Merge pull request #184 from sysdiglabs/staging

daviddetorres · web-flow · commit 386ff455a4ae · 2021-09-29T12:26:09.000+02:00
Staging to prod
diff --git a/apps/images/sysdig.svg b/apps/images/sysdig.svg
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 230.382 82.7982">
+  <defs/>
+  <defs>
+    <style>
+      .f04ca906-1e69-4f27-8621-a7ab0851ca11{fill:#55565b}.e330b834-161b-487c-bb13-8bca561e66de{fill:#00abc7}
+    </style>
+  </defs>
+  <g id="ef34e798-518f-4388-ac79-8e481fcb331f" data-name="Layer 1">
+    <path d="M98.358 65.7388a8.0948 8.0948 0 01-3.0874 6.8551 12.1315 12.1315 0 01-7.6405 2.1979 18.9877 18.9877 0 01-12.0357-4.2388l3.4013-5.2332q4.6045 3.3496 8.8439 3.3492 3.3484 0 3.3491-2.0931v-.1048q0-1.1501-1.7271-1.9362-.6278-.2608-4.0815-1.3082-8.3732-2.459-8.3728-8.425v-.1047a8.0519 8.0519 0 013.035-6.5939 11.065 11.065 0 017.2214-2.3026A18.3587 18.3587 0 0197.73 49.0453l-3.0353 5.4944q-4.4486-2.6156-7.588-2.6164-2.931 0-2.9305 1.9362v.1048q0 1.0475 1.7271 1.884.6795.3136 3.9772 1.465a20.2606 20.2606 0 015.7038 2.7212 6.8434 6.8434 0 012.7738 5.5995zM117.7006 74.9487q-1.6225 4.3431-3.6107 6.0706a8.3615 8.3615 0 01-5.5992 1.779 13.7213 13.7213 0 01-7.0646-1.9363l2.669-5.756a6.6964 6.6964 0 003.4013 1.0987 2.919 2.919 0 002.7736-1.8315L99.2805 46.2195h8.4253l6.384 19.1003 6.1229-19.1003h8.268zM150.8894 65.7388a8.0948 8.0948 0 01-3.0874 6.8551 12.1315 12.1315 0 01-7.6405 2.1979 18.9877 18.9877 0 01-12.0358-4.2388l3.4013-5.2332q4.6046 3.3496 8.844 3.3492 3.3483 0 3.349-2.0931v-.1048q0-1.1501-1.727-1.9362-.6279-.2608-4.0815-1.3082-8.3732-2.459-8.3728-8.425v-.1047a8.0519 8.0519 0 013.0349-6.5939 11.065 11.065 0 017.2215-2.3026 18.3587 18.3587 0 0110.4663 3.2448l-3.0353 5.4944q-4.4486-2.6156-7.5879-2.6164-2.931 0-2.9306 1.9362v.1048q0 1.0475 1.7272 1.884.6794.3136 3.977 1.465a20.2606 20.2606 0 015.704 2.7212 6.8434 6.8434 0 012.7736 5.5995zM175.1603 74.2685V71.809a12.6497 12.6497 0 01-8.7392 2.9828 11.8537 11.8537 0 01-8.8439-3.7155q-3.9246-4.0817-3.9246-10.7802v-.1047q0-6.6979 3.8724-10.7797a11.9161 11.9161 0 018.8961-3.7155 14.207 14.207 0 018.7392 2.6164V36.0673h7.9543v38.2012zm.1047-14.077a8.0298 8.0298 0 00-1.9883-5.5992 6.2229 6.2229 0 00-4.8146-2.1457 6.2914 6.2914 0 00-4.8143 2.0931 7.9768 7.9768 0 00-2.0409 5.6517v.1047a7.9042 7.9042 0 002.041 5.5996 6.474 6.474 0 009.6288 0 8.0295 8.0295 0 001.9883-5.5995zM187.9292 43.132v-7.0647h8.3728v7.0647zm.209 31.1365v-28.049h7.9543v28.049zM230.382 67.9366q0 7.7981-3.9246 11.3556-3.768 3.4538-11.7223 3.4538a26.1327 26.1327 0 01-12.4021-2.9305l2.7211-6.4888a19.0496 19.0496 0 009.472 2.5642q8.0062 0 8.0064-6.594v-.3137a14.2981 14.2981 0 01-9.1577 2.9827 11.985 11.985 0 01-8.687-3.4013 12.889 12.889 0 01-3.7678-9.6814v-.1047a12.7953 12.7953 0 013.8202-9.681 11.921 11.921 0 018.6345-3.4013 15.629 15.629 0 019.053 2.6164v-2.0931h7.9543zm-7.8495-9.1581a6.057 6.057 0 00-1.9884-4.6573 7.382 7.382 0 00-9.7336 0 6.1324 6.1324 0 00-1.9362 4.6573v.1047a6.1925 6.1925 0 001.9362 4.7099 6.913 6.913 0 004.8668 1.7793 6.8031 6.8031 0 004.8668-1.8315 6.0562 6.0562 0 001.9884-4.6577z" class="f04ca906-1e69-4f27-8621-a7ab0851ca11"/>
+    <g>
+      <path d="M42.2368 74.1364A19.9025 19.9025 0 0124.5753 63.825c-1.555-2.6932-5.5643-9.833-5.7662-10.1953a2.7022 2.7022 0 014.7213-2.63c.0492.0884 4.191 7.4655 5.7254 10.123 3.8055 6.5916 10.775 9.1096 18.644 6.731a2.7023 2.7023 0 011.5626 5.1738 24.9965 24.9965 0 01-7.2256 1.109z" class="e330b834-161b-487c-bb13-8bca561e66de"/>
+      <path d="M42.8229 82.7084c-10.302 0-19.9175-4.8207-24.7557-13.2009L7.009 50.3545a2.702 2.702 0 01.9889-3.6911l7.5322-4.3488a2.7022 2.7022 0 112.7023 4.6802l-5.1921 2.9975 9.707 16.8129c5.2621 9.1142 17.7731 12.9147 29.2563 8.9515 9.1733-7.9626 12.138-20.6984 6.8763-29.8126l-9.2921-16.094a2.7022 2.7022 0 114.6801-2.7023l9.2921 16.094c6.6237 11.4725 2.993 27.3639-8.4449 36.9642a2.6977 2.6977 0 01-.8137.4697 33.5903 33.5903 0 01-11.4786 2.0327zm10.5549-4.572z" class="e330b834-161b-487c-bb13-8bca561e66de"/>
+      <path d="M42.0111 65.3744c-4.268 0-7.8857-2.8418-9.723-6.024L.3627 4.0536a2.7022 2.7022 0 014.6801-2.7023L36.9683 56.648c.8708 1.5077 3.3393 4.095 6.445 3.0928a2.7023 2.7023 0 011.6578 5.1441 9.9442 9.9442 0 01-3.06.4895zM35.098 36.8398a2.7028 2.7028 0 01-2.3402-1.3511l-8.9583-15.517a2.7022 2.7022 0 014.6801-2.7023l7.6076 13.1769 4.8386-2.7938a2.7022 2.7022 0 012.7024 4.6801l-7.1791 4.145a2.7033 2.7033 0 01-1.3512.3622z" class="e330b834-161b-487c-bb13-8bca561e66de"/>
+    </g>
+  </g>
+</svg>
diff --git a/apps/sysdig-admission-controller.yaml b/apps/sysdig-admission-controller.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: App
+name: "Sysdig Admission Controller"
+keywords: 
+  - Kubernetes
+  - Available
+availableVersions: 
+  - '0.0.9'
+shortDescription: "Sysdig Admission Controller."
+description: |
+  Sysdig’s Admission Controller builds upon Kubernetes and enhances the capacity of the image scanner to check images, elevating the scan policies from detection to actual prevention.
+icon: https://raw.githubusercontent.com/sysdiglabs/promcat-resources/master/apps/images/sysdig.svg
+website: https://docs.sysdig.com/en/docs/sysdig-secure/scanning/admission-controller/
+available: true
diff --git a/resources/sysdig-admission-controller/ALERTS.md b/resources/sysdig-admission-controller/ALERTS.md
@@ -0,0 +1,9 @@
+# Alerts
+## [Sysdig Admission Controller] No K8s Audit Events Received
+The Admission Controller is not receiving Kubernetes Audit events.
+
+## [Sysdig Admission Controller] K8s Audit Events Throttling
+Kubernetes Audit events is being throttled.
+
+## [Sysdig Admission Controller] Scanning Events Throttling
+Scanning events is being throttled.
diff --git a/resources/sysdig-admission-controller/INSTALL.md b/resources/sysdig-admission-controller/INSTALL.md
@@ -0,0 +1,4 @@
+# Setup
+Sysdig Admission Controller expose Prometheus metrics natively. 
+
+As it is annotated with the standard Prometheus annotations, it will be scraped by default for both Prometheus and the Sysdig Agent, so no further configuration is required.
diff --git a/resources/sysdig-admission-controller/README.md b/resources/sysdig-admission-controller/README.md
@@ -0,0 +1,17 @@
+# Sysdig Admission Controller
+Kubernetes' admission controllers help you define and customize which requests are allowed on your cluster. An admission controller intercepts and processes requests to the Kubernetes API prior to persistence of the object, but after the request is authenticated and authorized.
+
+Sysdig’s Admission Controller builds upon Kubernetes and enhances the capacity of the image scanner to check images for Common Vulnerabilities and Exposures (CVEs), misconfigurations, outdated images, etc., elevating the scan policies from detection to actual prevention. Container images that do not fulfill the configured admission policies will be rejected from the cluster before being assigned to a node and allowed to run.
+
+# Metrics
+Sysdig Admission Controller expose metrics on:
+* Kubernetes Audit Events
+* Image scanning
+* Procession queues
+* Inline image scanning metrics
+
+# Number of time series generated
+Sysdig Admission Controller generates around 150 metrics per admission controller.
+
+# Attributions
+Configuration files, alerts, and dashboards are maintained by [Sysdig team](https://sysdig.com/).
diff --git a/resources/sysdig-admission-controller/alerts.yaml b/resources/sysdig-admission-controller/alerts.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: Alert
+app: Sysdig Admission Controller
+version: 1.0.0
+appVersion:
+- '0.0.9'
+descriptionFile: ALERTS.md
+configurations:
+- kind: Prometheus
+  data: |
+    groups:
+    - name: SysdigAdmissionController
+      rules:
+      - alert: "[Sysdig Admission Controller] No K8s Audit Events Received"
+        expr: |
+          sum(rate(k8s_audit_ac_events_received_total[5m])) == 0
+        for: 10m
+        labels:
+          severity: High
+        annotations:
+          summary: The Admission Controller is not receiving Kubernetes Audit events. 
+      - alert: "[Sysdig Admission Controller] K8s Audit Events Throttling"
+        expr: |
+          (sum(rate(k8s_audit_ac_events_processed_total[5m])) 
+            - sum(rate(k8s_audit_ac_events_received_total[5m]))
+          ) > 32
+        for: 15m
+        labels:
+          severity: Medium
+        annotations:
+          summary: Kubernetes Audit events is being throttled.
+      - alert: "[Sysdig Admission Controller] Scanning Events Throttling"
+        expr: |
+          (sum(rate(scanning_ac_http_scanning_handler_requests_total[5m])) 
+            - sum(rate(scanning_ac_containers_processed_total[5m]))
+          ) > 32
+        for: 15m
+        labels:
+          severity: Medium
+        annotations:
+          summary: Scanning events is being throttled.
+
diff --git a/resources/sysdig-admission-controller/dashboards.yaml b/resources/sysdig-admission-controller/dashboards.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Dashboard
+app: Sysdig Admission Controller
+version: 1.0.0
+appVersion:
+- '0.0.9'
+configurations:
+- name: Sysdig Admission Controller
+  kind: Sysdig
+  image: sysdig-admission-controller/images/sysdig-admission-controller-sysdig.png
+  description: |
+    This dashboard offers information on:
+    * Kubernetes Audit Events
+    * Image scanning
+    * Procession queues
+    * Inline image scanning
+  file: include/Sysdig_Admission_Controller.json
diff --git a/resources/sysdig-admission-controller/description.yaml b/resources/sysdig-admission-controller/description.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Description
+app: Sysdig Admission Controller
+version: 1.0.0
+appVersion:
+- '0.0.9'
+descriptionFile: README.md
diff --git a/resources/sysdig-admission-controller/images/sysdig-admission-controller-sysdig.png b/resources/sysdig-admission-controller/images/sysdig-admission-controller-sysdig.png
diff --git a/resources/sysdig-admission-controller/include/Sysdig_Admission_Controller.json b/resources/sysdig-admission-controller/include/Sysdig_Admission_Controller.json
diff --git a/resources/sysdig-admission-controller/include/sysdig-agent.yaml b/resources/sysdig-admission-controller/include/sysdig-agent.yaml
diff --git a/resources/sysdig-admission-controller/setup-guide.yaml b/resources/sysdig-admission-controller/setup-guide.yaml

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +# Setup
 +Sysdig Admission Controller expose Prometheus metrics natively.
++
 +As it is annotated with the standard Prometheus annotations, it will be scraped by default for both Prometheus and the Sysdig Agent, so no further configuration is required.