feat: email receiver for alertmanager

refactor: alertmanager receivers

refactor: no-keycloak now correctly handled, cleaned upi

Author: Maurice Faber

.cspell.json

@@ -57,7 +57,9 @@
     "esbenp",
     "foxundermoon",
     "gcloud",
+    "gitea",
     "gitops",
+    "gogs",
     "grafana",
     "grpc",
     "helmfile",

.demo/env/secrets.settings.yaml

@@ -21,5 +21,8 @@ clouds:
               "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dnsmanager%40otomi-cloud.iam.gserviceaccount.com"
             }
 alerts:
+    home:
+        slack:
+            url: https://hooks.slack.com/services/id
     slack:
-        url: https://hooks.slack.com/services/x/y/z
+        url: https://hooks.slack.com/services/id

.demo/env/settings.yaml

@@ -2,13 +2,13 @@ otomi:
     mode: ce
     isManaged: true
     isMultitenant: true
-    isRedkubesMonitored: true
+    isHomeMonitored: true
     teamPrefix: team-
     hasCloudLB: false
 customer:
     name: demo
 oidc:
-    clientID: demo
+    clientID: otomi
     idp:
         issuer: https://login.microsoftonline.com/57a3f6ea-7e70-4260-acb4-e06ce452f695
         tenantID: 57a3f6ea-7e70-4260-acb4-e06ce452f695
@@ -17,4 +17,10 @@ oidc:
         teamAdminGroupID: someTeamAdminGroupID
     scope: openid email profile
 alerts:
-    receiver: slack
+    drone: slack
+    home:
+        receivers: [slack]
+        slack:
+            channel: mon-otomi
+            channelCrit: mon-otomi-crit
+    receivers: [slack]

.values/.prettierrc.yml

@@ -5,8 +5,8 @@ singleQuote: true
 printWidth: 120
 overrides:
   - files:
-      - '*.yaml'
-      - '*.dec'
+      - 'env/**/*.yaml'
+      - 'env/**/*.dec'
     options:
       tabWidth: 4
       useTabs: true

.values/.vscode/settings.json

@@ -2,18 +2,19 @@
   "[docker,shell]": {
     "editor.defaultFormatter": "foxundermoon.shell-format"
   },
-  "[json,md,yaml,enc]": {
+  "[json,md,yaml,dec]": {
     "editor.defaultFormatter": "esbenp.prettier-vscode"
   },
   "editor.formatOnPaste": false,
   "editor.formatOnSave": true,
   "files.associations": {
     "*.yml": "yaml",
-    "*.yaml.enc": "yaml",
+    "*.yaml.dec": "yaml",
     ".secrets*": "shellscript",
     "otomi": "shellscript",
     "aliases": "shellscript"
   },
+  "prettier.enable": true,
   "sops.defaults.gcpCredentialsPath": "gcp-key.json",
   "yaml.schemas": {
     ".vscode/values-schema.yaml": "env/*.yaml"

bin/common.sh

@@ -33,7 +33,7 @@ hf() {
 }
 
 hf_values() {
-  [ "${VERBOSE-'true'}" = 'true' ] && quiet='--quiet'
+  [ "${VERBOSE-'false'}" = 'false' ] && quiet='--quiet'
   helmfile ${quiet-} -e "$CLOUD-$CLUSTER" -f helmfile.tpl/helmfile-dump.yaml build | grep -Ev $helmfileOutputHide | sed -e $replacePathsPattern |
     yq read -P - 'releases[0].values[0]'
 }

bin/crypt.sh

@@ -8,7 +8,7 @@ command=$1
 
 function rotate() {
   cd $ENV_DIR/env >/dev/null
-  find . -type f -name '*.secrets.yaml.enc' -exec bash -c "sops --input-type=yaml --output-type yaml -r {} > {}" \;
+  find . -type f -name 'secrets.*.yaml' -exec bash -c "sops --input-type=yaml --output-type yaml -r {} > {}" \;
   cd - >/dev/null
 }
 

bin/gen-drone.sh

@@ -8,8 +8,10 @@ ENV_DIR=${ENV_DIR:-./env}
 . bin/common.sh
 . bin/colors.sh
 
+prepare_crypt
 readonly values=$(hf_values)
-readonly receiver=$(echo "$values" | yq r - alerts.receiver)
+readonly raw_receiver=$(echo "$values" | yq r - alerts.drone)
+readonly receiver=${raw_receiver:-'slack'}
 readonly templatePath=$PWD/tpl/.drone.tpl.$receiver.yml
 readonly customer_name=$(customer_name)
 

bin/otomi

@@ -157,7 +157,7 @@ validate_cluster_env() {
   local err
   [[ -z "$CLOUD" ]] && echo "Error: The CLOUD environment variable is not set" >&2 && err=1
   [[ -z "$CLUSTER" ]] && echo "Error: The CLUSTER environment variable is not set" >&2 && err=1
-  [[ ! -z "$err" ]] && exit 2
+  [[ -n "$err" ]] && exit 2
   return 0
 }
 

charts/team-ns/templates/istio-virtualservices.yaml

@@ -79,7 +79,7 @@ spec:
               set:
                 X-Forwarded-Proto: https
 ---
-{{- if and (not (hasKey $s "isPublic")) (hasKey $s "authz") }}
+{{- if and $v.hasKeycloak (not (hasKey $s "isPublic")) (hasKey $s "authz") }}
 {{- $workload := ($s.authz.workload | toYaml | replace "__TEAM" $v.teamId) }}
 apiVersion: security.istio.io/v1beta1
 kind: RequestAuthentication