fix: meet external-api route, drive media proxy, alertbot, misc tweaks
- Meet: add external-api backend path, CSRF trusted origins - Drive: fix media proxy regex for preview URLs and S3 key signing - OpenBao: enable Prometheus telemetry - Postgres alerts: fix metric name (cnpg_backends_total) - Gitea: bump memory limits for mirror workloads - Alertbot: expanded deployment config - Kratos: add find/cal/projects to allowed return URLs, settings path - Pingora: meet external-api route fix - Sol: config update
This commit is contained in:
@@ -1,4 +1,29 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: matrix-alertmanager-receiver-config
|
||||
namespace: monitoring
|
||||
data:
|
||||
config.yaml: |
|
||||
http:
|
||||
port: 3000
|
||||
alerts-path-prefix: /alerts
|
||||
matrix:
|
||||
homeserver-url: "http://tuwunel.matrix.svc.cluster.local:6167"
|
||||
user-id: "@alertbot:sunbeam.pt"
|
||||
access-token: "ACCESS_TOKEN_PLACEHOLDER"
|
||||
room-mapping:
|
||||
alerts: "ROOM_ID_PLACEHOLDER"
|
||||
templating:
|
||||
firing-template: |
|
||||
🔥 <strong>{{ .Alert.Labels.alertname }}</strong> [{{ .Alert.Labels.severity }}]<br/>
|
||||
{{ .Alert.Annotations.summary }}<br/>
|
||||
<em>{{ .Alert.Annotations.description }}</em>
|
||||
resolved-template: |
|
||||
✅ <strong>RESOLVED: {{ .Alert.Labels.alertname }}</strong><br/>
|
||||
{{ .Alert.Annotations.summary }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@@ -16,37 +41,59 @@ spec:
|
||||
labels:
|
||||
app: matrix-alertmanager-receiver
|
||||
spec:
|
||||
initContainers:
|
||||
# Inject secrets into config file — the receiver reads a YAML file,
|
||||
# not env vars. We template the placeholders with real values from
|
||||
# the matrix-bot-creds Secret.
|
||||
- name: inject-secrets
|
||||
image: busybox
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
cp /config-template/config.yaml /config/config.yaml
|
||||
sed -i "s|ACCESS_TOKEN_PLACEHOLDER|$(cat /secrets/access_token)|" /config/config.yaml
|
||||
sed -i "s|ROOM_ID_PLACEHOLDER|$(cat /secrets/room_id)|" /config/config.yaml
|
||||
volumeMounts:
|
||||
- name: config-template
|
||||
mountPath: /config-template
|
||||
readOnly: true
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: secrets
|
||||
mountPath: /secrets
|
||||
readOnly: true
|
||||
resources:
|
||||
limits:
|
||||
memory: 16Mi
|
||||
requests:
|
||||
memory: 8Mi
|
||||
cpu: 5m
|
||||
containers:
|
||||
- name: receiver
|
||||
image: ghcr.io/metio/matrix-alertmanager-receiver:2024.11.27
|
||||
image: metio/matrix-alertmanager-receiver:latest
|
||||
args: ["--config-path", "/config/config.yaml"]
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: MAR_HOMESERVER_URL
|
||||
value: "http://tuwunel.matrix.svc.cluster.local:6167"
|
||||
- name: MAR_USER_ID
|
||||
value: "@alertbot:sunbeam.pt"
|
||||
- name: MAR_ACCESS_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: matrix-bot-creds
|
||||
key: access_token
|
||||
- name: MAR_ROOM_MAPPING
|
||||
value: "ops=$(ROOM_ID)"
|
||||
- name: ROOM_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: matrix-bot-creds
|
||||
key: room_id
|
||||
- name: MAR_PORT
|
||||
value: "3000"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
readOnly: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 32Mi
|
||||
limits:
|
||||
memory: 64Mi
|
||||
volumes:
|
||||
- name: config-template
|
||||
configMap:
|
||||
name: matrix-alertmanager-receiver-config
|
||||
- name: config
|
||||
emptyDir: {}
|
||||
- name: secrets
|
||||
secret:
|
||||
secretName: matrix-bot-creds
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
||||
Reference in New Issue
Block a user