search

DoD-Platform-One / monitoring

Monitoring Stack Bootstrapper (Prometheus, Grafana)
https://repo1.dso.mil/big-bang/product/packages/monitoring
Apache License 2.0
2 stars 1 forks source link

Alertmanager requires egress netpol #4

Open p1-repo-sync-bot[bot] opened 6 months ago

p1-repo-sync-bot[bot] commented 6 months ago

In order to configure Alertmanager for notifications such as smtp or slack, an egress netpol is needed. The current design blocks egress from this pod and doesn't seem to have a way to configure it within the chart. This requires deploying a separate egress netpol outside of the chart which is not desirable, especially given the chart supports configurations for external notification configurations.

Below is an example of a netpol I created manually in order to allow Alertmanager to send notifications to Slack. It would be preferably to have this enabled when a receiver is configured for the chart. 

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  annotations:
    meta.helm.sh/release-name: monitoring-monitoring
    meta.helm.sh/release-namespace: monitoring
  labels:
    app.kubernetes.io/managed-by: Helm
    helm.toolkit.fluxcd.io/name: monitoring
    helm.toolkit.fluxcd.io/namespace: bigbang
  name: allow-egress-alertmanager
  namespace: monitoring
spec:
  egress:
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
        except:
        - 169.254.169.254/32
  podSelector:
    matchLabels:
      app.kubernetes.io/name: alertmanager
  policyTypes:
  - Egress
p1-repo-sync-bot[bot] commented 5 months ago

bb8-bot commented:

@ohaimour this issue has been inactive for 30 days and is being labelled as ~stale. If this issue is still required please take action by removing the ~stale label and commenting with an update, status, or justification. If this issue is not required please close it or label it as ~delete-me. If no action is taken this issue will be auto closed in 60 days.