From 41bc281c316a37e606da9d2156f74d80885c4579 Mon Sep 17 00:00:00 2001
From: Lennart Dohmann <lennart.dohmann@gdata.de>
Date: Thu, 25 Apr 2024 16:25:26 +0200
Subject: [PATCH 1/2] Add configuration for Sentry monitoring and update
 documentation

---
 README.md                                     | 44 +++++++++++++++++++
 .../vaas/templates/gateway/statefulset.yaml   | 14 +++++-
 charts/vaas/values.yaml                       |  9 ++++
 3 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7b35526..6aaeb9e 100644
--- a/README.md
+++ b/README.md
@@ -85,6 +85,8 @@ export TOKEN_URL=http://vaas/auth/protocol/openid-connect/token # URL of the tok
 
 ## Configuring Verdict-as-a-Service
 
+### Cloud lookups
+
 The default configurations are set to provide the best verdict. When you have the need to run this helm-chart without sending the file hashes to our cloud, you can deactivate the cloud lookups with these options:
 
 ```yaml
@@ -99,6 +101,8 @@ With the `hashLookup`, VaaS uses the G DATA Cloud to obtain additional informati
 
 The `allowlistLookup` is a request of the hash to the G DATA Cloud, against a list of files that we know for sure are not malicious, to prevent false positives. Some clean files are still detected by the scanners signatures and the `allowlistLookup` will prevent these files to be detected as `malicious` or `pup`.
 
+### File size limit
+
 If you want to scan larger files, you have to adjust the deployments body size limit in `vaas.gateway.ingress.annotations`. Should looks like this:
 
 ```yaml
@@ -106,6 +110,46 @@ nginx.ingress.kubernetes.io/proxy-body-size: <your maximum filesize>
 nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
 ```
 
+### Configure monitoring with Sentry
+
+To enable Sentry monitoring, you have to set at least your DSN in the `sentry` section of your `values` file:
+
+```yaml
+sentry:
+  dsn: "<your sentry dsn>"
+```
+
+If nothing is set except the DSN, the defaults lead to the following settings:
+
+- Environment: `Production`
+- MaxBreadcrumbs: `50`
+- MaxQueueItems: `50`
+- EnableTracing: `true`
+- TracesSampleRate: `0.5`
+
+These values can be overwritten in the `values` file:
+  
+```yaml
+sentry:
+  dsn: "<your sentry dsn>"
+  environment: "<your environment>"
+  maxBreadcrumbs: <your maxBreadcrumbs>
+  maxQueueItems: <your maxQueueItems>
+  enableTracing: <your enableTracing>
+  tracesSampleRate: <your tracesSampleRate>
+```
+
+In addition, Sentry will always behave as follows:
+
+- CaptureBlockingCalls: `true`
+- AttachStacktrace: `true`
+- ShutdownTimeout: `5s`
+- SendDefaultPii: `false`
+- MinimumBreadcrumbLevel: `Debug`
+- MinimumEventLevel: `Warning`
+
+### Other values
+
 | Parameter                                  | Description                                                                                                 | Value                            |
 | ------------------------------------------ | ----------------------------------------------------------------------------------------------------------- | -------------------------------- |
 | `global.imagePullSecrets`                  | List of image pull secrets                                                                                  | `- name: registry`               |
diff --git a/charts/vaas/templates/gateway/statefulset.yaml b/charts/vaas/templates/gateway/statefulset.yaml
index 8bd2a10..8e153f9 100644
--- a/charts/vaas/templates/gateway/statefulset.yaml
+++ b/charts/vaas/templates/gateway/statefulset.yaml
@@ -57,7 +57,19 @@ spec:
             - name: ASPNETCORE_ENVIRONMENT
               value: {{ .Release.Name }}
             - name: Sentry__Environment
-              value: {{ .Release.Name }}
+              value: {{ .Values.sentry.environment | quote }}
+            - name: Sentry__Dsn
+              value: {{ .Values.sentry.dsn | quote }}
+            - name: Sentry__Release
+              value: {{ .Values.sentry.release | quote }}
+            - name: Sentry__MaxBreadcrumbs
+              value: {{ .Values.sentry.maxBreadcrumbs | quote }}
+            - name: Sentry__MaxQueueItems
+              value: {{ .Values.sentry.maxQueueItems | quote }}
+            - name: Sentry__EnableTracing
+              value: {{ .Values.sentry.enableTracing | quote }}
+            - name: Sentry__TracesSampleRate
+              value: {{ .Values.sentry.tracesSampleRate | quote }}
             - name: MaxAnalysisDuration
               value: {{ include "common.secondsToHHMMSS" .Values.gateway.terminationGracePeriodSeconds | quote }}
             - name: FileCloudVerdictSource__Enable
diff --git a/charts/vaas/values.yaml b/charts/vaas/values.yaml
index 944c248..fe08c68 100644
--- a/charts/vaas/values.yaml
+++ b/charts/vaas/values.yaml
@@ -45,6 +45,15 @@ cloud:
   allowlistLookup:
     enabled: true
 
+sentry:
+  dsn: ""
+  environment: ""
+  release: ""
+  maxBreadcrumbs: ""
+  maxQueueItems: ""
+  enableTracing: ""
+  tracesSampleRate: ""
+
 gateway:
   ingress:
     enabled: true

From 36db697ceab984bb8fa4442559f0fe9d63b2e1f8 Mon Sep 17 00:00:00 2001
From: Lennart Dohmann <lennart.dohmann@gdata.de>
Date: Thu, 25 Apr 2024 16:27:06 +0200
Subject: [PATCH 2/2] Update vaas chart version to 1.4.2

---
 charts/vaas/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml
index 120c9f1..95e24f2 100644
--- a/charts/vaas/Chart.yaml
+++ b/charts/vaas/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vaas
-version: 1.4.1
+version: 1.4.2
 description: Deployment of a Verdict-as-a-Service on-premise instance
 maintainers:
   - name: G DATA CyberDefense AG