From b9a9be6f549c975ca539742a5a54b0ea56c148f8 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 18:15:36 +0200 Subject: [PATCH 01/13] add Helm chart --- .github/workflows/chart.yaml | 72 +++++++++++++++++++ .gitignore | 2 +- ct.yaml | 3 + deploy/charts/scrubbed/.helmignore | 23 ++++++ deploy/charts/scrubbed/Chart.yaml | 18 +++++ deploy/charts/scrubbed/templates/_helpers.tpl | 51 +++++++++++++ .../templates/configmap-scrubbed.yaml | 16 +++++ .../charts/scrubbed/templates/deployment.yaml | 71 ++++++++++++++++++ deploy/charts/scrubbed/templates/service.yaml | 23 ++++++ .../scrubbed/templates/serviceaccount.yaml | 7 ++ deploy/charts/scrubbed/values.yaml | 60 ++++++++++++++++ 11 files changed, 345 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/chart.yaml create mode 100644 ct.yaml create mode 100644 deploy/charts/scrubbed/.helmignore create mode 100644 deploy/charts/scrubbed/Chart.yaml create mode 100644 deploy/charts/scrubbed/templates/_helpers.tpl create mode 100644 deploy/charts/scrubbed/templates/configmap-scrubbed.yaml create mode 100644 deploy/charts/scrubbed/templates/deployment.yaml create mode 100644 deploy/charts/scrubbed/templates/service.yaml create mode 100644 deploy/charts/scrubbed/templates/serviceaccount.yaml create mode 100644 deploy/charts/scrubbed/values.yaml diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml new file mode 100644 index 0000000..ec6e119 --- /dev/null +++ b/.github/workflows/chart.yaml @@ -0,0 +1,72 @@ +--- +name: Chart + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.12.0 + + # Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and + # yamllint (https://github.com/adrienverge/yamllint) which require Python + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: 3.x + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2 + + - name: Run chart-testing (lint) + run: ct lint --config ct.yaml + + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.12.0 + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2 + + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + + - name: Build scrubbed image + uses: docker/build-push-action@v6 + with: + context: ./ + load: true + tags: quay.io/${{ github.repository }}/scrubbed:latest + + - name: Create kind cluster + uses: helm/kind-action@v1 + + - name: Load dev images into k8s + run: kind load docker-image quay.io/${{ github.repository }}/scrubbed --name chart-testing + + - name: Install kube-prometheus stack CRDs + run: | + export KUBE_PROMETHEUS_STACK_VERSION=58.4.0 + kubectl apply -f https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-$KUBE_PROMETHEUS_STACK_VERSION/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml + kubectl apply -f https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-$KUBE_PROMETHEUS_STACK_VERSION/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml + kubectl apply -f https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-$KUBE_PROMETHEUS_STACK_VERSION/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml + + - name: Run chart-testing (install) + run: ct --config=ct.yaml install diff --git a/.gitignore b/.gitignore index 49a1392..fb9fb49 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -scrubbed +./scrubbed coverage.coverprofile \ No newline at end of file diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 0000000..23115c4 --- /dev/null +++ b/ct.yaml @@ -0,0 +1,3 @@ +target-branch: main +charts: + - deploy/charts/scrubbed \ No newline at end of file diff --git a/deploy/charts/scrubbed/.helmignore b/deploy/charts/scrubbed/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/deploy/charts/scrubbed/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deploy/charts/scrubbed/Chart.yaml b/deploy/charts/scrubbed/Chart.yaml new file mode 100644 index 0000000..fdcdd03 --- /dev/null +++ b/deploy/charts/scrubbed/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: scrubbed +description: Deploy Scrubbed via Helm +type: application +version: 0.1.0 +appVersion: "0.3.0" +keywords: + - scrubbed + - alertmanager + - webhook + - prometheus +home: https://github.com/adfinis/scrubbed +sources: + - https://github.com/adfinis/scrubbed/tree/main/deploy/charts/scrubbed +maintainers: + - name: adfinis + email: support@adfinis.com + url: https://adfinis.com diff --git a/deploy/charts/scrubbed/templates/_helpers.tpl b/deploy/charts/scrubbed/templates/_helpers.tpl new file mode 100644 index 0000000..f1ede7f --- /dev/null +++ b/deploy/charts/scrubbed/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "scrubbed.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "scrubbed.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "scrubbed.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "scrubbed.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: {{ .Chart.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{ include "scrubbed.selectorLabels" . }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "scrubbed.selectorLabels" -}} +app.kubernetes.io/name: {{ include "scrubbed.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/deploy/charts/scrubbed/templates/configmap-scrubbed.yaml b/deploy/charts/scrubbed/templates/configmap-scrubbed.yaml new file mode 100644 index 0000000..14bfd0d --- /dev/null +++ b/deploy/charts/scrubbed/templates/configmap-scrubbed.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "scrubbed.fullname" . }} + labels: + {{- include "scrubbed.labels" . | nindent 4 }} + app.kubernetes.io/component: scrubbed +data: + SCRUBBED_ALERT_ANNOTATIONS: {{ .Values.scrubbed.alertAnnotations | quote }} + SCRUBBED_ALERT_LABELS: {{ .Values.scrubbed.alertLabels | quote }} + SCRUBBED_COMMON_ANNOTATIONS: {{ .Values.scrubbed.commonAnnotations | quote }} + SCRUBBED_COMMON_LABELS: {{ .Values.scrubbed.commonLabels | quote }} + SCRUBBED_GROUP_LABELS: {{ .Values.scrubbed.groupLabels | quote }} + SCRUBBED_DESTINATION_URL: {{ .Values.scrubbed.destinationURL | quote }} + SCRUBBED_LISTEN_PORT: {{ .Values.scrubbed.listenPort | quote }} + SCRUBBED_LOG_LEVEL: {{ .Values.scrubbed.logLevel | quote }} diff --git a/deploy/charts/scrubbed/templates/deployment.yaml b/deploy/charts/scrubbed/templates/deployment.yaml new file mode 100644 index 0000000..308fbe9 --- /dev/null +++ b/deploy/charts/scrubbed/templates/deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "scrubbed.labels" . | nindent 4 }} + app.kubernetes.io/component: scrubbed + name: {{ include "scrubbed.fullname" . }} +spec: + progressDeadlineSeconds: 60 + replicas: {{ .Values.scrubbed.replicaCount }} + revisionHistoryLimit: 2 + selector: + matchLabels: + {{- include "scrubbed.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + {{- include "scrubbed.labels" . | nindent 8 }} + app.kubernetes.io/component: scrubbed + spec: + containers: + - command: + - scrubbed + envFrom: + - configMapRef: + name: {{ include "scrubbed.fullname" . }} + image: "{{ .Values.scrubbed.image.repository }}:{{ default .Chart.AppVersion .Values.scrubbed.image.tag }}" + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: {{ .Values.scrubbed.listenPort }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: scrubbed + ports: + - containerPort: {{ .Values.scrubbed.listenPort }} + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: {{ .Values.scrubbed.listenPort }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: +{{ toYaml .Values.scrubbed.resources | indent 10 }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + securityContext: {} + serviceAccountName: scrubbed + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + operator: Exists +{{- if .Values.scrubbed.nodeSelector }} + nodeSelector: +{{ toYaml .Values.scrubbed.nodeSelector | indent 8 }} +{{- end }} diff --git a/deploy/charts/scrubbed/templates/service.yaml b/deploy/charts/scrubbed/templates/service.yaml new file mode 100644 index 0000000..35fce9d --- /dev/null +++ b/deploy/charts/scrubbed/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.scrubbed.serviceName }} + labels: + {{- include "scrubbed.labels" . | nindent 4 }} + app.kubernetes.io/component: scrubbed +spec: + internalTrafficPolicy: Cluster + ipFamilyPolicy: SingleStack + ports: + - name: scrubbed + port: {{ .Values.scrubbed.listenPort }} + protocol: TCP + targetPort: {{ .Values.scrubbed.listenPort }} + selector: + {{- include "scrubbed.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: scrubbed + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + type: ClusterIP \ No newline at end of file diff --git a/deploy/charts/scrubbed/templates/serviceaccount.yaml b/deploy/charts/scrubbed/templates/serviceaccount.yaml new file mode 100644 index 0000000..f0c3c4f --- /dev/null +++ b/deploy/charts/scrubbed/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "scrubbed.fullname" . }} + labels: + {{- include "scrubbed.labels" . | nindent 4 }} + app.kubernetes.io/component: scrubbed diff --git a/deploy/charts/scrubbed/values.yaml b/deploy/charts/scrubbed/values.yaml new file mode 100644 index 0000000..112b43f --- /dev/null +++ b/deploy/charts/scrubbed/values.yaml @@ -0,0 +1,60 @@ +# Default values for scrubbed chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +scrubbed: + image: + # -- Scrubbed image repository + repository: quay.io/adfinis/scrubbed + # -- Scrubbed image version + tag: ~ + # -- Number of replicas + replicaCount: 1 + # -- Space separated list of alert annotations to keep + alertAnnotations: "" + # -- Space separated list of alert labels to keep + alertLabels: "alertname severity" + # -- Space separated list of common annotations to keep + commonAnnotations: "" + # -- Space separated list of common labels to keep + commonLabels: "alertname severity" + # -- Space separated list of group labels to keep + groupLabels: "" + # -- Destination URL to send scrubbed alerts to + destinationURL: "http://alert-receiver:8888/webhook" + # -- Listener port of Scrubbed service + listenPort: "8080" + # -- Scrubbed log level + logLevel: "INFO" + # -- Resource limits and requests for scrubbed + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 16Mi + # -- Scrubbed service name + serviceName: scrubbed + +# signalilo: +# enabled: true +# alertmanagerPluginoutputAnnotations: | +# description +# message +# alertmanagerPort: "8888" +# icingaCA: | +# -----BEGIN CERTIFICATE----- +# -----END CERTIFICATE----- +# debug: "0" +# icingaHostname: "" +# icingaURL: "" +# icingaUsername: "" +# icingaUUID: "" +# externalSecret: +# enabled: true +# name: adfinis-alerting From ec368d2e319eb4edc1f913cc3af33ffa6179c12d Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 18:16:33 +0200 Subject: [PATCH 02/13] newline --- deploy/charts/scrubbed/templates/service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/charts/scrubbed/templates/service.yaml b/deploy/charts/scrubbed/templates/service.yaml index 35fce9d..78da68a 100644 --- a/deploy/charts/scrubbed/templates/service.yaml +++ b/deploy/charts/scrubbed/templates/service.yaml @@ -20,4 +20,4 @@ spec: sessionAffinityConfig: clientIP: timeoutSeconds: 10800 - type: ClusterIP \ No newline at end of file + type: ClusterIP From 62a09a27badf1bdd355c9691ddacd4e41587b007 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 18:17:17 +0200 Subject: [PATCH 03/13] newline --- .gitignore | 2 +- ct.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index fb9fb49..d0b335b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ ./scrubbed -coverage.coverprofile \ No newline at end of file +coverage.coverprofile diff --git a/ct.yaml b/ct.yaml index 23115c4..145cdf8 100644 --- a/ct.yaml +++ b/ct.yaml @@ -1,3 +1,3 @@ target-branch: main charts: - - deploy/charts/scrubbed \ No newline at end of file + - deploy/charts/scrubbed From 49b1fce4a30935f1f9e9f00cb224bee685d6aa59 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 18:30:47 +0200 Subject: [PATCH 04/13] generate readme --- deploy/charts/scrubbed/README.md | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 deploy/charts/scrubbed/README.md diff --git a/deploy/charts/scrubbed/README.md b/deploy/charts/scrubbed/README.md new file mode 100644 index 0000000..4db8b83 --- /dev/null +++ b/deploy/charts/scrubbed/README.md @@ -0,0 +1,38 @@ +# scrubbed + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.0](https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square) + +Deploy Scrubbed via Helm + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| adfinis | | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| scrubbed.alertAnnotations | string | `""` | Space separated list of alert annotations to keep | +| scrubbed.alertLabels | string | `"alertname severity"` | Space separated list of alert labels to keep | +| scrubbed.commonAnnotations | string | `""` | Space separated list of common annotations to keep | +| scrubbed.commonLabels | string | `"alertname severity"` | Space separated list of common labels to keep | +| scrubbed.destinationURL | string | `"http://alert-receiver:8888/webhook"` | Destination URL to send scrubbed alerts to | +| scrubbed.groupLabels | string | `""` | Space separated list of group labels to keep | +| scrubbed.image.repository | string | `"quay.io/adfinis/scrubbed"` | Scrubbed image repository | +| scrubbed.image.tag | string | `nil` | Scrubbed image version | +| scrubbed.listenPort | string | `"8080"` | Listener port of Scrubbed service | +| scrubbed.logLevel | string | `"INFO"` | Scrubbed log level | +| scrubbed.replicaCount | int | `1` | Number of replicas | +| scrubbed.resources | object | `{}` | Resource limits and requests for scrubbed | +| scrubbed.serviceName | string | `"scrubbed"` | Scrubbed service name | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) From 8e41c04e72b8042258951d4b66c3859bcbacde37 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 18:31:02 +0200 Subject: [PATCH 05/13] add empty default files for ci --- deploy/charts/scrubbed/ci/default-values.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 deploy/charts/scrubbed/ci/default-values.yaml diff --git a/deploy/charts/scrubbed/ci/default-values.yaml b/deploy/charts/scrubbed/ci/default-values.yaml new file mode 100644 index 0000000..e69de29 From b426efdf82c7ae6074c91491b651f1a866a9fe9a Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 18:31:17 +0200 Subject: [PATCH 06/13] fix service account reference --- deploy/charts/scrubbed/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/charts/scrubbed/templates/deployment.yaml b/deploy/charts/scrubbed/templates/deployment.yaml index 308fbe9..4125044 100644 --- a/deploy/charts/scrubbed/templates/deployment.yaml +++ b/deploy/charts/scrubbed/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: dnsPolicy: ClusterFirst restartPolicy: Always securityContext: {} - serviceAccountName: scrubbed + serviceAccountName: {{ include "scrubbed.fullname" . }} terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule From b3ef863fef3c4d49c9ce1763cecb122963e5e6ed Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 18:55:15 +0200 Subject: [PATCH 07/13] fix tag --- deploy/charts/scrubbed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/charts/scrubbed/Chart.yaml b/deploy/charts/scrubbed/Chart.yaml index fdcdd03..0ea9f40 100644 --- a/deploy/charts/scrubbed/Chart.yaml +++ b/deploy/charts/scrubbed/Chart.yaml @@ -3,7 +3,7 @@ name: scrubbed description: Deploy Scrubbed via Helm type: application version: 0.1.0 -appVersion: "0.3.0" +appVersion: "v0.3.0" keywords: - scrubbed - alertmanager From c2ae8330319cc4170bfe5ade3465ef4a8b9b9050 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 19:08:14 +0200 Subject: [PATCH 08/13] add host listen configuration --- deploy/charts/scrubbed/README.md | 3 ++- deploy/charts/scrubbed/templates/configmap-scrubbed.yaml | 1 + deploy/charts/scrubbed/values.yaml | 2 ++ deploy/kustomize/base/configmap.yaml | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/deploy/charts/scrubbed/README.md b/deploy/charts/scrubbed/README.md index 4db8b83..2256766 100644 --- a/deploy/charts/scrubbed/README.md +++ b/deploy/charts/scrubbed/README.md @@ -1,6 +1,6 @@ # scrubbed -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.0](https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.0](https://img.shields.io/badge/AppVersion-v0.3.0-informational?style=flat-square) Deploy Scrubbed via Helm @@ -28,6 +28,7 @@ Deploy Scrubbed via Helm | scrubbed.groupLabels | string | `""` | Space separated list of group labels to keep | | scrubbed.image.repository | string | `"quay.io/adfinis/scrubbed"` | Scrubbed image repository | | scrubbed.image.tag | string | `nil` | Scrubbed image version | +| scrubbed.listenHost | string | `"0.0.0.0"` | Listener host of Scrubbed service | | scrubbed.listenPort | string | `"8080"` | Listener port of Scrubbed service | | scrubbed.logLevel | string | `"INFO"` | Scrubbed log level | | scrubbed.replicaCount | int | `1` | Number of replicas | diff --git a/deploy/charts/scrubbed/templates/configmap-scrubbed.yaml b/deploy/charts/scrubbed/templates/configmap-scrubbed.yaml index 14bfd0d..949d628 100644 --- a/deploy/charts/scrubbed/templates/configmap-scrubbed.yaml +++ b/deploy/charts/scrubbed/templates/configmap-scrubbed.yaml @@ -13,4 +13,5 @@ data: SCRUBBED_GROUP_LABELS: {{ .Values.scrubbed.groupLabels | quote }} SCRUBBED_DESTINATION_URL: {{ .Values.scrubbed.destinationURL | quote }} SCRUBBED_LISTEN_PORT: {{ .Values.scrubbed.listenPort | quote }} + SCRUBBED_LISTEN_HOST: {{ .Values.scrubbed.listenHost | quote }} SCRUBBED_LOG_LEVEL: {{ .Values.scrubbed.logLevel | quote }} diff --git a/deploy/charts/scrubbed/values.yaml b/deploy/charts/scrubbed/values.yaml index 112b43f..277c109 100644 --- a/deploy/charts/scrubbed/values.yaml +++ b/deploy/charts/scrubbed/values.yaml @@ -22,6 +22,8 @@ scrubbed: groupLabels: "" # -- Destination URL to send scrubbed alerts to destinationURL: "http://alert-receiver:8888/webhook" + # -- Listener host of Scrubbed service + listenHost: "0.0.0.0" # -- Listener port of Scrubbed service listenPort: "8080" # -- Scrubbed log level diff --git a/deploy/kustomize/base/configmap.yaml b/deploy/kustomize/base/configmap.yaml index 4af8ac7..cb4cb50 100644 --- a/deploy/kustomize/base/configmap.yaml +++ b/deploy/kustomize/base/configmap.yaml @@ -11,4 +11,5 @@ data: SCRUBBED_DESTINATION_URL: 'http://receiver:8888/webhook' SCRUBBED_GROUP_LABELS: '' SCRUBBED_LISTEN_PORT: '8080' + SCRUBBED_LISTEN_HOST: '0.0.0.0' SCRUBBED_LOG_LEVEL: INFO From bd9128c9c4a65d89da061cc980ae40807199b152 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 21:05:17 +0200 Subject: [PATCH 09/13] add optional signalilo --- deploy/charts/scrubbed/README.md | 17 ++++- deploy/charts/scrubbed/ci/default-values.yaml | 8 +++ .../templates/configmap-signalilo.yaml | 18 +++++ .../charts/scrubbed/templates/deployment.yaml | 41 ++++++++++- .../{service.yaml => service-scrubbed.yaml} | 0 .../scrubbed/templates/service-signalilo.yaml | 25 +++++++ deploy/charts/scrubbed/values.yaml | 72 ++++++++++++------- 7 files changed, 151 insertions(+), 30 deletions(-) create mode 100644 deploy/charts/scrubbed/templates/configmap-signalilo.yaml rename deploy/charts/scrubbed/templates/{service.yaml => service-scrubbed.yaml} (100%) create mode 100644 deploy/charts/scrubbed/templates/service-signalilo.yaml diff --git a/deploy/charts/scrubbed/README.md b/deploy/charts/scrubbed/README.md index 2256766..090ffc6 100644 --- a/deploy/charts/scrubbed/README.md +++ b/deploy/charts/scrubbed/README.md @@ -20,20 +20,31 @@ Deploy Scrubbed via Helm | Key | Type | Default | Description | |-----|------|---------|-------------| +| image.repository | string | `"quay.io/adfinis/scrubbed"` | Scrubbed image repository | +| image.tag | string | `nil` | Scrubbed image version | +| replicaCount | int | `1` | Number of replicas | | scrubbed.alertAnnotations | string | `""` | Space separated list of alert annotations to keep | | scrubbed.alertLabels | string | `"alertname severity"` | Space separated list of alert labels to keep | | scrubbed.commonAnnotations | string | `""` | Space separated list of common annotations to keep | | scrubbed.commonLabels | string | `"alertname severity"` | Space separated list of common labels to keep | | scrubbed.destinationURL | string | `"http://alert-receiver:8888/webhook"` | Destination URL to send scrubbed alerts to | | scrubbed.groupLabels | string | `""` | Space separated list of group labels to keep | -| scrubbed.image.repository | string | `"quay.io/adfinis/scrubbed"` | Scrubbed image repository | -| scrubbed.image.tag | string | `nil` | Scrubbed image version | | scrubbed.listenHost | string | `"0.0.0.0"` | Listener host of Scrubbed service | | scrubbed.listenPort | string | `"8080"` | Listener port of Scrubbed service | | scrubbed.logLevel | string | `"INFO"` | Scrubbed log level | -| scrubbed.replicaCount | int | `1` | Number of replicas | | scrubbed.resources | object | `{}` | Resource limits and requests for scrubbed | | scrubbed.serviceName | string | `"scrubbed"` | Scrubbed service name | +| signalilo.alertmanagerPluginOutputAnnotations | string | `"description\nmessage\n"` | The name of an annotation to retrieve the plugin_output from | +| signalilo.debug | string | `"0"` | If true, enable debugging mode in Icinga client | +| signalilo.enabled | bool | `false` | Enable Signalilo sidecar. If enabled, use image scrubbed-signalilo. | +| signalilo.icingaCA | string | `""` | A PEM string of the trusted CA certificate for the Icinga2 API certificate | +| signalilo.icingaHostname | string | `""` | Name of the Servicehost in Icinga2 | +| signalilo.icingaURL | string | `""` | URL of the Icinga API. It's possible to specify one or more URLs. The Parameter content will be split on newline character | +| signalilo.icingaUUID | string | `"00000000-0000-0000-0000-000000000000"` | UUID which identifies the Signalilo instance. | +| signalilo.icingaUsername | string | `""` | Authentication against Icinga2 API. | +| signalilo.listenPort | string | `"8888"` | Listen port of Signalilo service | +| signalilo.resources | object | `{}` | Resource limits and requests for scrubbed | +| signalilo.serviceName | string | `"signalilo"` | Signalilo service name | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/deploy/charts/scrubbed/ci/default-values.yaml b/deploy/charts/scrubbed/ci/default-values.yaml index e69de29..289fb0b 100644 --- a/deploy/charts/scrubbed/ci/default-values.yaml +++ b/deploy/charts/scrubbed/ci/default-values.yaml @@ -0,0 +1,8 @@ +image: + repository: quay.io/adfinis/scrubbed-signalilo + +scrubbed: + destinationURL: "http://signalilo:8888/webhook" + +signalilo: + enabled: true diff --git a/deploy/charts/scrubbed/templates/configmap-signalilo.yaml b/deploy/charts/scrubbed/templates/configmap-signalilo.yaml new file mode 100644 index 0000000..2710a13 --- /dev/null +++ b/deploy/charts/scrubbed/templates/configmap-signalilo.yaml @@ -0,0 +1,18 @@ +{{- if .Values.signalilo.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "scrubbed.fullname" . }}-signalilo + labels: + {{- include "scrubbed.labels" . | nindent 4 }} + app.kubernetes.io/component: signalilo +data: + SIGNALILO_ALERTMANAGER_PLUGINOUTPUT_ANNOTATIONS: {{ .Values.signalilo.alertmanagerPluginOutputAnnotations | quote }} + SIGNALILO_ALERTMANAGER_PORT: {{ .Values.signalilo.listenPort | quote }} + SIGNALILO_ICINGA_CA: {{ .Values.signalilo.icingaCA | quote }} + SIGNALILO_ICINGA_DEBUG: {{ .Values.signalilo.debug | quote }} + SIGNALILO_ICINGA_HOSTNAME: {{ .Values.signalilo.icingaHostname | quote }} + SIGNALILO_ICINGA_URL: {{ .Values.signalilo.icingaURL | quote }} + SIGNALILO_ICINGA_USERNAME: {{ .Values.signalilo.icingaUsername | quote }} + SIGNALILO_UUID: {{ .Values.signalilo.icingaUUID | quote }} +{{- end -}} diff --git a/deploy/charts/scrubbed/templates/deployment.yaml b/deploy/charts/scrubbed/templates/deployment.yaml index 4125044..312dbeb 100644 --- a/deploy/charts/scrubbed/templates/deployment.yaml +++ b/deploy/charts/scrubbed/templates/deployment.yaml @@ -7,7 +7,7 @@ metadata: name: {{ include "scrubbed.fullname" . }} spec: progressDeadlineSeconds: 60 - replicas: {{ .Values.scrubbed.replicaCount }} + replicas: {{ .Values.replicaCount }} revisionHistoryLimit: 2 selector: matchLabels: @@ -29,7 +29,7 @@ spec: envFrom: - configMapRef: name: {{ include "scrubbed.fullname" . }} - image: "{{ .Values.scrubbed.image.repository }}:{{ default .Chart.AppVersion .Values.scrubbed.image.tag }}" + image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -57,6 +57,43 @@ spec: {{ toYaml .Values.scrubbed.resources | indent 10 }} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File +{{- if .Values.signalilo.enabled }} + - command: + - signalilo + envFrom: + - configMapRef: + name: {{ include "scrubbed.fullname" . }}-signalilo + - secretRef: + name: {{ include "scrubbed.fullname" . }}-signalilo + image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: {{ .Values.signalilo.listenPort }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: signalilo + ports: + - containerPort: {{ .Values.signalilo.listenPort }} + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: {{ .Values.signalilo.listenPort }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: +{{ toYaml .Values.scrubbed.resources | indent 10 }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File +{{- end }} dnsPolicy: ClusterFirst restartPolicy: Always securityContext: {} diff --git a/deploy/charts/scrubbed/templates/service.yaml b/deploy/charts/scrubbed/templates/service-scrubbed.yaml similarity index 100% rename from deploy/charts/scrubbed/templates/service.yaml rename to deploy/charts/scrubbed/templates/service-scrubbed.yaml diff --git a/deploy/charts/scrubbed/templates/service-signalilo.yaml b/deploy/charts/scrubbed/templates/service-signalilo.yaml new file mode 100644 index 0000000..c560c34 --- /dev/null +++ b/deploy/charts/scrubbed/templates/service-signalilo.yaml @@ -0,0 +1,25 @@ +{{- if .Values.signalilo.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.signalilo.serviceName }} + labels: + {{- include "scrubbed.labels" . | nindent 4 }} + app.kubernetes.io/component: signalilo +spec: + internalTrafficPolicy: Cluster + ipFamilyPolicy: SingleStack + ports: + - name: signalilo + port: {{ .Values.signalilo.listenPort }} + protocol: TCP + targetPort: {{ .Values.signalilo.listenPort }} + selector: + {{- include "scrubbed.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: scrubbed + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + type: ClusterIP +{{- end -}} diff --git a/deploy/charts/scrubbed/values.yaml b/deploy/charts/scrubbed/values.yaml index 277c109..56ada8a 100644 --- a/deploy/charts/scrubbed/values.yaml +++ b/deploy/charts/scrubbed/values.yaml @@ -2,14 +2,16 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +image: + # -- Scrubbed image repository + repository: quay.io/adfinis/scrubbed + # -- Scrubbed image version + tag: ~ + +# -- Number of replicas +replicaCount: 1 + scrubbed: - image: - # -- Scrubbed image repository - repository: quay.io/adfinis/scrubbed - # -- Scrubbed image version - tag: ~ - # -- Number of replicas - replicaCount: 1 # -- Space separated list of alert annotations to keep alertAnnotations: "" # -- Space separated list of alert labels to keep @@ -29,7 +31,8 @@ scrubbed: # -- Scrubbed log level logLevel: "INFO" # -- Resource limits and requests for scrubbed - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -43,20 +46,39 @@ scrubbed: # -- Scrubbed service name serviceName: scrubbed -# signalilo: -# enabled: true -# alertmanagerPluginoutputAnnotations: | -# description -# message -# alertmanagerPort: "8888" -# icingaCA: | -# -----BEGIN CERTIFICATE----- -# -----END CERTIFICATE----- -# debug: "0" -# icingaHostname: "" -# icingaURL: "" -# icingaUsername: "" -# icingaUUID: "" -# externalSecret: -# enabled: true -# name: adfinis-alerting +signalilo: + # -- Enable Signalilo sidecar. If enabled, use image scrubbed-signalilo. + enabled: false + # -- The name of an annotation to retrieve the plugin_output from + alertmanagerPluginOutputAnnotations: | + description + message + # -- Listen port of Signalilo service + listenPort: "8888" + # -- A PEM string of the trusted CA certificate for the Icinga2 API certificate + icingaCA: "" + # -- If true, enable debugging mode in Icinga client + debug: "0" + # -- Name of the Servicehost in Icinga2 + icingaHostname: "" + # -- URL of the Icinga API. It's possible to specify one or more URLs. The Parameter content will be split on newline character + icingaURL: "" + # -- Authentication against Icinga2 API. + icingaUsername: "" + # -- UUID which identifies the Signalilo instance. + icingaUUID: "00000000-0000-0000-0000-000000000000" + # -- Resource limits and requests for scrubbed + resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 16Mi + # -- Signalilo service name + serviceName: signalilo From 5eb8854babd607c57fd77093b392f12bc5994455 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 21:27:07 +0200 Subject: [PATCH 10/13] add optional secret for testing --- deploy/charts/scrubbed/README.md | 1 + deploy/charts/scrubbed/ci/default-values.yaml | 1 + .../charts/scrubbed/templates/secret-signalilo.yaml | 12 ++++++++++++ deploy/charts/scrubbed/values.yaml | 2 ++ 4 files changed, 16 insertions(+) create mode 100644 deploy/charts/scrubbed/templates/secret-signalilo.yaml diff --git a/deploy/charts/scrubbed/README.md b/deploy/charts/scrubbed/README.md index 090ffc6..ccb88de 100644 --- a/deploy/charts/scrubbed/README.md +++ b/deploy/charts/scrubbed/README.md @@ -45,6 +45,7 @@ Deploy Scrubbed via Helm | signalilo.listenPort | string | `"8888"` | Listen port of Signalilo service | | signalilo.resources | object | `{}` | Resource limits and requests for scrubbed | | signalilo.serviceName | string | `"signalilo"` | Signalilo service name | +| signalilo.testSecret | bool | `false` | generate secret for CI testing, if false provide your own. Required keys are SIGNALILO_ALERTMANAGER_BEARER_TOKEN and SIGNALILO_ICINGA_PASSWORD | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/deploy/charts/scrubbed/ci/default-values.yaml b/deploy/charts/scrubbed/ci/default-values.yaml index 289fb0b..3d562eb 100644 --- a/deploy/charts/scrubbed/ci/default-values.yaml +++ b/deploy/charts/scrubbed/ci/default-values.yaml @@ -6,3 +6,4 @@ scrubbed: signalilo: enabled: true + testSecret: true diff --git a/deploy/charts/scrubbed/templates/secret-signalilo.yaml b/deploy/charts/scrubbed/templates/secret-signalilo.yaml new file mode 100644 index 0000000..f849427 --- /dev/null +++ b/deploy/charts/scrubbed/templates/secret-signalilo.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.signalilo.enabled .Values.signalilo.testSecret -}} +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "scrubbed.fullname" . }}-signalilo + labels: + {{- include "scrubbed.labels" . | nindent 4 }} + app.kubernetes.io/component: signalilo +stringData:: + SIGNALILO_ALERTMANAGER_BEARER_TOKEN: foo + SIGNALILO_ICINGA_PASSWORD: bar +{{- end -}} diff --git a/deploy/charts/scrubbed/values.yaml b/deploy/charts/scrubbed/values.yaml index 56ada8a..a6ecf18 100644 --- a/deploy/charts/scrubbed/values.yaml +++ b/deploy/charts/scrubbed/values.yaml @@ -82,3 +82,5 @@ signalilo: # memory: 16Mi # -- Signalilo service name serviceName: signalilo + # -- generate secret for CI testing, if false provide your own. Required keys are SIGNALILO_ALERTMANAGER_BEARER_TOKEN and SIGNALILO_ICINGA_PASSWORD + testSecret: false From f937c2cc60dc0de21a960b7b179f3206866f3249 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 21:40:42 +0200 Subject: [PATCH 11/13] add test values --- deploy/charts/scrubbed/ci/default-values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy/charts/scrubbed/ci/default-values.yaml b/deploy/charts/scrubbed/ci/default-values.yaml index 3d562eb..f5f6127 100644 --- a/deploy/charts/scrubbed/ci/default-values.yaml +++ b/deploy/charts/scrubbed/ci/default-values.yaml @@ -7,3 +7,8 @@ scrubbed: signalilo: enabled: true testSecret: true + icingaURL: | + https://master1.icinga.example.com:5665 + https://master2.icinga.example.com:5665 + icingaHostname: test + icingaUsername: test From cfe2c833bc8d6e792dc56661b6e1026ed6f05d49 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 21:50:59 +0200 Subject: [PATCH 12/13] disable signalilo testing --- deploy/charts/scrubbed/ci/default-values.yaml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/deploy/charts/scrubbed/ci/default-values.yaml b/deploy/charts/scrubbed/ci/default-values.yaml index f5f6127..175189d 100644 --- a/deploy/charts/scrubbed/ci/default-values.yaml +++ b/deploy/charts/scrubbed/ci/default-values.yaml @@ -3,12 +3,3 @@ image: scrubbed: destinationURL: "http://signalilo:8888/webhook" - -signalilo: - enabled: true - testSecret: true - icingaURL: | - https://master1.icinga.example.com:5665 - https://master2.icinga.example.com:5665 - icingaHostname: test - icingaUsername: test From 4eaf73b008706d7cca5a7ecce8b487a932d5c371 Mon Sep 17 00:00:00 2001 From: Ales Zelenik Date: Tue, 17 Sep 2024 21:59:49 +0200 Subject: [PATCH 13/13] chore(deploy): add Helm chart