic-release/exec From d5692abe5e9969e01b3ae99587183c8749eb0b4e Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Mon, 5 Aug 2024 12:48:58 +0200 Subject: [PATCH 7/7] newline --- .../overlays/with-signalilo/configmap-signalilo.yaml | 4 ++-- .../kustomize/overlays/with-signalilo/secret-signalilo.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml b/deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml index 8bb0d91..bfcccf0 100644 --- a/deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml +++ b/deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml @@ -7,7 +7,7 @@ data: SIGNALILO_ALERTMANAGER_PLUGINOUTPUT_ANNOTATIONS: | description message - SIGNALILO_ALERTMANAGER_PORT: '8888' + SIGNALILO_ALERTMANAGER_PORT: "8888" SIGNALILO_ICINGA_CA: | -----BEGIN CERTIFICATE----- ... @@ -18,4 +18,4 @@ data: https://master1.icinga.example.com:5665 https://master2.icinga.example.com:5665 SIGNALILO_ICINGA_USERNAME: api-username - SIGNALILO_UUID: 00000000-0000-0000-0000-000000000000 \ No newline at end of file + SIGNALILO_UUID: 00000000-0000-0000-0000-000000000000 diff --git a/deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml b/deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml index c311b0d..b47527a 100644 --- a/deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml +++ b/deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml @@ -4,4 +4,4 @@ metadata: name: signalilo stringData:: SIGNALILO_ALERTMANAGER_BEARER_TOKEN: foo - SIGNALILO_ICINGA_PASSWORD: bar \ No newline at end of file + SIGNALILO_ICINGA_PASSWORD: bar