cert-manager example (community hack session) #21
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| package polly | ||
|
|
||
| import "github.com/pollypkg/polly/schema:pollyschema" | ||
|
|
||
| // Enforce that the emit value of this file unifies with the Polly schema | ||
| pollyschema.PollyPackage | ||
|
|
||
| header: { | ||
| name: "cert-manager" | ||
| uri: "github.com/pollypkg/polly/examples/cert-manager" | ||
| params: { | ||
| certManagerCertExpiryDays: int | *21, | ||
| certManagerJobLabel: string | *"cert-manager", | ||
| // TODO Runbooks are an open question themselves, and not really sure how | ||
| // we'd even think about the interpolation-inside-interpolation here | ||
| // certManagerRunbookURLPattern: "https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#%s", | ||
| grafanaExternalUrl: string, | ||
| } | ||
| } | ||
|
|
||
| prometheusAlerts: v0: { | ||
| CertManagerCertExpirySoon: { | ||
| group: "certificates" | ||
| alert: { | ||
| expr: """ | ||
| avg by (exported_namespace, namespace, name) ( | ||
| certmanager_certificate_expiration_timestamp_seconds - time() | ||
| ) < (\(header.params.certManagerCertExpiryDays\) * 24 * 3600) | ||
| """ | ||
| } | ||
| "for": "1h", | ||
| labels: { | ||
| severity: "warning" | ||
| } | ||
| annotations: { | ||
| summary: "The cert `{{ $labels.name }}` is {{ $value | humanizeDuration }} from expiry, it should have renewed over a week ago.", | ||
| description: "The domain that this cert covers will be unavailable after {{ $value | humanizeDuration }}. Clients using endpoints that this cert protects will start to fail in {{ $value | humanizeDuration }}.", | ||
| // TODO this is totally broken right now because it relies on a | ||
| // hardcoded uid for the particular dashboard. Polly provides the | ||
| // necessary namespacing information such that it should no longer be | ||
| // necessary to sling around uids like this - instead, this should be | ||
| // a reference to the namespaced name of the polly dashboard. | ||
| // | ||
| // That's the ideal, anyway - we'll have to see what we can actually | ||
| // accomplish :) | ||
| dashboard_url: header.params.grafanaExternalUrl + "/d/TvuRo2iMk/cert-manager", | ||
|
There was a problem hiding this comment. set a UID on your dashboard and you can get rid of that randomised string: |
||
| } | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maps! YISSSS! 🎉 🎉
Finally I will be able to stop iterating over the whole thing just to select one alert ^^