@@ -3,6 +3,7 @@ package ux
33import (
44 "fmt"
55 "os"
6+ "path/filepath"
67
78 "github.com/rs/zerolog/log"
89)
@@ -11,51 +12,27 @@ var (
1112 JobTemplate = `# ---------------------------------------------------------------------------
1213# preq cronjob template
1314#
14- # PRE-RUN Create/refresh the ConfigMap that the CronJob expects:
15+ # Step 1. Create/refresh the ConfigMap that the CronJob expects:
1516#
16- # Option 1: Use default latest rules with a Slack notification webhook
17- #
1817# kubectl create configmap preq-conf \
1918# --from-file=config.yaml=%s/config.yaml \
2019# --from-file=.ruletoken=%s/.ruletoken \
2120# --from-file=%s=%s/%s \
2221# --dry-run=client -o yaml | kubectl apply -f -
2322#
2423# The --dry-run/apply pattern lets you update the ConfigMap idempotently.
25- #
26- # These configuration files are automatically created by preq the first time it is executed locally by the kubectl client.
27- #
28- # NOTE: This template assumes the config.yaml file is configured to use a Slack notification webhook. Visit
29- # https://docs.prequel.dev/configuration to learn how to modify the configuration file to add a notification webhook (e.g. Slack).
30- #
31- # notification:
32- # type: slack
33- # webhook: https://hooks.slack.com/services/.....
34- #
35- # Option 2: Use custom rules with a Slack notification webhook
3624#
37- # To add custom rules to this job, update the config.yaml file to add the path to your custom rules file where it will be mounted
38- # in the cronjob filesystem.
25+ # Step 2. Install the job
3926#
40- # rules:
41- # paths:
42- # - /.preq/custom-rules.yaml
43- #
44- # Then create the configmap with the following command:
45- #
46- # kubectl create configmap preq-conf \
47- # --from-file=config.yaml=%s/config.yaml \
48- # --from-file=.ruletoken=%s/.ruletoken \
49- # --from-file=%s=%s/%s \
50- # --from-file=custom-rules.yaml=/local/path/to/custom-rules.yaml \
51- # --dry-run=client -o yaml | kubectl apply -f -
27+ # kubectl apply -f cronjob.yaml
5228#
5329# IMPORTANT:
5430#
55- # 1. Uncomment the command in the job below to add a POD to monitor. Use labels to select the POD for a service.
31+ # 1. Uncomment the command in the job below to add a deployment, pod, job, or service to monitor. Use labels to select the POD for a service.
5632# 2. Update the schedule to run at the frequency you want. This runs every 10 minutes by default.
57- # 3. Change the -o "preq-cronjob-<POD>: " output prefix to the name of the cronjob or how you want to identify these notifications in Slack.
33+ # 3. Change the actions.yaml to run an executable or create a JIRA ticket instead of sending a Slack notification .
5834#
35+ # Visit https://docs.prequel.dev for more information.
5936# ---------------------------------------------------------------------------
6037apiVersion: v1
6138kind: ServiceAccount
@@ -68,7 +45,7 @@ metadata:
6845 name: preq
6946rules:
7047 - apiGroups: ['']
71- resources: ['pods', 'pods/log']
48+ resources: ['services', 'jobs', 'depoyments', ' pods', 'pods/log']
7249 verbs: ['get', 'list', 'watch']
7350---
7451apiVersion: rbac.authorization.k8s.io/v1
@@ -109,27 +86,49 @@ spec:
10986 #
11087 # * If you want to monitor a pod using labels to select the POD for a service, use the following commands:
11188 # POD=$(kubectl -n default get pods -l app.kubernetes.io/instance=<LABEL> -o jsonpath='{.items[0].metadata.name}')
112- # kubectl preq "$POD" -y -o "preq-cronjob-<POD>: "
89+ # kubectl preq "$POD" -y
11390 #
11491 # * If you want to monitor pods in a deployment, use the following command:
115- # kubectl preq deployment/<DEPLOYMENT> -y -o "preq-cronjob-<DEPLOYMENT>: "
92+ # kubectl preq deployment/<DEPLOYMENT> -y
11693 #
11794 # * If you want to monitor pods in a job, use the following command:
118- # kubectl preq job/<JOB> -y -o "preq-cronjob-<JOB>: "
95+ # kubectl preq job/<JOB> -y
11996 #
12097 # * If you want to monitor pods in a service, use the following command:
121- # kubectl preq service/<SERVICE> -y -o "preq-cronjob-<SERVICE>: "
98+ # kubectl preq service/<SERVICE> -y
12299
123100 volumeMounts:
124101 - name: preq-conf
125- mountPath: /.preq
102+ mountPath: /.config/preq
103+ readOnly: true
104+ - name: actions-config
105+ mountPath: /.config/preq/actions.yaml
126106 readOnly: true
127107 restartPolicy: Never
128108 volumes:
129109 - name: preq-conf
130110 configMap:
131111 name: preq-conf
112+ - name: actions-config
113+ configMap:
114+ name: actions-config
132115 serviceAccountName: preq
116+ ---
117+ apiVersion: v1
118+ kind: ConfigMap
119+ metadata:
120+ name: actions-config
121+ data:
122+ actions.yaml: |-
123+ actions:
124+ - type: slack
125+ regex: "CRE*"
126+ slack:
127+ webhook_url: <SLACK_WEBHOOK_URL>
128+ message_template: |
129+ *preq detection*: [{{ field .cre "Id" }}] {{ field .cre "Title" }}
130+
131+ {{ (index .hits 0).Timestamp }}: {{ (index .hits 0).Entry }}
133132`
134133 ConfigMapStdoutTemplate = `
135134kubectl create configmap preq-conf \
@@ -139,16 +138,19 @@ kubectl create configmap preq-conf \
139138`
140139)
141140
142- func PrintCronJobTemplate (output , configDir , rulesFile string ) error {
141+ func PrintCronJobTemplate (output , configDir , rulesPath string ) error {
142+
143+ rulesFile := filepath .Base (rulesPath )
144+
143145 if output == OutputStdout {
144- fmt .Fprintf (os .Stdout , JobTemplate , configDir , configDir , rulesFile , configDir , rulesFile , configDir , configDir , rulesFile , configDir , rulesFile )
146+ fmt .Fprintf (os .Stdout , JobTemplate , configDir , configDir , rulesFile , configDir , rulesFile )
145147 } else {
146148
147149 if output == "" {
148150 output = "cronjob.yaml"
149151 }
150152
151- job := fmt .Sprintf (JobTemplate , configDir , configDir , rulesFile , configDir , rulesFile , configDir , configDir , rulesFile , configDir , rulesFile )
153+ job := fmt .Sprintf (JobTemplate , configDir , configDir , rulesFile , configDir , rulesFile )
152154 err := os .WriteFile (output , []byte (job ), 0644 )
153155 if err != nil {
154156 log .Error ().Err (err ).Msg ("Failed to write cronjob template" )
0 commit comments