Merge pull request #35 from GDATASoftwareAG/add_documentation_for_sentry

Add configuration for Sentry monitoring and update documentation
GDATASoftwareAG · Apr 26, 2024 · a7bad80 · a7bad80
2 parents 9ea91dd + 36db697
commit a7bad80
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -85,6 +85,8 @@ export TOKEN_URL=http://vaas/auth/protocol/openid-connect/token # URL of the tok
 
 ## Configuring Verdict-as-a-Service
 
+### Cloud lookups
+
 The default configurations are set to provide the best verdict. When you have the need to run this helm-chart without sending the file hashes to our cloud, you can deactivate the cloud lookups with these options:
 
 ```yaml
@@ -99,13 +101,55 @@ With the `hashLookup`, VaaS uses the G DATA Cloud to obtain additional informati
 
 The `allowlistLookup` is a request of the hash to the G DATA Cloud, against a list of files that we know for sure are not malicious, to prevent false positives. Some clean files are still detected by the scanners signatures and the `allowlistLookup` will prevent these files to be detected as `malicious` or `pup`.
 
+### File size limit
+
 If you want to scan larger files, you have to adjust the deployments body size limit in `vaas.gateway.ingress.annotations`. Should looks like this:
 
 ```yaml
 nginx.ingress.kubernetes.io/proxy-body-size: <your maximum filesize>
 nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
 ```
 
+### Configure monitoring with Sentry
+
+To enable Sentry monitoring, you have to set at least your DSN in the `sentry` section of your `values` file:
+
+```yaml
+sentry:
+  dsn: "<your sentry dsn>"
+```
+
+If nothing is set except the DSN, the defaults lead to the following settings:
+
+- Environment: `Production`
+- MaxBreadcrumbs: `50`
+- MaxQueueItems: `50`
+- EnableTracing: `true`
+- TracesSampleRate: `0.5`
+
+These values can be overwritten in the `values` file:
+
+```yaml
+sentry:
+  dsn: "<your sentry dsn>"
+  environment: "<your environment>"
+  maxBreadcrumbs: <your maxBreadcrumbs>
+  maxQueueItems: <your maxQueueItems>
+  enableTracing: <your enableTracing>
+  tracesSampleRate: <your tracesSampleRate>
+```
+
+In addition, Sentry will always behave as follows:
+
+- CaptureBlockingCalls: `true`
+- AttachStacktrace: `true`
+- ShutdownTimeout: `5s`
+- SendDefaultPii: `false`
+- MinimumBreadcrumbLevel: `Debug`
+- MinimumEventLevel: `Warning`
+
+### Other values
+
 | Parameter                                  | Description                                                                                                 | Value                            |
 | ------------------------------------------ | ----------------------------------------------------------------------------------------------------------- | -------------------------------- |
 | `global.imagePullSecrets`                  | List of image pull secrets                                                                                  | `- name: registry`               |

diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vaas
-version: 1.4.1
+version: 1.4.2
 description: Deployment of a Verdict-as-a-Service on-premise instance
 maintainers:
   - name: G DATA CyberDefense AG

diff --git a/charts/vaas/templates/gateway/statefulset.yaml b/charts/vaas/templates/gateway/statefulset.yaml
@@ -57,7 +57,19 @@ spec:
             - name: ASPNETCORE_ENVIRONMENT
               value: {{ .Release.Name }}
             - name: Sentry__Environment
-              value: {{ .Release.Name }}
+              value: {{ .Values.sentry.environment | quote }}
+            - name: Sentry__Dsn
+              value: {{ .Values.sentry.dsn | quote }}
+            - name: Sentry__Release
+              value: {{ .Values.sentry.release | quote }}
+            - name: Sentry__MaxBreadcrumbs
+              value: {{ .Values.sentry.maxBreadcrumbs | quote }}
+            - name: Sentry__MaxQueueItems
+              value: {{ .Values.sentry.maxQueueItems | quote }}
+            - name: Sentry__EnableTracing
+              value: {{ .Values.sentry.enableTracing | quote }}
+            - name: Sentry__TracesSampleRate
+              value: {{ .Values.sentry.tracesSampleRate | quote }}
             - name: MaxAnalysisDuration
               value: {{ include "common.secondsToHHMMSS" .Values.gateway.terminationGracePeriodSeconds | quote }}
             - name: FileCloudVerdictSource__Enable

diff --git a/charts/vaas/values.yaml b/charts/vaas/values.yaml
@@ -45,6 +45,15 @@ cloud:
   allowlistLookup:
     enabled: true
 
+sentry:
+  dsn: ""
+  environment: ""
+  release: ""
+  maxBreadcrumbs: ""
+  maxQueueItems: ""
+  enableTracing: ""
+  tracesSampleRate: ""
+
 gateway:
   ingress:
     enabled: true