Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extra Volumes fo AlertManager for CA Certificate SMTP STARTTLS Notifications #542

Open
TheDevilDan opened this issue Oct 29, 2024 · 1 comment
Labels
chart:signoz Issue related to signoz helm chart enhancement New feature or request good first issue Good for newcomers

Comments

@TheDevilDan
Copy link

Is your feature request related to a problem?

When configuring Alertmanager in the SigNoz Helm chart to send email alerts, I encountered a certificate trust issue with the STARTTLS configuration. To resolve this, I manually modified the Alertmanager StatefulSet to add a volume containing the required certificate and configured a ConfigMap in Kubernetes for this certificate. I also added environment variables, such as:

- name: ALERTMANAGER_SMTP_FROM
  value: [email protected] 
- name: ALERTMANAGER_SMTP_HOST
  value: EXCH.test.com 
- name: ALERTMANAGER_SMTP_PORT
  value: '25'
- name: SSL_CERT_FILE
  value: /etc/ssl/certs/ca.crt

With these settings and the following volume mount, the configuration worked:

volumeMounts:
  - mountPath: /etc/ssl/certs/ca.crt
    name: smtp-ca-cert
    subPath: ca.crt

volumes:
  - configMap:
      defaultMode: 420
      name: smtp-ca-cert
    name: smtp-ca-cert

However, this approach requires modifying the StatefulSet manually.

Describe the solution you'd like

I would like to be able to specify the certificate directly within the values.yaml file of the Helm chart. This would allow me to keep STARTTLS enabled while seamlessly adding the necessary certificate to the pod’s trusted root certificates. I noticed that extraVolumes are available for other components in the SigNoz Helm chart, so adding similar functionality for Alertmanager would be consistent and beneficial. This approach would simplify configuration management and align with Kubernetes best practices, avoiding the need to disable STARTTLS as in this PR. (Create by SigNoz/alertmanager#34)

Describe alternatives you've considered

One alternative is to disable STARTTLS altogether, which is currently possible with the disable STARTTLS feature. However, this compromises the security of email alerts and doesn't address the root cause of the certificate trust issue.

Additional context

Here’s an example of the manual configuration I used to resolve this issue. Screenshots and further details are available if needed. Thank you for considering this feature request to improve the SigNoz Alertmanager Helm chart!

Thank you for your feature request – we love each and every one!

@grandwizard28 grandwizard28 added enhancement New feature or request good first issue Good for newcomers chart:signoz Issue related to signoz helm chart labels Dec 21, 2024
@grandwizard28
Copy link
Contributor

Hi @TheDevilDan,
Would you be willing to raise a PR for this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chart:signoz Issue related to signoz helm chart enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Development

No branches or pull requests

2 participants