Giter VIP home page Giter VIP logo

secret-to-handler's Introduction

Sensu Bonsai Asset Go Test goreleaser

secret-to-handler

Table of Contents

Overview

The secret-to-handler is not a typical Sensu Check it was created to automate creating sensu configurations from a Kubernetes Secret.

Usage examples

Reads a K8S secret and publish a handler in sensu

Usage:
  secret-to-handler [flags]
  secret-to-handler [command]

Available Commands:
  help        Help about any command
  version     Print the version number of this plugin

Flags:
  -F, --add-extra-filter string        Add extra filters to all handlers created by this command. e. fatigue_check,work_hours
  -B, --api-backend-host string        Sensu Go Backend API Host (e.g. 'sensu-backend.example.com') (default "127.0.0.1")
  -k, --api-backend-key string         Sensu Go Backend API Key
  -P, --api-backend-pass string        Sensu Go Backend API Password (default "P@ssw0rd!")
  -p, --api-backend-port int           Sensu Go Backend API Port (e.g. 4242) (default 8080)
  -u, --api-backend-user string        Sensu Go Backend API User (default "admin")
  -c, --config string                  Json template for Sensu Check
  -D, --disabled-label string          Query for disabled label (e.g. sync=disabled)
  -e, --external                       Connect to cluster externally (using kubeconfig)
  -f, --handler-key-file-path string   Handler Key file path to be used instead paste key into handler command
  -h, --help                           help for secret-to-handler
  -i, --insecure-skip-verify           skip TLS certificate verification (not recommended!)
  -C, --kubeconfig string              Path to the kubeconfig file (default $HOME/.kube/config)
  -l, --label-selectors string         Query for labelSelectors (e.g. release=stable,environment=qa)
  -m, --main-handler string            Main handler of type set to add all new handlers (default "all-alerts")
  -N, --namespace string               Namespace to which to limit this check
  -R, --reserved-names string          Reserved Names already in use for Sensu that cannot be used anymore (list splited by comma , )
  -s, --secure                         Use TLS connection to API
  -n, --sensu-namespace string         Namespace to which to limit this check
  -t, --trusted-ca-file string         TLS CA certificate bundle in PEM format

Use "secret-to-handler [command] --help" for more information about a command.

Configuration

Asset registration

Sensu Assets are the best way to make use of this plugin. If you're not using an asset, please consider doing so! If you're using sensuctl 5.13 with Sensu Backend 5.13 or later, you can use the following command to add the asset:

sensuctl asset add betorvs/secret-to-handler

If you're using an earlier version of sensuctl, you can find the asset on the [Bonsai Asset Index][https://bonsai.sensu.io/assets/betorvs/secret-to-handler].

Check definition

---
type: CheckConfig
api_version: core/v2
metadata:
  name: secret-to-handler
  namespace: default
spec:
  command: secret-to-handler -e -l 'alert_route=1' -n development -c "$(cat config.json)"
  subscriptions:
  - secretwatcher
  runtime_assets:
  - betorvs/secret-to-handler

Installation from source

The preferred way of installing and deploying this plugin is to use it as an Asset. If you would like to compile and install the plugin from source or contribute to it, download the latest version or create an executable script from this source.

From the local path of the secret-to-handler repository:

go build

Additional notes

sensu user and roles

Create a user in Sensu Backend to be used by secret-to-handler:

---
type: User
api_version: core/v2
metadata:
  name: secret-to-handler
spec:
  disabled: false
  username: secret-to-handler
  password_hash: $blablabla
---
type: ClusterRole
api_version: core/v2
metadata:
  name: secret-to-handler-role
spec:
  rules:
  - resource_names: []
    resources:
    - filters
    - handlers
    - mutators
    verbs:
    - get
    - list
    - create
    - update
    - delete
---
type: ClusterRoleBinding
api_version: core/v2
metadata:
  name: secret-to-handler-role-binding
spec:
  role_ref:
    name: secret-to-handler-role
    type: ClusterRole
  subjects:
  - name: secret-to-handler
    type: User

secret example

Use disabled: "true" to clean up all filters, mutators and handlers from Sensu.

apiVersion: v1
kind: Secret
metadata:
  name: alert-route-example
  namespace: default
  labels:
    alert_route: "1"
type: Opaque
stringData:
  name: ops
  contacts: ops
  keys: |
    opsgenie: "api-key-long"
    chat: "long-webhook"
  disabled: "false"

For this work, we should have assets for opsgenie and hangouts chat and asset for secret-to-handler.

Contributing

For more information about contributing to this plugin, see Contributing.

secret-to-handler's People

Contributors

betorvs avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.