feat: AlertManager Matrix integration with severity routing
Deploy matrix-alertmanager-receiver bridge (pending bot credentials in OpenBao). Update AlertManager routing: critical → Matrix + email, warning → Matrix only, Watchdog → null. Reduce repeat interval to 4h.
This commit is contained in:
65
base/monitoring/matrix-alertmanager-receiver-deployment.yaml
Normal file
65
base/monitoring/matrix-alertmanager-receiver-deployment.yaml
Normal file
@@ -0,0 +1,65 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: matrix-alertmanager-receiver
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app: matrix-alertmanager-receiver
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: matrix-alertmanager-receiver
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: matrix-alertmanager-receiver
|
||||
spec:
|
||||
containers:
|
||||
- name: receiver
|
||||
image: ghcr.io/metio/matrix-alertmanager-receiver:2024.11.27
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: MAR_HOMESERVER_URL
|
||||
value: "http://tuwunel.matrix.svc.cluster.local:6167"
|
||||
- name: MAR_USER_ID
|
||||
value: "@alertbot:sunbeam.pt"
|
||||
- name: MAR_ACCESS_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: matrix-bot-creds
|
||||
key: access_token
|
||||
- name: MAR_ROOM_MAPPING
|
||||
value: "ops=$(ROOM_ID)"
|
||||
- name: ROOM_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: matrix-bot-creds
|
||||
key: room_id
|
||||
- name: MAR_PORT
|
||||
value: "3000"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 32Mi
|
||||
limits:
|
||||
memory: 64Mi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: matrix-alertmanager-receiver
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app: matrix-alertmanager-receiver
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 3000
|
||||
targetPort: 3000
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: matrix-alertmanager-receiver
|
||||
27
base/monitoring/matrix-bot-secret.yaml
Normal file
27
base/monitoring/matrix-bot-secret.yaml
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
# Matrix alertbot credentials from OpenBao KV at secret/alertbot.
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: matrix-bot-creds
|
||||
namespace: monitoring
|
||||
spec:
|
||||
vaultAuthRef: vso-auth
|
||||
mount: secret
|
||||
type: kv-v2
|
||||
path: alertbot
|
||||
refreshAfter: 30s
|
||||
rolloutRestartTargets:
|
||||
- kind: Deployment
|
||||
name: matrix-alertmanager-receiver
|
||||
destination:
|
||||
name: matrix-bot-creds
|
||||
create: true
|
||||
overwrite: true
|
||||
transformation:
|
||||
excludeRaw: true
|
||||
templates:
|
||||
access_token:
|
||||
text: "{{ index .Secrets \"access_token\" }}"
|
||||
room_id:
|
||||
text: "{{ index .Secrets \"room_id\" }}"
|
||||
@@ -138,13 +138,35 @@ alertmanager:
|
||||
group_by: [alertname, namespace]
|
||||
group_wait: 30s
|
||||
group_interval: 5m
|
||||
repeat_interval: 12h
|
||||
receiver: email
|
||||
repeat_interval: 4h
|
||||
receiver: matrix
|
||||
routes:
|
||||
- matchers:
|
||||
- alertname = Watchdog
|
||||
receiver: "null"
|
||||
- matchers:
|
||||
- severity = critical
|
||||
receiver: critical
|
||||
- matchers:
|
||||
- severity = warning
|
||||
receiver: matrix
|
||||
receivers:
|
||||
- name: "null"
|
||||
- name: email
|
||||
email_configs:
|
||||
- to: "ops@DOMAIN_SUFFIX"
|
||||
send_resolved: true
|
||||
- name: matrix
|
||||
webhook_configs:
|
||||
- url: "http://matrix-alertmanager-receiver.monitoring.svc.cluster.local:3000/alerts"
|
||||
send_resolved: true
|
||||
- name: critical
|
||||
webhook_configs:
|
||||
- url: "http://matrix-alertmanager-receiver.monitoring.svc.cluster.local:3000/alerts"
|
||||
send_resolved: true
|
||||
email_configs:
|
||||
- to: "ops@DOMAIN_SUFFIX"
|
||||
send_resolved: true
|
||||
|
||||
# Disable monitors for components k3s doesn't expose
|
||||
kubeEtcd:
|
||||
|
||||
Reference in New Issue
Block a user