From bf370bfce6714af4097b534f1137f27c4e3ad9e9 Mon Sep 17 00:00:00 2001 From: mehrdadkh Date: Mon, 14 Aug 2023 17:12:08 +0330 Subject: [PATCH 1/9] update rules.yaml template --- .gitignore | 1 + .../rules/deadman/deadman_pagerduty.yaml | 14 ++++++++++++++ .../rules/deadman/deadman_slack.yaml | 13 +++++++++++++ chart/elastalert2/templates/rules.yaml | 16 +++++++++++++--- chart/elastalert2/values.yaml | 19 ++++++++++++------- 5 files changed, 53 insertions(+), 10 deletions(-) create mode 100644 chart/elastalert2/rules/deadman/deadman_pagerduty.yaml create mode 100644 chart/elastalert2/rules/deadman/deadman_slack.yaml diff --git a/.gitignore b/.gitignore index 8ef91bc3..aa21b653 100644 --- a/.gitignore +++ b/.gitignore @@ -18,4 +18,5 @@ my_rules *.swp *~ /rules/ +/chart/elastalert2/real_values.yaml mod/ diff --git a/chart/elastalert2/rules/deadman/deadman_pagerduty.yaml b/chart/elastalert2/rules/deadman/deadman_pagerduty.yaml new file mode 100644 index 00000000..ae24c41e --- /dev/null +++ b/chart/elastalert2/rules/deadman/deadman_pagerduty.yaml @@ -0,0 +1,14 @@ +name: Deadman Switch PagerDuty +type: frequency +index: containers-* +num_events: 3 +timeframe: + minutes: 3 +filter: + - term: + message: "deadmanpd" +alert: + - "pagerduty" +pagerduty: +pagerduty_service_key: dummy +pagerduty_client_name: ElastAlert Deadman Switch diff --git a/chart/elastalert2/rules/deadman/deadman_slack.yaml b/chart/elastalert2/rules/deadman/deadman_slack.yaml new file mode 100644 index 00000000..8787bb18 --- /dev/null +++ b/chart/elastalert2/rules/deadman/deadman_slack.yaml @@ -0,0 +1,13 @@ +name: Deadman Switch Slack +type: frequency +index: containers-* +num_events: 3 +timeframe: + minutes: 3 +filter: + - term: + message: "deadmanslack" +alert: + - "slack" +slack: +slack_webhook_url: dummy diff --git a/chart/elastalert2/templates/rules.yaml b/chart/elastalert2/templates/rules.yaml index b00399fa..b0b52ffd 100644 --- a/chart/elastalert2/templates/rules.yaml +++ b/chart/elastalert2/templates/rules.yaml @@ -7,7 +7,17 @@ metadata: {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} data: -{{- range $key, $value := .Values.rules }} -{{ $key | indent 2}}: |- -{{ $value | indent 4}} +{{- if .Values.rootRulesFolder }} + {{- $rulesDirectory := printf "%v/**.yaml" .Values.rootRulesFolder -}} + {{- range $rule, $_ := .Files.Glob $rulesDirectory }} + {{ base $rule }}: |- +{{ $.Files.Get $rule | indent 6 }} + {{ end }} +{{- else }} + {{- range $key, $value := .Values.rules }} + {{ $key | indent 2}}: |- + {{ $value | indent 4}} + {{- end }} {{- end }} + + diff --git a/chart/elastalert2/values.yaml b/chart/elastalert2/values.yaml index 048a3268..577e6823 100644 --- a/chart/elastalert2/values.yaml +++ b/chart/elastalert2/values.yaml @@ -6,6 +6,9 @@ commonLabels: {} commonAnnotations: {} appKubernetesIoComponent: elastalert2 +# Folder where you store your rules must be in root of the chart +rootRulesFolder: "rules" + # number of replicas to run replicaCount: 1 @@ -54,7 +57,7 @@ elasticsearch: # elasticsearch port port: 9200 # whether or not to connect to es_host using TLS - useSsl: "False" + useSsl: "True" # Username if authenticating to ES with basic auth username: "" # Password if authenticating to ES with basic auth @@ -95,7 +98,8 @@ extraContainers: [] ## Specify optional additional initContainers to run prior to the Elastalert2 container. extraInitContainers: [] -extraConfigOptions: {} +extraConfigOptions: + {} # # Options to propagate to all rules, e.g. a common slack_webhook_url or kibana_url # # Please note at the time of implementing this value, it will not work for required_locals # # Which MUST be set at the rule level, these are: ['alert', 'type', 'name', 'index'] @@ -130,7 +134,6 @@ extraConfigOptions: {} # slack_webhook_url: https://hooks.slack.com/services/xxxx # slack_channel_override: '#alerts' - # To load ElastAlert's rules via secret, uncomment the line below #secretRulesName: elastalert-rules-secret @@ -173,7 +176,8 @@ extraConfigOptions: {} rulesVolumeName: "rules" # additional rule configurations e.g. (http://elastalert2.readthedocs.io/en/latest/) -rules: {} +rules: + {} # deadman_slack: |- # --- # name: Deadman Switch Slack @@ -250,7 +254,8 @@ tolerations: [] # username: "" # password: "" -extraVolumes: [] +extraVolumes: + [] # - name: smtp-auth # secret: # secretName: elastalert-smtp-auth @@ -259,13 +264,13 @@ extraVolumes: [] # path: smtp_auth.yaml # mode: 0400 -extraVolumeMounts: [] +extraVolumeMounts: + [] # - name: smtp-auth # mountPath: /opt/elastalert/config-smtp/smtp_auth.yaml # subPath: smtp_auth.yaml # readOnly: true - ## @section Metrics parameters ## Prometheus metrics From a613121b13046b40edad74904e1854f098da1642 Mon Sep 17 00:00:00 2001 From: mehrdadkh Date: Tue, 15 Aug 2023 11:40:57 +0330 Subject: [PATCH 2/9] update changelog and chart readme --- CHANGELOG.md | 1 + chart/elastalert2/README.md | 1 + chart/elastalert2/values.yaml | 19 +++++++++---------- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b5809a6..faec85ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - TBD ## New features +- Add support for loading rules from a directory in helm chart - TBD ## Other changes diff --git a/chart/elastalert2/README.md b/chart/elastalert2/README.md index cb1c882c..d1d7130d 100644 --- a/chart/elastalert2/README.md +++ b/chart/elastalert2/README.md @@ -74,6 +74,7 @@ The command removes all the Kubernetes components associated with the chart and | `elasticsearch.certsVolumes` | certs volumes, required to mount ssl certificates when elasticsearch has tls enabled | `NULL` | | `elasticsearch.certsVolumeMounts` | mount certs volumes, required to mount ssl certificates when elasticsearch has tls enabled | `NULL` | | `extraConfigOptions` | Additional options to propagate to all rules, cannot be `alert`, `type`, `name` or `index` | `{}` | +| `rootRulesFolder` | Folder where you store your rules, must be in root of the chart **Note:** this will override the rules and secretRulesName values | `rules` | `secretConfigName` | name of the secret which holds the ElastAlert config. **Note:** this will completely overwrite the generated config | `NULL` | | `secretRulesName` | name of the secret which holds the ElastAlert rules. **Note:** this will overwrite the generated rules | `NULL` | | `secretRulesList` | a list of rules to enable from the secret | [] | diff --git a/chart/elastalert2/values.yaml b/chart/elastalert2/values.yaml index 577e6823..cfdfcecb 100644 --- a/chart/elastalert2/values.yaml +++ b/chart/elastalert2/values.yaml @@ -7,7 +7,8 @@ commonAnnotations: {} appKubernetesIoComponent: elastalert2 # Folder where you store your rules must be in root of the chart -rootRulesFolder: "rules" +# this will override the rules and secretRulesName values +# rootRulesFolder: "rules" # number of replicas to run replicaCount: 1 @@ -57,7 +58,7 @@ elasticsearch: # elasticsearch port port: 9200 # whether or not to connect to es_host using TLS - useSsl: "True" + useSsl: "False" # Username if authenticating to ES with basic auth username: "" # Password if authenticating to ES with basic auth @@ -98,8 +99,7 @@ extraContainers: [] ## Specify optional additional initContainers to run prior to the Elastalert2 container. extraInitContainers: [] -extraConfigOptions: - {} +extraConfigOptions: {} # # Options to propagate to all rules, e.g. a common slack_webhook_url or kibana_url # # Please note at the time of implementing this value, it will not work for required_locals # # Which MUST be set at the rule level, these are: ['alert', 'type', 'name', 'index'] @@ -134,6 +134,7 @@ extraConfigOptions: # slack_webhook_url: https://hooks.slack.com/services/xxxx # slack_channel_override: '#alerts' + # To load ElastAlert's rules via secret, uncomment the line below #secretRulesName: elastalert-rules-secret @@ -176,8 +177,7 @@ extraConfigOptions: rulesVolumeName: "rules" # additional rule configurations e.g. (http://elastalert2.readthedocs.io/en/latest/) -rules: - {} +rules: {} # deadman_slack: |- # --- # name: Deadman Switch Slack @@ -254,8 +254,7 @@ tolerations: [] # username: "" # password: "" -extraVolumes: - [] +extraVolumes: [] # - name: smtp-auth # secret: # secretName: elastalert-smtp-auth @@ -264,13 +263,13 @@ extraVolumes: # path: smtp_auth.yaml # mode: 0400 -extraVolumeMounts: - [] +extraVolumeMounts: [] # - name: smtp-auth # mountPath: /opt/elastalert/config-smtp/smtp_auth.yaml # subPath: smtp_auth.yaml # readOnly: true + ## @section Metrics parameters ## Prometheus metrics From 3d26b8cbe7126ac334a4bb140a2ef7d8b54f2c0c Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 15 Aug 2023 06:52:28 -0400 Subject: [PATCH 3/9] Update CHANGELOG.md Fix changelog syntax --- CHANGELOG.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index faec85ad..a0b9cbc9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,11 +4,10 @@ - TBD ## New features -- Add support for loading rules from a directory in helm chart - TBD ## Other changes -- TBD +- [Helm] Add support for generating rule config from a directory of rules, during chart deployment - [#1236](https://github.com/jertel/elastalert2/pull/1236) - @mehrdad-khojastefar # 2.13.0 From ba90bfed41c937be75da3ec81d49c69cd10573b2 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 15 Aug 2023 07:01:43 -0400 Subject: [PATCH 4/9] Update README.md --- chart/elastalert2/README.md | 38 ++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/chart/elastalert2/README.md b/chart/elastalert2/README.md index d1d7130d..f9767a4e 100644 --- a/chart/elastalert2/README.md +++ b/chart/elastalert2/README.md @@ -49,7 +49,7 @@ The command removes all the Kubernetes components associated with the chart and | Parameter | Description | Default | |----------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------| | `image.repository` | docker image | jertel/elastalert2 | -| `image.tag` | docker image tag | 2.13.0 | +| `image.tag` | docker image tag | 2.13.0 | | `image.pullPolicy` | image pull policy | IfNotPresent | | `image.pullSecret` | image pull secret | "" | | `podAnnotations` | Annotations to be added to pods | {} | @@ -58,7 +58,7 @@ The command removes all the Kubernetes components associated with the chart and | `command` | command override for container | `NULL` | | `args` | args override for container | `NULL` | | `replicaCount` | number of replicas to run | 1 | -| `rulesFolder` | Locaton of rules directory. Usefull when you have one docker image and different set on rules per environemnt. For example development can reside in `/opt/elastalert/develop` and production in `/opt/elastalert/production`. | /opt/elastalert/rules | +| `rulesFolder` | Locaton of rules directory. Useful when you have one Docker image and different set of rules per environemnt. | /opt/elastalert/rules | | `elasticsearch.host` | elasticsearch endpoint to use | elasticsearch | | `elasticsearch.port` | elasticsearch port to use | 9200 | | `elasticsearch.useSsl` | whether or not to connect to es_host using SSL | False | @@ -74,13 +74,12 @@ The command removes all the Kubernetes components associated with the chart and | `elasticsearch.certsVolumes` | certs volumes, required to mount ssl certificates when elasticsearch has tls enabled | `NULL` | | `elasticsearch.certsVolumeMounts` | mount certs volumes, required to mount ssl certificates when elasticsearch has tls enabled | `NULL` | | `extraConfigOptions` | Additional options to propagate to all rules, cannot be `alert`, `type`, `name` or `index` | `{}` | -| `rootRulesFolder` | Folder where you store your rules, must be in root of the chart **Note:** this will override the rules and secretRulesName values | `rules` | `secretConfigName` | name of the secret which holds the ElastAlert config. **Note:** this will completely overwrite the generated config | `NULL` | | `secretRulesName` | name of the secret which holds the ElastAlert rules. **Note:** this will overwrite the generated rules | `NULL` | | `secretRulesList` | a list of rules to enable from the secret | [] | | `optEnv` | Additional pod environment variable definitions | [] | -| `extraContainers` | List of additional containers run in the same pod as elastalert | [] | -| `extraInitContainers` | List of additional initContainers run prior to the elastalert pod | [] | +| `extraContainers` | List of additional containers run in the same pod as elastalert | [] | +| `extraInitContainers` | List of additional initContainers run prior to the elastalert pod | [] | | `extraVolumes` | Additional volume definitions | [] | | `extraVolumeMounts` | Additional volumeMount definitions | [] | | `serviceAccount.create` | Specifies whether a service account should be created. | `true` | @@ -88,26 +87,27 @@ The command removes all the Kubernetes components associated with the chart and | `serviceAccount.annotations` | ServiceAccount annotations | | | `podSecurityPolicy.create` | [DEPRECATED] Create pod security policy resources | `false` | | `resources` | Container resource requests and limits | {} | -| `rulesVolumeName` | Specifies the rules volume to be mounted. Can be changed for mounting a custom rules folder via the extraVolumes parameter, instead of using the default rules configMap or secret rule mounting method. | "rules" | +| `rootRulesFolder` | Folder where rules will be read from during deployment time. By default, 'rules' must be in root of the chart. **Note:** this will override the rules and secretRulesName values. | `rules` | +| `rulesVolumeName` | Specifies the rules volume to be mounted. Can be changed for mounting a custom rules folder via the extraVolumes parameter, instead of using the default rules configMap or secret rule mounting method. | "rules" | | `rules` | Rule and alert configuration for ElastAlert 2 | {} example shown in values.yaml | | `runIntervalMins` | Default interval between alert checks, in minutes | 1 | | `realertIntervalMins` | Time between alarms for same rule, in minutes | `NULL` | -| `scanSubdirectories` | Enable/disable subdirectory scanning for rules | `true` | +| `scanSubdirectories` | Enable/disable subdirectory scanning for rules | `true` | | `alertRetryLimitMins` | Time to retry failed alert deliveries, in minutes | 2880 (2 days) | | `bufferTimeMins` | Default rule buffer time, in minutes | 15 | | `writebackIndex` | Name or prefix of elastalert index(es) | elastalert | | `nodeSelector` | Node selector for deployment | {} | | `affinity` | Affinity specifications for the deployed pod(s) | {} | | `tolerations` | Tolerations for deployment | [] | -| `smtp_auth.username` | Optional SMTP mail server username. If the value is not empty, the smtp_auth secret will be created automatically. | `NULL` | -| `smtp_auth.password` | Optional SMTP mail server passwpord. This must be specified if the above field, `smtp_auth.username` is also specified. | `NULL` | -| `metrics.enabled` | Enable elastalert prometheus endpoint, add prometheus.io annotations to pod and create a service pointing to the port for prometheus to scrape the metrics | `false` | -| `metrics.prometheusPort` | If "metrics" is set to true, prometheus metrics will be exposed by the pod on this port. | `8080` | -| `metrics.prometheusPortName` | Name of the port where metrics are exposed | `http-alt` | -| `metrics.prometheusScrapeAnnotations` | If metrics are enabled, annotations to add to the pod for prometheus configuration. prometheus.io/port is also added during the prometheusPort and prometheusPortName values | `{prometheus.io/scrape: "true" prometheus.io/path: "/"}` | -| `metrics.serviceMonitor.enabled` | If metrics are enabled, create a serviceMonitor custom resource for prometheus-operator to detect and configure the metrics endpoint on prometheus. | `false` | -| `metrics.serviceMonitor.labels` | Labels to add to the prometheusRule object for prometheus-operator to detect it, when deployed on a namespace different from the one where prometheus-operator is running. | `{}` | -| `metrics.serviceMonitor.metricRelabelings` | List of prometheus metric relabeling configs to apply to scrape. Example: drop python_gc metrics or alter pod name | `[]` | -| `metrics.prometheusRule.enabled` | If metrics are enabled, create a prometheusRule custom resource for prometheus-operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Labels to add to the prometheusRule object for prometheus-operator to detect it, when deployed on a namespace different from the one where prometheus-operator is running. | `{}` | -| `metrics.prometheusRule.rules` | Group of alerting and/or recording rules to add to the prometheus configuration, example Alerting rules for pod down, or for file descriptors. Should be added as multiline Yaml string | `` | +| `smtp_auth.username` | Optional SMTP mail server username. If the value is not empty, the smtp_auth secret will be created automatically. | `NULL` | +| `smtp_auth.password` | Optional SMTP mail server passwpord. This must be specified if the above field, `smtp_auth.username` is also specified. | `NULL` | +| `metrics.enabled` | Enable elastalert prometheus endpoint, add prometheus.io annotations to pod and create a service pointing to the port for prometheus to scrape the metrics | `false` | +| `metrics.prometheusPort` | If "metrics" is set to true, prometheus metrics will be exposed by the pod on this port. | `8080` | +| `metrics.prometheusPortName` | Name of the port where metrics are exposed | `http-alt` | +| `metrics.prometheusScrapeAnnotations` | If metrics are enabled, annotations to add to the pod for prometheus configuration. prometheus.io/port is also added during the prometheusPort and prometheusPortName values | `{prometheus.io/scrape: "true" prometheus.io/path: "/"}` | +| `metrics.serviceMonitor.enabled` | If metrics are enabled, create a serviceMonitor custom resource for prometheus-operator to detect and configure the metrics endpoint on prometheus. | `false` | +| `metrics.serviceMonitor.labels` | Labels to add to the prometheusRule object for prometheus-operator to detect it, when deployed on a namespace different from the one where prometheus-operator is running. | `{}` | +| `metrics.serviceMonitor.metricRelabelings` | List of prometheus metric relabeling configs to apply to scrape. Example: drop python_gc metrics or alter pod name. | `[]` | +| `metrics.prometheusRule.enabled` | If metrics are enabled, create a prometheusRule custom resource for prometheus-operator. | `false` | +| `metrics.prometheusRule.additionalLabels` | Labels to add to the prometheusRule object for prometheus-operator to detect it, when deployed on a namespace different from the one where prometheus-operator is running. | `{}` | +| `metrics.prometheusRule.rules` | Group of alerting and/or recording rules to add to the prometheus configuration, example Alerting rules for pod down, or for file descriptors. Should be added as multiline Yaml string. | `` | From 5686ff2eb3209e718819ffe2f640d257ffe6456a Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 15 Aug 2023 07:20:00 -0400 Subject: [PATCH 5/9] Update values.yaml --- chart/elastalert2/values.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/chart/elastalert2/values.yaml b/chart/elastalert2/values.yaml index cfdfcecb..47de6d2e 100644 --- a/chart/elastalert2/values.yaml +++ b/chart/elastalert2/values.yaml @@ -6,8 +6,10 @@ commonLabels: {} commonAnnotations: {} appKubernetesIoComponent: elastalert2 -# Folder where you store your rules must be in root of the chart -# this will override the rules and secretRulesName values +# Folder where Helm can find local rules prior to deployment to the k8s cluster. By default, +# 'rules' folder must be located in the root of the chart directory. Note that this setting +# will override the rules and secretRulesName values. Again, these rules are only read +# during the time of the chart deployment (installation) into the cluster. # rootRulesFolder: "rules" # number of replicas to run From 7db71cbe3669d0ed521c979f4b7b6edc6c1bdecf Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 15 Aug 2023 08:27:27 -0400 Subject: [PATCH 6/9] Update values.yaml --- chart/elastalert2/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/chart/elastalert2/values.yaml b/chart/elastalert2/values.yaml index 47de6d2e..363ca35c 100644 --- a/chart/elastalert2/values.yaml +++ b/chart/elastalert2/values.yaml @@ -10,6 +10,7 @@ appKubernetesIoComponent: elastalert2 # 'rules' folder must be located in the root of the chart directory. Note that this setting # will override the rules and secretRulesName values. Again, these rules are only read # during the time of the chart deployment (installation) into the cluster. +# IMPORTANT: Rule files MUST use the 4-character .yaml extension. # rootRulesFolder: "rules" # number of replicas to run From d3a6ab904723e5ad72274eb94a47864a39af8461 Mon Sep 17 00:00:00 2001 From: mehrdadkh Date: Tue, 15 Aug 2023 19:38:08 +0330 Subject: [PATCH 7/9] Add yml and yaml support. Add enabledRules --- .../rules/deadman/deadman_pagerduty.yml | 14 +++++++++++ chart/elastalert2/templates/rules.yaml | 25 +++++++++++-------- 2 files changed, 28 insertions(+), 11 deletions(-) create mode 100644 chart/elastalert2/rules/deadman/deadman_pagerduty.yml diff --git a/chart/elastalert2/rules/deadman/deadman_pagerduty.yml b/chart/elastalert2/rules/deadman/deadman_pagerduty.yml new file mode 100644 index 00000000..ae24c41e --- /dev/null +++ b/chart/elastalert2/rules/deadman/deadman_pagerduty.yml @@ -0,0 +1,14 @@ +name: Deadman Switch PagerDuty +type: frequency +index: containers-* +num_events: 3 +timeframe: + minutes: 3 +filter: + - term: + message: "deadmanpd" +alert: + - "pagerduty" +pagerduty: +pagerduty_service_key: dummy +pagerduty_client_name: ElastAlert Deadman Switch diff --git a/chart/elastalert2/templates/rules.yaml b/chart/elastalert2/templates/rules.yaml index b0b52ffd..e2498d7c 100644 --- a/chart/elastalert2/templates/rules.yaml +++ b/chart/elastalert2/templates/rules.yaml @@ -8,16 +8,19 @@ metadata: {{- end }} data: {{- if .Values.rootRulesFolder }} - {{- $rulesDirectory := printf "%v/**.yaml" .Values.rootRulesFolder -}} - {{- range $rule, $_ := .Files.Glob $rulesDirectory }} - {{ base $rule }}: |- -{{ $.Files.Get $rule | indent 6 }} - {{ end }} +{{- $rulesDirectory := printf "%v/**.{yaml,yml}" .Values.rootRulesFolder -}} +{{- $enabledRules := .Values.enabledRules -}} +{{- range $rule, $_ := .Files.Glob $rulesDirectory -}} + {{- $ruleBase := base $rule -}} + {{- $ruleName := regexReplaceAll "\\.(yaml|yml)$" $ruleBase "" -}} + {{- if has $ruleName $enabledRules }} + {{ $ruleBase }}: |- +{{ $.Files.Get $rule | indent 4 }} + {{- end }} +{{- end }} {{- else }} - {{- range $key, $value := .Values.rules }} - {{ $key | indent 2}}: |- - {{ $value | indent 4}} - {{- end }} +{{- range $key, $value := .Values.rules }} + {{ $key }}: |- +{{ $value | indent 2 }} +{{- end }} {{- end }} - - From cc69dc80da0737fc4b55fd598a28536ee8104e97 Mon Sep 17 00:00:00 2001 From: mehrdadkh Date: Tue, 15 Aug 2023 19:38:31 +0330 Subject: [PATCH 8/9] Update values and rename a rule --- .../rules/deadman/deadman_pagerduty.yaml | 14 -------------- chart/elastalert2/values.yaml | 2 +- 2 files changed, 1 insertion(+), 15 deletions(-) delete mode 100644 chart/elastalert2/rules/deadman/deadman_pagerduty.yaml diff --git a/chart/elastalert2/rules/deadman/deadman_pagerduty.yaml b/chart/elastalert2/rules/deadman/deadman_pagerduty.yaml deleted file mode 100644 index ae24c41e..00000000 --- a/chart/elastalert2/rules/deadman/deadman_pagerduty.yaml +++ /dev/null @@ -1,14 +0,0 @@ -name: Deadman Switch PagerDuty -type: frequency -index: containers-* -num_events: 3 -timeframe: - minutes: 3 -filter: - - term: - message: "deadmanpd" -alert: - - "pagerduty" -pagerduty: -pagerduty_service_key: dummy -pagerduty_client_name: ElastAlert Deadman Switch diff --git a/chart/elastalert2/values.yaml b/chart/elastalert2/values.yaml index 363ca35c..cdc0a8fd 100644 --- a/chart/elastalert2/values.yaml +++ b/chart/elastalert2/values.yaml @@ -10,8 +10,8 @@ appKubernetesIoComponent: elastalert2 # 'rules' folder must be located in the root of the chart directory. Note that this setting # will override the rules and secretRulesName values. Again, these rules are only read # during the time of the chart deployment (installation) into the cluster. -# IMPORTANT: Rule files MUST use the 4-character .yaml extension. # rootRulesFolder: "rules" +# enabledRules: ["deadman_slack", "deadman_pagerduty"] # number of replicas to run replicaCount: 1 From c5e3968194dfb7c0b5e1804bac7b1e2ed2a02369 Mon Sep 17 00:00:00 2001 From: mehrdadkh Date: Tue, 15 Aug 2023 19:41:50 +0330 Subject: [PATCH 9/9] Update chart's readme --- chart/elastalert2/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/chart/elastalert2/README.md b/chart/elastalert2/README.md index f9767a4e..904daa86 100644 --- a/chart/elastalert2/README.md +++ b/chart/elastalert2/README.md @@ -88,6 +88,7 @@ The command removes all the Kubernetes components associated with the chart and | `podSecurityPolicy.create` | [DEPRECATED] Create pod security policy resources | `false` | | `resources` | Container resource requests and limits | {} | | `rootRulesFolder` | Folder where rules will be read from during deployment time. By default, 'rules' must be in root of the chart. **Note:** this will override the rules and secretRulesName values. | `rules` | +| `enabledRules` | Name of the active rules without file extension | `[]` | | `rulesVolumeName` | Specifies the rules volume to be mounted. Can be changed for mounting a custom rules folder via the extraVolumes parameter, instead of using the default rules configMap or secret rule mounting method. | "rules" | | `rules` | Rule and alert configuration for ElastAlert 2 | {} example shown in values.yaml | | `runIntervalMins` | Default interval between alert checks, in minutes | 1 |