add ntfy alertmanager bridge

clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml

@@ -19,5 +19,13 @@ dependencies:
   - name: kube-prometheus-stack
     version: 72.5.0
     repository: https://prometheus-community.github.io/helm-charts
+  - name: app-template
+    alias: ntfy-alertmanager
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.0.1
+  - name: valkey
+    alias: valkey-ntfy-alertmanager
+    version: 3.0.6
+    repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
 appVersion: v0.82.0

clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml

@@ -12,13 +12,6 @@ spec:
     kind: ClusterSecretStore
     name: vault
   data:
-    - secretKey: discord_webhook
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /discord/webhook/alertmanager
-        metadataPolicy: None
-        property: webhook
     - secretKey: pushover_token
       remoteRef:
         conversionStrategy: Default
@@ -26,10 +19,47 @@ spec:
         key: /pushover/key
         metadataPolicy: None
         property: alertmanager_key
-    - secretKey: user_key
+    - secretKey: pushover_user_key
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
         key: /pushover/key
         metadataPolicy: None
         property: user_key
+    - secretKey: ntfy_password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /pushover/key
+        metadataPolicy: None
+        property: ntfy_password
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: ntfy-alertmanager-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ntfy-alertmanager-config-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ntfy_password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
+        metadataPolicy: None
+        property: ntfy_password
+    - secretKey: config
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
+        metadataPolicy: None
+        property: config

clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml

@@ -19,7 +19,7 @@ kube-prometheus-stack:
         group_wait: 30s
         group_interval: 5m
         repeat_interval: 24h
-        receiver: discord
+        receiver: "null"
         routes:
           - receiver: "null"
             matchers:
@@ -30,17 +30,25 @@ kube-prometheus-stack:
             repeat_interval: 24h
             matchers:
               - severity = "critical"
+          - receiver: "ntfy"
+            group_wait: 10s
+            group_interval: 5m
+            repeat_interval: 24h
+            matchers:
+              - severity = "warning|info"
       receivers:
-        - name: "null"
-        - name: discord
-          discord_configs:
-            - send_resolved: true
-              webhook_url_file: /etc/alertmanager/secrets/alertmanager-config-secret/discord_webhook
         - name: pushover
           pushover_configs:
             - send_resolved: true
-              user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/user_key
+              user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_user_key
               token_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_token
+        - name: "ntfy"
+          webhook_configs:
+            - url: "http://127.0.0.1:8080"
+              http_config:
+                basic_auth:
+                  username: ntfy-alertmanager
+                  password_file: /etc/alertmanager/secrets/alertmanager-config-secret/ntfy_password
     alertmanagerSpec:
       secrets:
         - alertmanager-config-secret
@@ -169,3 +177,63 @@ kube-prometheus-stack:
             resources:
               requests:
                 storage: 200Gi
+ntfy-alertmanager:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: xenrox/ntfy-alertmanager
+            tag: 0.4.0
+            pullPolicy: IfNotPresent
+          probes:
+            liveness:
+              enabled: true
+              custom: true
+              spec:
+                httpGet:
+                  path: /
+                  port: http
+            readiness:
+              enabled: true
+              custom: true
+              spec:
+                httpGet:
+                  path: /
+                  port: http
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 80
+          targetPort: 8080
+          protocol: HTTP
+  persistence:
+    config:
+      enabled: true
+      type: secret
+      name: ntfy-alertmanager-config-secret
+      advancedMounts:
+        main:
+          main:
+            - path: /etc/ntfy-alertmanager/config
+              readOnly: true
+              mountPropagation: None
+              subPath: config
+valkey-ntfy-alertmanager:
+  fullnameOverride: ntfy-alertmanager-valkey
+  architecture: standalone
+  auth:
+    enabled: false
+    usePasswordFiles: false
+  primary:
+    persistence:
+      enabled: false
+  replica:
+    persistence:
+      enabled: false