Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name


v0.0.5 · public · Published 7 months ago

README
Asset Definition
Release Notes
Release Assets

Sensu Bonsai Asset
Go Test
goreleaser

secret-to-handler

Table of Contents

Overview

The secret-to-handler is not a typical Sensu Check it was created to automate creating sensu configurations from a Kubernetes Secret.

Usage examples

Reads a K8S secret and publish a handler in sensu

Usage:
  secret-to-handler [flags]
  secret-to-handler [command]

Available Commands:
  help        Help about any command
  version     Print the version number of this plugin

Flags:
  -F, --add-extra-filter string        Add extra filters to all handlers created by this command. e. fatigue_check,work_hours
  -B, --api-backend-host string        Sensu Go Backend API Host (e.g. 'sensu-backend.example.com') (default "127.0.0.1")
  -k, --api-backend-key string         Sensu Go Backend API Key
  -P, --api-backend-pass string        Sensu Go Backend API Password (default "P@ssw0rd!")
  -p, --api-backend-port int           Sensu Go Backend API Port (e.g. 4242) (default 8080)
  -u, --api-backend-user string        Sensu Go Backend API User (default "admin")
  -c, --config string                  Json template for Sensu Check
  -D, --disabled-label string          Query for disabled label (e.g. sync=disabled)
  -e, --external                       Connect to cluster externally (using kubeconfig)
  -f, --handler-key-file-path string   Handler Key file path to be used instead paste key into handler command
  -h, --help                           help for secret-to-handler
  -i, --insecure-skip-verify           skip TLS certificate verification (not recommended!)
  -C, --kubeconfig string              Path to the kubeconfig file (default $HOME/.kube/config)
  -l, --label-selectors string         Query for labelSelectors (e.g. release=stable,environment=qa)
  -m, --main-handler string            Main handler of type set to add all new handlers (default "all-alerts")
  -N, --namespace string               Namespace to which to limit this check
  -R, --reserved-names string          Reserved Names already in use for Sensu that cannot be used anymore (list splited by comma , )
  -s, --secure                         Use TLS connection to API
  -n, --sensu-namespace string         Namespace to which to limit this check
  -t, --trusted-ca-file string         TLS CA certificate bundle in PEM format

Use "secret-to-handler [command] --help" for more information about a command.

Configuration

Asset registration

Sensu Assets are the best way to make use of this plugin. If you're not using an asset, please
consider doing so! If you're using sensuctl 5.13 with Sensu Backend 5.13 or later, you can use the
following command to add the asset:

sensuctl asset add betorvs/secret-to-handler

If you're using an earlier version of sensuctl, you can find the asset on the [Bonsai Asset Index][https://bonsai.sensu.io/assets/betorvs/secret-to-handler].

Check definition

---
type: CheckConfig
api_version: core/v2
metadata:
  name: secret-to-handler
  namespace: default
spec:
  command: secret-to-handler -e -l 'alert_route=1' -n development -c "$(cat config.json)"
  subscriptions:
  - secretwatcher
  runtime_assets:
  - betorvs/secret-to-handler

Installation from source

The preferred way of installing and deploying this plugin is to use it as an Asset. If you would
like to compile and install the plugin from source or contribute to it, download the latest version
or create an executable script from this source.

From the local path of the secret-to-handler repository:

go build

Additional notes

sensu user and roles

Create a user in Sensu Backend to be used by secret-to-handler:

---
type: User
api_version: core/v2
metadata:
  name: secret-to-handler
spec:
  disabled: false
  username: secret-to-handler
  password_hash: $blablabla
---
type: ClusterRole
api_version: core/v2
metadata:
  name: secret-to-handler-role
spec:
  rules:
  - resource_names: []
    resources:
    - filters
    - handlers
    - mutators
    verbs:
    - get
    - list
    - create
    - update
    - delete
---
type: ClusterRoleBinding
api_version: core/v2
metadata:
  name: secret-to-handler-role-binding
spec:
  role_ref:
    name: secret-to-handler-role
    type: ClusterRole
  subjects:
  - name: secret-to-handler
    type: User

secret example

Use disabled: "true" to clean up all filters, mutators and handlers from Sensu.

apiVersion: v1
kind: Secret
metadata:
  name: alert-route-example
  namespace: default
  labels:
    alert_route: "1"
type: Opaque
stringData:
  name: ops
  contacts: ops
  keys: |
    opsgenie: "api-key-long"
    chat: "long-webhook"
  disabled: "false"

For this work, we should have assets for opsgenie and hangouts chat and asset for secret-to-handler.

Contributing

For more information about contributing to this plugin, see Contributing.

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.

×

You must be signed in to report this asset.

Sign In with Github

Download

×

Either download the source code:

Download Source

Or download the asset definition: