diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml index 52217e4..bcda64d 100644 --- a/.github/workflows/semantic-release.yaml +++ b/.github/workflows/semantic-release.yaml @@ -19,4 +19,6 @@ jobs: uses: go-semantic-release/action@v1.23 with: github-token: ${{ secrets.PAT }} - allow-initial-development-versions: true \ No newline at end of file + allow-initial-development-versions: true + extra-plugins: | + @semantic-release/exec diff --git a/.releaserc b/.releaserc new file mode 100644 index 0000000..69745ea --- /dev/null +++ b/.releaserc @@ -0,0 +1,7 @@ +{ + "plugins": [ + ["@semantic-release/exec", { + "publishCmd": "sed -i 's/\(newTag:\).*/\1 ${nextRelease.version}/' deploy/kustomize/overlays/*/kustomization.yaml" + }], + ] +} diff --git a/README.md b/README.md index 711587e..2ddf2d6 100644 --- a/README.md +++ b/README.md @@ -4,26 +4,19 @@ This repository creates and publishes Docker image for deployment of Alertmanage This proxy is useful for preventing sensitive information (e.g. IP addressess, hostnames, alert descriptions, etc.) leaving organisational boundaries when monitoring is outsourced to external entity. -For convenience, Dockerfile to couple filtering proxy with Signalilo is also provided. +For convenience, Dockerfile and deployment to couple filtering proxy with Signalilo is also provided. ## Installation -See `deploy/` for Kustomize based deployment. +See `deploy/kustomize` for Kustomize based deployment. ## Configuration -Patch ConfigMaps using Kustomize overlay. Example provided in `deploy/overlays/example`. - -Separately deploy Secret named `signalilo`, containing key/value pairs: - -``` -SIGNALILO_ALERTMANAGER_BEARER_TOKEN: foo -SIGNALILO_ICINGA_PASSWORD: bar -``` +Patch ConfigMaps using Kustomize overlay. Examples provided in `deploy/kustomize/overlays`. ### Proxy -Implicitly uses default HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables +Implicitly uses default HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables. ### Alertmanager @@ -34,7 +27,7 @@ receivers: - name: Default webhook_configs: - url: >- - http://signalilo-scrubbed.signalilo-scrubbed.svc.cluster.local:8080/webhook + http://scrubbed.scrubbed.svc.cluster.local:8080/webhook send_resolved: true http_config: bearer_token: "foo" diff --git a/deploy/kustomize/base/configmap-signalilo.yaml b/deploy/kustomize/base/configmap-signalilo.yaml deleted file mode 100644 index e6127b0..0000000 --- a/deploy/kustomize/base/configmap-signalilo.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: signalilo -immutable: false -data: - SIGNALILO_ALERTMANAGER_PLUGINOUTPUT_ANNOTATIONS: | - description - message - SIGNALILO_ALERTMANAGER_PORT: '8888' - SIGNALILO_ICINGA_CA: '' - SIGNALILO_ICINGA_DEBUG: '0' - SIGNALILO_ICINGA_HOSTNAME: '' - SIGNALILO_ICINGA_URL: '' - SIGNALILO_ICINGA_USERNAME: '' - SIGNALILO_UUID: '' diff --git a/deploy/kustomize/base/configmap-scrubbed.yaml b/deploy/kustomize/base/configmap.yaml similarity index 82% rename from deploy/kustomize/base/configmap-scrubbed.yaml rename to deploy/kustomize/base/configmap.yaml index 91dedfb..4af8ac7 100644 --- a/deploy/kustomize/base/configmap-scrubbed.yaml +++ b/deploy/kustomize/base/configmap.yaml @@ -8,7 +8,7 @@ data: SCRUBBED_ALERT_LABELS: alertname severity SCRUBBED_COMMON_ANNOTATIONS: '' SCRUBBED_COMMON_LABELS: alertname severity - SCRUBBED_DESTINATION_URL: 'http://signalilo-scrubbed:8888/webhook' + SCRUBBED_DESTINATION_URL: 'http://receiver:8888/webhook' SCRUBBED_GROUP_LABELS: '' SCRUBBED_LISTEN_PORT: '8080' SCRUBBED_LOG_LEVEL: INFO diff --git a/deploy/kustomize/base/deployment.yaml b/deploy/kustomize/base/deployment.yaml index 772e1cf..6c71275 100644 --- a/deploy/kustomize/base/deployment.yaml +++ b/deploy/kustomize/base/deployment.yaml @@ -1,57 +1,17 @@ kind: Deployment apiVersion: apps/v1 metadata: - name: signalilo-scrubbed + name: scrubbed spec: replicas: 1 selector: {} template: spec: - serviceAccountName: signalilo-scrubbed + serviceAccountName: scrubbed tolerations: - effect: NoSchedule operator: Exists containers: - - resources: - limits: - cpu: 20m - memory: 32Mi - requests: - cpu: 10m - memory: 16Mi - readinessProbe: - httpGet: - path: /healthz - port: 8888 - scheme: HTTP - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - terminationMessagePath: /dev/termination-log - name: signalilo - command: - - signalilo - livenessProbe: - httpGet: - path: /healthz - port: 8888 - scheme: HTTP - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - ports: - - containerPort: 8888 - protocol: TCP - imagePullPolicy: Always - terminationMessagePolicy: File - envFrom: - - configMapRef: - name: signalilo - - secretRef: - name: signalilo - image: 'signalilo-scrubbed' - resources: limits: cpu: 100m @@ -89,7 +49,7 @@ spec: envFrom: - configMapRef: name: scrubbed - image: signalilo-scrubbed + image: scrubbed restartPolicy: Always terminationGracePeriodSeconds: 10 dnsPolicy: ClusterFirst diff --git a/deploy/kustomize/base/kustomization.yaml b/deploy/kustomize/base/kustomization.yaml index e6523aa..a794247 100644 --- a/deploy/kustomize/base/kustomization.yaml +++ b/deploy/kustomize/base/kustomization.yaml @@ -2,20 +2,15 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- serviceaccount.yaml -- deployment.yaml -- service.yaml -- configmap-scrubbed.yaml -- configmap-signalilo.yaml -- prometheusrule.yaml - -images: -- name: signalilo-scrubbed - newName: quay.io/adfinis/signalilo-scrubbed - newTag: v0.2.0 + - namespace.yaml + - serviceaccount.yaml + - deployment.yaml + - service.yaml + - configmap.yaml + - prometheusrule.yaml labels: -- includeSelectors: true - pairs: - app.kubernetes.io/component: alerting - app.kubernetes.io/name: signalilo-scrubbed + - includeSelectors: true + pairs: + app.kubernetes.io/component: alerting + app.kubernetes.io/name: scrubbed diff --git a/deploy/kustomize/overlays/example/namespace.yaml b/deploy/kustomize/base/namespace.yaml similarity index 60% rename from deploy/kustomize/overlays/example/namespace.yaml rename to deploy/kustomize/base/namespace.yaml index 4392712..a7dbfcd 100644 --- a/deploy/kustomize/overlays/example/namespace.yaml +++ b/deploy/kustomize/base/namespace.yaml @@ -1,4 +1,4 @@ kind: Namespace apiVersion: v1 metadata: - name: signalilo-scrubbed + name: scrubbed diff --git a/deploy/kustomize/base/service.yaml b/deploy/kustomize/base/service.yaml index b3bed64..b56ccbb 100644 --- a/deploy/kustomize/base/service.yaml +++ b/deploy/kustomize/base/service.yaml @@ -1,7 +1,7 @@ kind: Service apiVersion: v1 metadata: - name: signalilo-scrubbed + name: scrubbed spec: sessionAffinityConfig: clientIP: @@ -11,10 +11,6 @@ spec: protocol: TCP port: 8080 targetPort: 8080 - - name: signalilo - protocol: TCP - port: 8888 - targetPort: 8888 internalTrafficPolicy: Cluster type: ClusterIP ipFamilyPolicy: SingleStack diff --git a/deploy/kustomize/base/serviceaccount.yaml b/deploy/kustomize/base/serviceaccount.yaml index b94a50d..563f0ff 100644 --- a/deploy/kustomize/base/serviceaccount.yaml +++ b/deploy/kustomize/base/serviceaccount.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: signalilo-scrubbed + name: scrubbed diff --git a/deploy/kustomize/overlays/example/kustomization.yaml b/deploy/kustomize/overlays/example/kustomization.yaml deleted file mode 100644 index adbb877..0000000 --- a/deploy/kustomize/overlays/example/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: signalilo-scrubbed - -resources: - - namespace.yaml - - ../../base - - secret-signalilo.yaml - -patches: - - path: configmap-signalilo-patch.yaml diff --git a/deploy/kustomize/overlays/standalone/kustomization.yaml b/deploy/kustomize/overlays/standalone/kustomization.yaml new file mode 100644 index 0000000..7971b0a --- /dev/null +++ b/deploy/kustomize/overlays/standalone/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: scrubbed + +images: + - name: scrubbed + newName: quay.io/adfinis/scrubbed + newTag: v0.2.0 + +resources: + - ../../base diff --git a/deploy/kustomize/overlays/example/configmap-signalilo-patch.yaml b/deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml similarity index 76% rename from deploy/kustomize/overlays/example/configmap-signalilo-patch.yaml rename to deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml index 6d030a9..bfcccf0 100644 --- a/deploy/kustomize/overlays/example/configmap-signalilo-patch.yaml +++ b/deploy/kustomize/overlays/with-signalilo/configmap-signalilo.yaml @@ -2,7 +2,12 @@ kind: ConfigMap apiVersion: v1 metadata: name: signalilo +immutable: false data: + SIGNALILO_ALERTMANAGER_PLUGINOUTPUT_ANNOTATIONS: | + description + message + SIGNALILO_ALERTMANAGER_PORT: "8888" SIGNALILO_ICINGA_CA: | -----BEGIN CERTIFICATE----- ... diff --git a/deploy/kustomize/overlays/with-signalilo/deployment-patch.yaml b/deploy/kustomize/overlays/with-signalilo/deployment-patch.yaml new file mode 100644 index 0000000..ccedaa8 --- /dev/null +++ b/deploy/kustomize/overlays/with-signalilo/deployment-patch.yaml @@ -0,0 +1,48 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: scrubbed +spec: + template: + spec: + containers: + - resources: + limits: + cpu: 20m + memory: 32Mi + requests: + cpu: 10m + memory: 16Mi + readinessProbe: + httpGet: + path: /healthz + port: 8888 + scheme: HTTP + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: /dev/termination-log + name: signalilo + command: + - signalilo + livenessProbe: + httpGet: + path: /healthz + port: 8888 + scheme: HTTP + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + ports: + - containerPort: 8888 + protocol: TCP + imagePullPolicy: Always + terminationMessagePolicy: File + envFrom: + - configMapRef: + name: signalilo + - secretRef: + name: signalilo + image: scrubbed diff --git a/deploy/kustomize/overlays/with-signalilo/kustomization.yaml b/deploy/kustomize/overlays/with-signalilo/kustomization.yaml new file mode 100644 index 0000000..6425a88 --- /dev/null +++ b/deploy/kustomize/overlays/with-signalilo/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: scrubbed + +images: + - name: scrubbed + newName: quay.io/adfinis/scrubbed-signalilo + newTag: v0.2.0 + +resources: + - ../../base + - secret-signalilo.yaml + - configmap-signalilo.yaml + +patches: + - path: deployment-patch.yaml + - path: service-patch.yaml diff --git a/deploy/kustomize/overlays/example/secret-signalilo.yaml b/deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml similarity index 77% rename from deploy/kustomize/overlays/example/secret-signalilo.yaml rename to deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml index c311b0d..b47527a 100644 --- a/deploy/kustomize/overlays/example/secret-signalilo.yaml +++ b/deploy/kustomize/overlays/with-signalilo/secret-signalilo.yaml @@ -4,4 +4,4 @@ metadata: name: signalilo stringData:: SIGNALILO_ALERTMANAGER_BEARER_TOKEN: foo - SIGNALILO_ICINGA_PASSWORD: bar \ No newline at end of file + SIGNALILO_ICINGA_PASSWORD: bar diff --git a/deploy/kustomize/overlays/with-signalilo/service-patch.yaml b/deploy/kustomize/overlays/with-signalilo/service-patch.yaml new file mode 100644 index 0000000..90ec4c7 --- /dev/null +++ b/deploy/kustomize/overlays/with-signalilo/service-patch.yaml @@ -0,0 +1,10 @@ +kind: Service +apiVersion: v1 +metadata: + name: scrubbed +spec: + ports: + - name: signalilo + protocol: TCP + port: 8888 + targetPort: 8888