From 67f5e2c9ff330e3889a2781094c77e0ac30cc04a Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sat, 17 May 2025 22:20:38 -0500 Subject: [PATCH] add ntfy alertmanager bridge --- .../kube-prometheus-stack/Chart.yaml | 8 ++ .../templates/external-secret.yaml | 46 +++++++++-- .../kube-prometheus-stack/values.yaml | 82 +++++++++++++++++-- 3 files changed, 121 insertions(+), 15 deletions(-) diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml index cbecee20b..e47f11b38 100644 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml +++ b/clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml @@ -19,5 +19,13 @@ dependencies: - name: kube-prometheus-stack version: 72.5.0 repository: https://prometheus-community.github.io/helm-charts + - name: app-template + alias: ntfy-alertmanager + repository: https://bjw-s-labs.github.io/helm-charts/ + version: 4.0.1 + - name: valkey + alias: valkey-ntfy-alertmanager + version: 3.0.6 + repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png appVersion: v0.82.0 diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml index b16294475..04b29e2e9 100644 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml +++ b/clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml @@ -12,13 +12,6 @@ spec: kind: ClusterSecretStore name: vault data: - - secretKey: discord_webhook - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /discord/webhook/alertmanager - metadataPolicy: None - property: webhook - secretKey: pushover_token remoteRef: conversionStrategy: Default @@ -26,10 +19,47 @@ spec: key: /pushover/key metadataPolicy: None property: alertmanager_key - - secretKey: user_key + - secretKey: pushover_user_key remoteRef: conversionStrategy: Default decodingStrategy: None key: /pushover/key metadataPolicy: None property: user_key + - secretKey: ntfy_password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /pushover/key + metadataPolicy: None + property: ntfy_password + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: ntfy-alertmanager-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ntfy-alertmanager-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ntfy_password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager + metadataPolicy: None + property: ntfy_password + - secretKey: config + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager + metadataPolicy: None + property: config diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml index 0e7569756..1962e5b56 100644 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml +++ b/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml @@ -19,7 +19,7 @@ kube-prometheus-stack: group_wait: 30s group_interval: 5m repeat_interval: 24h - receiver: discord + receiver: "null" routes: - receiver: "null" matchers: @@ -30,17 +30,25 @@ kube-prometheus-stack: repeat_interval: 24h matchers: - severity = "critical" + - receiver: "ntfy" + group_wait: 10s + group_interval: 5m + repeat_interval: 24h + matchers: + - severity = "warning|info" receivers: - - name: "null" - - name: discord - discord_configs: - - send_resolved: true - webhook_url_file: /etc/alertmanager/secrets/alertmanager-config-secret/discord_webhook - name: pushover pushover_configs: - send_resolved: true - user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/user_key + user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_user_key token_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_token + - name: "ntfy" + webhook_configs: + - url: "http://127.0.0.1:8080" + http_config: + basic_auth: + username: ntfy-alertmanager + password_file: /etc/alertmanager/secrets/alertmanager-config-secret/ntfy_password alertmanagerSpec: secrets: - alertmanager-config-secret @@ -169,3 +177,63 @@ kube-prometheus-stack: resources: requests: storage: 200Gi +ntfy-alertmanager: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: xenrox/ntfy-alertmanager + tag: 0.4.0 + pullPolicy: IfNotPresent + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: / + port: http + readiness: + enabled: true + custom: true + spec: + httpGet: + path: / + port: http + service: + main: + controller: main + ports: + http: + port: 80 + targetPort: 8080 + protocol: HTTP + persistence: + config: + enabled: true + type: secret + name: ntfy-alertmanager-config-secret + advancedMounts: + main: + main: + - path: /etc/ntfy-alertmanager/config + readOnly: true + mountPropagation: None + subPath: config +valkey-ntfy-alertmanager: + fullnameOverride: ntfy-alertmanager-valkey + architecture: standalone + auth: + enabled: false + usePasswordFiles: false + primary: + persistence: + enabled: false + replica: + persistence: + enabled: false