From 282e679a4967ce52a3704286cebb5810c98dfbe0 Mon Sep 17 00:00:00 2001 From: adamlahbib Date: Mon, 18 Nov 2024 14:29:33 +0100 Subject: [PATCH] Refactor ingress configuration to remove SSL redirect and force SSL redirect annotations, and change backend protocol to HTTP for monitoring-ingress resource --- .dockerignore | 1 + .github/actions/terraform-apply/action.yaml | 4 + .github/actions/terraform-destroy/action.yaml | 4 + .github/actions/terraform-plan/action.yaml | 4 + .github/workflows/destroy.yaml | 4 +- .github/workflows/plan.yaml | 4 +- .github/workflows/sync-and-deploy.yaml | 2 + .github/workflows/test.yaml | 10 +- Makefile | 8 +- requirements.txt | 3 +- terraform/assets/21419.json | 2849 +++++++++++++++++ terraform/assets/crowdsec-ingress-nginx.yaml | 29 + .../crowdsec-values.yaml} | 16 + terraform/ingress.tf | 60 +- terraform/monitoring.tf | 35 +- terraform/security.tf | 40 +- terraform/tailscale.tf | 2 +- terraform/variables.tf | 1 + 18 files changed, 3051 insertions(+), 25 deletions(-) create mode 100644 .dockerignore create mode 100644 terraform/assets/21419.json create mode 100644 terraform/assets/crowdsec-ingress-nginx.yaml rename terraform/{values/crowdsec.yaml => assets/crowdsec-values.yaml} (63%) diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..5926f8d --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +readme.md \ No newline at end of file diff --git a/.github/actions/terraform-apply/action.yaml b/.github/actions/terraform-apply/action.yaml index 1465a71..08a054f 100644 --- a/.github/actions/terraform-apply/action.yaml +++ b/.github/actions/terraform-apply/action.yaml @@ -44,6 +44,9 @@ inputs: TAILSCALE_CLIENT_SECRET: description: 'Tailscale Client Secret' required: true + CROWDSEC_ENROLL_KEY: + description: 'CrowdSec Enroll Key' + required: true runs: using: 'composite' @@ -65,6 +68,7 @@ runs: TF_VAR_SLACK_WEBHOOK: ${{ inputs.SLACK_WEBHOOK }} TF_VAR_TAILSCALE_CLIENT_ID: ${{ inputs.TAILSCALE_CLIENT_ID }} TF_VAR_TAILSCALE_CLIENT_SECRET: ${{ inputs.TAILSCALE_CLIENT_SECRET }} + TF_VAR_CROWDSEC_ENROLL_KEY: ${{ inputs.CROWDSEC_ENROLL_KEY }} uses: dflook/terraform-apply@v1 with: path: ./terraform diff --git a/.github/actions/terraform-destroy/action.yaml b/.github/actions/terraform-destroy/action.yaml index 8df83db..f89fecd 100644 --- a/.github/actions/terraform-destroy/action.yaml +++ b/.github/actions/terraform-destroy/action.yaml @@ -44,6 +44,9 @@ inputs: TAILSCALE_CLIENT_SECRET: description: 'Tailscale Client Secret' required: true + CROWDSEC_ENROLL_KEY: + description: 'CrowdSec Enroll Key' + required: true runs: using: 'composite' @@ -65,6 +68,7 @@ runs: TF_VAR_SLACK_WEBHOOK: ${{ inputs.SLACK_WEBHOOK }} TF_VAR_TAILSCALE_CLIENT_ID: ${{ inputs.TAILSCALE_CLIENT_ID }} TF_VAR_TAILSCALE_CLIENT_SECRET: ${{ inputs.TAILSCALE_CLIENT_SECRET }} + TF_VAR_CROWDSEC_ENROLL_KEY: ${{ inputs.CROWDSEC_ENROLL_KEY }} uses: dflook/terraform-destroy@v1 with: path: ./terraform diff --git a/.github/actions/terraform-plan/action.yaml b/.github/actions/terraform-plan/action.yaml index 909cbad..a4eb607 100644 --- a/.github/actions/terraform-plan/action.yaml +++ b/.github/actions/terraform-plan/action.yaml @@ -47,6 +47,9 @@ inputs: TAILSCALE_CLIENT_SECRET: description: 'Tailscale Client Secret' required: true + CROWDSEC_ENROLL_KEY: + description: 'CrowdSec Enroll Key' + required: true runs: using: 'composite' @@ -72,6 +75,7 @@ runs: TF_VAR_SLACK_WEBHOOK: ${{ inputs.SLACK_WEBHOOK }} TF_VAR_TAILSCALE_CLIENT_ID: ${{ inputs.TAILSCALE_CLIENT_ID }} TF_VAR_TAILSCALE_CLIENT_SECRET: ${{ inputs.TAILSCALE_CLIENT_SECRET }} + TF_VAR_CROWDSEC_ENROLL_KEY: ${{ inputs.CROWDSEC_ENROLL_KEY }} uses: dflook/terraform-plan@v1 with: path: ./terraform diff --git a/.github/workflows/destroy.yaml b/.github/workflows/destroy.yaml index d201152..c83880d 100644 --- a/.github/workflows/destroy.yaml +++ b/.github/workflows/destroy.yaml @@ -17,6 +17,7 @@ env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} TAILSCALE_CLIENT_ID: ${{ secrets.TAILSCALE_CLIENT_ID }} TAILSCALE_CLIENT_SECRET: ${{ secrets.TAILSCALE_CLIENT_SECRET }} + CROWDSEC_ENROLL_KEY: ${{ secrets.CROWDSEC_ENROLL_KEY }} jobs: terraform-destroy: @@ -55,4 +56,5 @@ jobs: CLOUDFLARE_API_TOKEN: ${{ env.CLOUDFLARE_API_TOKEN }} SLACK_WEBHOOK: ${{ env.SLACK_WEBHOOK }} TAILSCALE_CLIENT_ID: ${{ env.TAILSCALE_CLIENT_ID }} - TAILSCALE_CLIENT_SECRET: ${{ env.TAILSCALE_CLIENT_SECRET }} \ No newline at end of file + TAILSCALE_CLIENT_SECRET: ${{ env.TAILSCALE_CLIENT_SECRET }} + CROWDSEC_ENROLL_KEY: ${{ env.CROWDSEC_ENROLL_KEY }} \ No newline at end of file diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index c81ac02..93ed134 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -25,6 +25,7 @@ env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} TAILSCALE_CLIENT_ID: ${{ secrets.TAILSCALE_CLIENT_ID }} TAILSCALE_CLIENT_SECRET: ${{ secrets.TAILSCALE_CLIENT_SECRET }} + CROWDSEC_ENROLL_KEY: ${{ secrets.CROWDSEC_ENROLL_KEY }} jobs: terraform-plan: @@ -64,4 +65,5 @@ jobs: CLOUDFLARE_API_TOKEN: ${{ env.CLOUDFLARE_API_TOKEN }} SLACK_WEBHOOK: ${{ env.SLACK_WEBHOOK }} TAILSCALE_CLIENT_ID: ${{ env.TAILSCALE_CLIENT_ID }} - TAILSCALE_CLIENT_SECRET: ${{ env.TAILSCALE_CLIENT_SECRET }} \ No newline at end of file + TAILSCALE_CLIENT_SECRET: ${{ env.TAILSCALE_CLIENT_SECRET }} + CROWDSEC_ENROLL_KEY: ${{ env.CROWDSEC_ENROLL_KEY }} \ No newline at end of file diff --git a/.github/workflows/sync-and-deploy.yaml b/.github/workflows/sync-and-deploy.yaml index 915c3cd..9469851 100644 --- a/.github/workflows/sync-and-deploy.yaml +++ b/.github/workflows/sync-and-deploy.yaml @@ -22,6 +22,7 @@ env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} TAILSCALE_CLIENT_ID: ${{ secrets.TAILSCALE_CLIENT_ID }} TAILSCALE_CLIENT_SECRET: ${{ secrets.TAILSCALE_CLIENT_SECRET }} + CROWDSEC_ENROLL_KEY: ${{ secrets.CROWDSEC_ENROLL_KEY }} jobs: terraform-apply: @@ -63,6 +64,7 @@ jobs: SLACK_WEBHOOK: ${{ env.SLACK_WEBHOOK }} TAILSCALE_CLIENT_ID: ${{ env.TAILSCALE_CLIENT_ID }} TAILSCALE_CLIENT_SECRET: ${{ env.TAILSCALE_CLIENT_SECRET }} + CROWDSEC_ENROLL_KEY: ${{ env.CROWDSEC_ENROLL_KEY }} - name: Prepare Slack Notification if: always() diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 6333f4b..9cb3892 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,3 +1,6 @@ +# The pipeline can have failed steps marked as successful by using continue-on-error: true. +# If needed, I just went with the default setting for the sake of simplicity and used the always() condition to ensure that any step runs regardless of the outcome of the previous steps. + name: Test Pipeline on: @@ -11,7 +14,7 @@ jobs: runs-on: ubuntu-latest name: Test Application outputs: - message: "Bandit Security Linting: ${{ steps.bandit.outcome }}\nTrufflehog Leaked Secret Scanning: ${{ steps.trufflehog.outcome }}\nGrype Container Vulnerability Scanning: ${{ steps.grype.outcome }}\nApplication Tests: ${{ steps.tests.outcome }}" + message: "Bandit Security Linting: ${{ steps.bandit.outcome }}\nTrufflehog Leaked Secret Scanning: ${{ steps.trufflehog.outcome }}\nGrype Container Vulnerability Scanning: ${{ steps.grype.outcome }}\nApplication Tests: ${{ steps.tests.outcome }}\nFlake8 Linting: ${{ steps.lint.outcome }}" steps: - name: Checkout uses: actions/checkout@v4 @@ -62,6 +65,11 @@ jobs: if: always() run: make run + - name: Flake8 Linting # I had linting running inside the container as the application uses uvicorn, a server that won't exit if any errors are found and thus the container would not stop running + id: lint + if: always() + run: make lint + - name: Run-Tests id: tests if: always() diff --git a/Makefile b/Makefile index b0c62a3..dea06bb 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ DOCKER_COMPOSE = docker compose -.PHONY: run build test clean +.PHONY: run build test clean lint build: @$(DOCKER_COMPOSE) build @@ -11,5 +11,11 @@ run: test: @$(DOCKER_COMPOSE) run --rm app pytest --cov=app --cov-report=term-missing +lint: + @echo "Running flake8 for syntax errors and undefined names..." + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + @echo "Running flake8 with relaxed rules (warnings only)..." + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + clean: @$(DOCKER_COMPOSE) down --volumes --remove-orphans diff --git a/requirements.txt b/requirements.txt index 4b736f6..90a1677 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,4 +3,5 @@ uvicorn==0.30.5 pydantic==1.10.10 pytest==7.4.2 pytest-cov==4.1.0 -httpx==0.23.0 \ No newline at end of file +httpx==0.23.0 +flake8==7.1.1 \ No newline at end of file diff --git a/terraform/assets/21419.json b/terraform/assets/21419.json new file mode 100644 index 0000000..ed33e08 --- /dev/null +++ b/terraform/assets/21419.json @@ -0,0 +1,2849 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "11.0.0" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "table", + "name": "Table", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 19, + "panels": [], + "title": "Overwiew", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 22, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "first" + ], + "fields": "/^version$/", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "cs_info{instance=\"$instance\"}", + "format": "table", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Version", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + }, + "unit": "dateTimeAsIso" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 23, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "first" + ], + "fields": "/^Time$/", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "(process_start_time_seconds{instance=\"$instance\"})*1000", + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Up Since", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 4 + }, + "id": 24, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(cs_filesource_hits_total{instance=\"$instance\"}[$__range]) or vector(0)) + \nsum(increase(cs_cloudwatch_stream_hits_total{instance=\"$instance\"}[$__range]) or vector(0)) + \nsum(increase(cs_journalctlsource_hits_total{instance=\"$instance\"}[$__range]) or vector(0)) + \nsum(increase(cs_syslogsource_hits_total{instance=\"$instance\"}[$__range]) or vector(0)) +\nsum(increase(cs_dockersource_hits_total{instance=\"$instance\"}[$__range]) or vector(0))", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Raw Lines Read", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 4 + }, + "id": 25, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(cs_parser_hits_ok_total{instance=\"$instance\"} [$__range]))", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Parsed Lines", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 4 + }, + "id": 32, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(cs_node_wl_hits_ok_total{instance=\"$instance\"} [$__range]))", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Whitelisted Lines", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 4 + }, + "id": 29, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(cs_bucket_poured_total{instance=\"$instance\"} [$__range]))", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Lines Poured to Bucket", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 4 + }, + "id": 28, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(cs_bucket_overflowed_total{instance=\"$instance\"} [$__range]))", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Bucket Overflows", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 4 + }, + "id": 27, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(increase(cs_bucket_created_total{instance=\"$instance\"} [$__range]))", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Total Buckets Created", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 50 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 7 + }, + "id": 30, + "options": { + "displayMode": "lcd", + "maxVizHeight": 40, + "minVizHeight": 10, + "minVizWidth": 8, + "namePlacement": "top", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "manual", + "valueMode": "color" + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "topk(10, ceil(sum by (name) (increase(cs_bucket_overflowed_total{instance=\"$instance\"}[$__range]))))", + "format": "time_series", + "instant": true, + "legendFormat": "{{ name }}", + "range": false, + "refId": "A" + } + ], + "title": "Top 10 Scenarios", + "type": "bargauge" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 13, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "fieldMinMax": false, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Source" + }, + "properties": [ + { + "id": "custom.width", + "value": 300 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "type" + }, + "properties": [ + { + "id": "custom.width", + "value": 76 + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 27 + }, + "id": 1, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "frameIndex": 4, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Source" + } + ] + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (type, source) (increase(cs_parser_hits_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ source }}", + "range": false, + "refId": "read" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (source) (increase(cs_parser_hits_ok_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ source }}", + "range": false, + "refId": "parsed" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (source) (increase(cs_parser_hits_ko_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ source }}", + "range": false, + "refId": "unparsed" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (source) (increase(cs_bucket_poured_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ source }}", + "range": false, + "refId": "poured" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (source) (increase(cs_node_wl_hits_ok_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ source }}", + "range": false, + "refId": "whitelisted" + } + ], + "title": "Metrics", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Time 1": true, + "Time 2": true, + "Time 3": true, + "Time 4": true, + "Time 5": true + }, + "includeByName": {}, + "indexByName": { + "Time 1": 2, + "Time 2": 4, + "Time 3": 6, + "Time 4": 8, + "Time 5": 10, + "Value #parsed": 5, + "Value #poured": 9, + "Value #read": 3, + "Value #unparsed": 7, + "Value #whitelisted": 11, + "source": 1, + "type": 0 + }, + "renameByName": { + "Value #Lines Parsed": "Lines Parsed", + "Value #Lines Poured to Bucket": "Lines Poured to Bucket", + "Value #Lines Read": "Lines Read", + "Value #Lines Unparsed": "Lines Unparsed", + "Value #Lines Whitelisted": "Lines Whitelisted", + "Value #parsed": "Lines Parsed", + "Value #poured": "Lines Poured to Bucket", + "Value #read": "Lines Read", + "Value #unparsed": "Lines Unparsed", + "Value #whitelisted": "Lines Whitelisted", + "source": "Source", + "type": "Type" + } + } + } + ], + "type": "table" + } + ], + "title": "Acquisition", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 14, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [ + { + "options": { + "match": "null+nan", + "result": { + "index": 0, + "text": "-" + } + }, + "type": "special" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 24, + "x": 0, + "y": 36 + }, + "id": 3, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "frameIndex": 1, + "showHeader": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (appsec_engine) (increase(cs_appsec_reqs_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "instant": true, + "legendFormat": "{{ appsec_engine }}", + "range": false, + "refId": "processed" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (appsec_engine) (increase(cs_appsec_block_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ appsec_engine }}", + "range": false, + "refId": "blocked" + } + ], + "title": "AppSec Metrics", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Time 1": true, + "Time 2": true + }, + "includeByName": {}, + "indexByName": {}, + "renameByName": { + "Time 1": "", + "Time 2": "", + "Value": "Processed", + "Value #A": "Processed", + "Value #B": "Blocked", + "Value #blocked": "Blocked", + "Value #processed": "Processed", + "appsec_engine": "AppSec Enginge" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 4, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "showHeader": true + }, + "pluginVersion": "11.0.0", + "repeat": "appsec_engine", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (rule_name) (increase(cs_appsec_rule_hits{appsec_engine=\"$appsec_engine\", instance=\"$instance\"} [$__range]))", + "format": "table", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "AppSec '$appsec_engine' Rules Metrics", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "includeByName": {}, + "indexByName": {}, + "renameByName": { + "Value": "Triggered", + "rule_name": "Rule ID" + } + } + } + ], + "type": "table" + } + ], + "title": "AppSec", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 20 + }, + "id": 15, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 2, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "showHeader": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (reason) (cs_alerts{instance=\"$instance\"})", + "format": "table", + "instant": true, + "legendFormat": "{{ reason }}", + "range": false, + "refId": "A" + } + ], + "title": "Alerts", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "includeByName": {}, + "indexByName": {}, + "renameByName": { + "Time": "", + "Value": "Count", + "reason": "Reason" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Reason" + }, + "properties": [ + { + "id": "custom.width", + "value": 446 + } + ] + } + ] + }, + "gridPos": { + "h": 22, + "w": 24, + "x": 0, + "y": 44 + }, + "id": 5, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Count" + } + ] + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (reason, origin, action) (cs_active_decisions{instance=\"$instance\"})", + "format": "table", + "instant": true, + "legendFormat": "{{ reason }}", + "range": false, + "refId": "A" + } + ], + "title": "Decisions", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "includeByName": {}, + "indexByName": { + "Time": 0, + "Value": 4, + "action": 3, + "origin": 2, + "reason": 1 + }, + "renameByName": { + "Value": "Count", + "action": "Action", + "origin": "Origin", + "reason": "Reason" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 24, + "x": 0, + "y": 66 + }, + "id": 6, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "showHeader": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (route, method) (increase(cs_lapi_route_requests_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "instant": true, + "legendFormat": "{{ route }}", + "range": false, + "refId": "A" + } + ], + "title": "Metrics", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "includeByName": {}, + "indexByName": { + "Time": 0, + "Value": 3, + "method": 2, + "route": 1 + }, + "renameByName": { + "Time": "", + "Value": "Hits", + "method": "Method", + "route": "Route" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 78 + }, + "id": 7, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "showHeader": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (bouncer, route, method) (increase(cs_lapi_bouncer_requests_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "instant": true, + "legendFormat": "{{ route }}", + "range": false, + "refId": "A" + } + ], + "title": "Bouncers Metrics", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "includeByName": {}, + "indexByName": { + "Time": 0, + "Value": 4, + "bouncer": 1, + "method": 3, + "route": 2 + }, + "renameByName": { + "Time": "", + "Value": "Hits", + "bouncer": "Bouncer", + "method": "Method", + "route": "Route" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 84 + }, + "id": 8, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "frameIndex": 0, + "showHeader": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (bouncer) (increase(cs_lapi_decisions_ok_total [$__range]))", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "{{ bouncer }}", + "range": false, + "refId": "non-empty" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (bouncer) (increase(cs_lapi_decisions_ko_total [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ bouncer }}", + "range": false, + "refId": "empty" + } + ], + "title": "Bouncers Decisions", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Time 1": true, + "Time 2": true + }, + "includeByName": {}, + "indexByName": { + "Time 1": 1, + "Time 2": 2, + "Value #empty": 3, + "Value #non-empty": 4, + "bouncer": 0 + }, + "renameByName": { + "Time": "", + "Time 1": "", + "Value #empty": "Non-Empty Answers", + "Value #non-empty": "Empty Answers", + "bouncer": "Bouncer", + "bouncer 1": "Bouncer" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 90 + }, + "id": 9, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "frameIndex": 0, + "showHeader": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (machine, route, method) (increase(cs_lapi_machine_requests_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "{{ machine }}", + "range": false, + "refId": "non-empty" + } + ], + "title": "Machine Metrics", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Time 1": true, + "Time 2": true + }, + "includeByName": {}, + "indexByName": { + "Time": 0, + "Value": 4, + "machine": 1, + "method": 3, + "route": 2 + }, + "renameByName": { + "Time 1": "", + "Value": "Count", + "Value #empty": "Non-Empty Answers", + "Value #non-empty": "Empty Answers", + "bouncer 1": "Bouncer", + "machine": "Machine", + "method": "Method", + "route": "Route" + } + } + } + ], + "type": "table" + } + ], + "title": "Local API", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 16, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Parser" + }, + "properties": [ + { + "id": "custom.width", + "value": 446 + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 38 + }, + "id": 10, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "frameIndex": 1, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Hits" + } + ] + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name) (increase(cs_node_hits_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "__auto", + "range": false, + "refId": "hits" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name) (increase(cs_node_hits_ok_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "__auto", + "range": false, + "refId": "parsed" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name) (increase(cs_node_hits_ko_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "__auto", + "range": false, + "refId": "unparsed" + } + ], + "title": "Metrics", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Time 1": true, + "Time 2": true, + "Time 3": true + }, + "includeByName": {}, + "indexByName": {}, + "renameByName": { + "Value #hits": "Hits", + "Value #parsed": "Parsed", + "Value #unparsed": "Unparsed", + "name": "Parser" + } + } + } + ], + "type": "table" + } + ], + "title": "Parsers", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 22 + }, + "id": 17, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Parser" + }, + "properties": [ + { + "id": "custom.width", + "value": 446 + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 39 + }, + "id": 11, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "frameIndex": 1, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Overflows" + } + ] + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name) (cs_buckets{instance=\"$instance\"})", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ name }}", + "range": false, + "refId": "current" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name) (increase(cs_bucket_overflowed_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ name }}", + "range": false, + "refId": "overflow" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name) (increase(cs_bucket_underflowed_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ name }}", + "range": false, + "refId": "expired" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name) (increase(cs_bucket_created_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ name }}", + "range": false, + "refId": "created" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name) (increase(cs_bucket_poured_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ name }}", + "range": false, + "refId": "poured" + } + ], + "title": "Metrics", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Time 1": true, + "Time 2": true, + "Time 3": true, + "Time 4": true, + "Time 5": true + }, + "includeByName": {}, + "indexByName": { + "Time 1": 1, + "Time 2": 2, + "Time 3": 3, + "Time 4": 9, + "Time 5": 10, + "Value #created": 6, + "Value #current": 4, + "Value #expired": 8, + "Value #overflow": 5, + "Value #poured": 7, + "name": 0 + }, + "renameByName": { + "Value #created": "Instantiated", + "Value #current": "Current Count", + "Value #expired": "Expired", + "Value #hits": "Hits", + "Value #overflow": "Overflows", + "Value #parsed": "Parsed", + "Value #poured": "Poured", + "Value #unparsed": "Unparsed", + "name": "Parser" + } + } + } + ], + "type": "table" + } + ], + "title": "Scenarios", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 23 + }, + "id": 18, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Parser" + }, + "properties": [ + { + "id": "custom.width", + "value": 446 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 12, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "frameIndex": 1, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Expired" + } + ] + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name, reason) (increase(cs_node_wl_hits_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ name }}", + "range": false, + "refId": "hits" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by (name, reason) (increase(cs_node_wl_hits_ok_total{instance=\"$instance\"} [$__range]))", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "{{ name }}", + "range": false, + "refId": "whitelisted" + } + ], + "title": "Metrics", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Time 1": true, + "Time 2": true, + "Time 3": true, + "Time 4": true, + "Time 5": true, + "reason 2": true + }, + "includeByName": {}, + "indexByName": { + "Time 1": 1, + "Time 2": 2, + "Time 3": 3, + "Time 4": 9, + "Time 5": 10, + "Value #created": 6, + "Value #current": 4, + "Value #expired": 8, + "Value #overflow": 5, + "Value #poured": 7, + "name": 0 + }, + "renameByName": { + "Time": "", + "Time 2": "", + "Value #A": "Hits", + "Value #B": "Whitelisted", + "Value #created": "Instantiated", + "Value #current": "Current Count", + "Value #expired": "Expired", + "Value #hits": "Hits", + "Value #overflow": "Overflows", + "Value #parsed": "Parsed", + "Value #poured": "Poured", + "Value #unparsed": "Unparsed", + "name": "Whitelist", + "reason": "Reason", + "reason 1": "Reason", + "reason 2": "" + } + } + } + ], + "type": "table" + } + ], + "title": "Whitelists", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 31, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 100, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 25 + }, + "id": 20, + "maxDataPoints": 500, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "rate(process_cpu_seconds_total{instance=\"$instance\"}[$__interval])*100", + "instant": false, + "legendFormat": "{{ instance }}", + "range": true, + "refId": "A" + } + ], + "title": "CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 100, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 25 + }, + "id": 21, + "maxDataPoints": 500, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "process_resident_memory_bytes{instance=\"$instance\"}", + "instant": false, + "legendFormat": "{{ instance }}", + "range": true, + "refId": "A" + } + ], + "title": "Memory Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 50, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Whitelisted" + }, + "properties": [ + { + "id": "custom.stacking", + "value": { + "group": "A", + "mode": "none" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Poured" + }, + "properties": [ + { + "id": "custom.stacking", + "value": { + "group": "A", + "mode": "none" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 33 + }, + "id": 33, + "options": { + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(rate(cs_filesource_hits_total{instance=\"$instance\"}[$__interval]) or vector(0)) + \nsum(rate(cs_cloudwatch_stream_hits_total{instance=\"$instance\"}[$__interval]) or vector(0)) + \nsum(rate(cs_journalctlsource_hits_total{instance=\"$instance\"}[$__interval]) or vector(0)) + \nsum(rate(cs_syslogsource_hits_total{instance=\"$instance\"}[$__interval]) or vector(0)) +\nsum(rate(cs_dockersource_hits_total{instance=\"$instance\"}[$__interval]) or vector(0))", + "hide": true, + "instant": false, + "legendFormat": "Raw Lines", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(cs_parser_hits_ok_total{instance=\"$instance\"} [$__interval]))", + "hide": false, + "instant": false, + "legendFormat": "Parsed", + "range": true, + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(cs_parser_hits_ko_total{instance=\"$instance\"} [$__interval]))", + "hide": false, + "instant": false, + "legendFormat": "Unparsed", + "range": true, + "refId": "C" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(cs_node_wl_hits_ok_total{instance=\"$instance\"} [$__interval]))", + "hide": false, + "instant": false, + "legendFormat": "Whitelisted", + "range": true, + "refId": "D" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(cs_bucket_poured_total{instance=\"$instance\"} [$__interval]))", + "hide": false, + "instant": false, + "legendFormat": "Poured", + "range": true, + "refId": "E" + } + ], + "title": "Lines Processed", + "type": "timeseries" + } + ], + "title": "System", + "type": "row" + } + ], + "schemaVersion": 39, + "tags": [], + "templating": { + "list": [ + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(cs_appsec_reqs_total,appsec_engine)", + "hide": 2, + "includeAll": false, + "multi": false, + "name": "appsec_engine", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(cs_appsec_reqs_total,appsec_engine)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(cs_info,instance)", + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(cs_info,instance)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": {}, + "timezone": "browser", + "title": "Crowdsec Metrics", + "uid": "edq8mqssw2jnkd", + "version": 64, + "weekStart": "", + "gnetId": 21419, + "description": "Shows the 'cscli metrics' and additional stats to Crowdsec in Grafana" +} \ No newline at end of file diff --git a/terraform/assets/crowdsec-ingress-nginx.yaml b/terraform/assets/crowdsec-ingress-nginx.yaml new file mode 100644 index 0000000..9042d39 --- /dev/null +++ b/terraform/assets/crowdsec-ingress-nginx.yaml @@ -0,0 +1,29 @@ +controller: + extraVolumes: + - name: crowdsec-bouncer-plugin + emptyDir: {} + extraInitContainers: + - name: init-clone-crowdsec-bouncer + image: crowdsecurity/lua-bouncer-plugin + imagePullPolicy: IfNotPresent + env: + - name: API_URL + value: "http://crowdsec-service.crowdsec.svc.cluster.local:8080" + - name: API_KEY + valueFrom: + secretKeyRef: + name: crowdsec-bouncer-key + key: BOUNCER_KEY_nginx + - name: BOUNCER_CONFIG + value: "/crowdsec/crowdsec-bouncer.conf" + command: ['sh', '-c', "sh /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"] + volumeMounts: + - name: crowdsec-bouncer-plugin + mountPath: /lua_plugins + extraVolumeMounts: + - name: crowdsec-bouncer-plugin + mountPath: /etc/nginx/lua/plugins/crowdsec + subPath: crowdsec + config: + plugins: "crowdsec" + lua-shared-dicts: "crowdsec_cache: 50m" \ No newline at end of file diff --git a/terraform/values/crowdsec.yaml b/terraform/assets/crowdsec-values.yaml similarity index 63% rename from terraform/values/crowdsec.yaml rename to terraform/assets/crowdsec-values.yaml index d2522eb..b39451c 100644 --- a/terraform/values/crowdsec.yaml +++ b/terraform/assets/crowdsec-values.yaml @@ -19,6 +19,22 @@ lapi: serviceMonitor: enabled: true namespace: monitoring + + env: + - name: ENROLL_KEY + valueFrom: + secretKeyRef: + name: crowdsec-enroll-key + key: ENROLL_KEY + - name: ENROLL_INSTANCE_NAME + value: "aqemia-adaml-eks-cluster" + - name: ENROLL_TAGS + value: "aqemia adaml eks cluster k8s" + - name: BOUNCER_KEY_nginx + valueFrom: + secretKeyRef: + name: crowdsec-bouncer-key + key: BOUNCER_KEY_nginx agent: acquisition: diff --git a/terraform/ingress.tf b/terraform/ingress.tf index 04d91f7..8d00ac2 100644 --- a/terraform/ingress.tf +++ b/terraform/ingress.tf @@ -16,12 +16,19 @@ resource "helm_release" "nginx-ingress-controller" { name = "controller.defaultTLS.secret" value = "default/tls-cert" } + + values = [ + file("./assets/crowdsec-ingress-nginx.yaml") + ] + + depends_on = [helm_release.crowdsec] + } data "kubernetes_service" "nginx_ingress" { metadata { - name = "nginx-ingress-controller" - namespace = "default" + name = "nginx-ingress-controller" + namespace = "default" } } @@ -121,44 +128,67 @@ resource "kubernetes_ingress_v1" "prod-ingress" { depends_on = [helm_release.nginx-ingress-controller, kubernetes_namespace.prod] } -resource "kubernetes_ingress_v1" "monitoring-ingress" { +resource "kubernetes_ingress_v1" "falco-ingress" { metadata { - name = "monitoring-ingress" - namespace = "monitoring" + name = "falco-ingress" + namespace = "falco" } - spec { ingress_class_name = "tailscale" tls { - hosts = ["${var.project_name}"] + hosts = ["falco"] } rule { - host = var.project_name + host = "falco" http { path { - path = "/grafana/" + path = "/" path_type = "Prefix" backend{ service { - name = "prometheus-operator-grafana" + name = "falco-falcosidekick-ui" port { - number = 80 + number = 2802 } } } } + } + } + } + depends_on = [helm_release.tailscale_operator, helm_release.falco] +} + +resource "kubernetes_ingress_v1" "monitoring-ingress" { + metadata { + name = "monitoring-ingress" + namespace = "monitoring" + } + + + spec { + ingress_class_name = "tailscale" + + tls { + hosts = ["grafana"] + } + + rule { + host = "grafana" + + http { path { - path = "/falco/" + path = "/" path_type = "Prefix" backend{ service { - name = "falco-falcosidekick-ui" + name = "prometheus-operator-grafana" port { - number = 2802 + number = 80 } } } @@ -166,5 +196,5 @@ resource "kubernetes_ingress_v1" "monitoring-ingress" { } } } - depends_on = [helm_release.tailscale_operator, helm_release.prometheus_operator, helm_release.falco] + depends_on = [helm_release.tailscale_operator, helm_release.prometheus_operator] } diff --git a/terraform/monitoring.tf b/terraform/monitoring.tf index 95eadcb..a2aae0d 100644 --- a/terraform/monitoring.tf +++ b/terraform/monitoring.tf @@ -22,6 +22,15 @@ resource "helm_release" "loki" { } } +resource "helm_release" "tempo" { + name = "tempo" + repository = "https://grafana.github.io/helm-charts" + chart = "tempo" + namespace = "monitoring" + create_namespace = true + version = "1.14.0" +} + resource "helm_release" "prometheus_operator" { name = "prometheus-operator" repository = "https://prometheus-community.github.io/helm-charts" @@ -38,14 +47,23 @@ resource "helm_release" "prometheus_operator" { } "grafana.ini" = { server = { - root_url = "https://${var.project_name}.${var.tailnet}/grafana/" - domain = "${var.project_name}.${var.tailnet}" + root_url = "https://grafana.${var.tailnet}/" + domain = "grafana.${var.tailnet}" serve_from_sub_path = true cookie_samesite = "none" cookie_secure = true } } adminPassword = var.GRAFANA_ADMIN_PASSWORD + additionalDataSources = [ + { + name = "Prometheus" + type = "prometheus" + access = "proxy" + url = "http://prometheus-operated:9090" + isDefault = true + } + ] } })] @@ -55,3 +73,16 @@ resource "helm_release" "prometheus_operator" { } } +resource "kubernetes_config_map" "grafana_dashboards" { + metadata { + name = "grafana-dashboards" + namespace = "monitoring" + labels = { + grafana_dashboard = "1" + } + } + data = { + "21419.json" = file("./assets/21419.json") + } + depends_on = [helm_release.prometheus_operator] +} \ No newline at end of file diff --git a/terraform/security.tf b/terraform/security.tf index 623da38..be40541 100644 --- a/terraform/security.tf +++ b/terraform/security.tf @@ -2,7 +2,7 @@ resource "helm_release" "falco" { name = "falco" repository = "https://falcosecurity.github.io/charts" chart = "falco" - namespace = "monitoring" + namespace = "falco" create_namespace = true version = "4.14.1" @@ -47,6 +47,40 @@ resource "helm_release" "falco" { } +resource "kubernetes_namespace" "crowdsec" { + metadata { + name = "crowdsec" + } +} + +resource "random_password" "crowdsec_bouncer_key_value" { + length = 32 + special = true + override_special = "!@#$%&*()-_=+[]{}<>:?" +} + +resource "kubernetes_secret" "crowdsec_bouncer_key" { + metadata { + name = "crowdsec-bouncer-key" + namespace = "crowdsec" + } + data = { + BOUNCER_KEY_nginx = base64encode(random_password.crowdsec_bouncer_key_value.result) + } + depends_on = [random_password.crowdsec_bouncer_key_value, kubernetes_namespace.crowdsec] +} + +resource "kubernetes_secret" "crowdsec-enroll-key" { + metadata { + name = "crowdsec-enroll-key" + namespace = "crowdsec" + } + date = { + ENROLL_KEY = base64encode(var.CROWDSEC_ENROLL_KEY) + } + depends_on = [kubernetes_namespace.crowdsec] +} + resource "helm_release" "crowdsec" { name = "crowdsec" repository = "https://crowdsecurity.github.io/helm-charts" @@ -56,6 +90,8 @@ resource "helm_release" "crowdsec" { version = "0.13.0" values = [ - file("./values/crowdsec.yaml") + file("./assets/crowdsec-values.yaml") ] + + depends_on = [kubernetes_secret.crowdsec_bouncer_key, kubernetes_namespace.crowdsec, kubernetes_secret.crowdsec-enroll-key] } \ No newline at end of file diff --git a/terraform/tailscale.tf b/terraform/tailscale.tf index 3cf980d..1fb85fd 100644 --- a/terraform/tailscale.tf +++ b/terraform/tailscale.tf @@ -17,6 +17,6 @@ resource "helm_release" "tailscale_operator" { set { name = "operatorConfig.hostname" - value = var.project_name + value = "${var.project_name}-operator" } } \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index bb93647..30b8e74 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -6,6 +6,7 @@ variable "CLOUDFLARE_API_TOKEN" { type= string } variable "SLACK_WEBHOOK" { type= string } variable "TAILSCALE_CLIENT_ID" { type= string } variable "TAILSCALE_CLIENT_SECRET" { type= string } +variable "CROWDSEC_ENROLL_KEY" { type= string } variable "project_name" { description = "Name of the project"