feat(flux): add Flux Alerts

Author: JJGadgets

Diff for: kube/deploy/apps/collabora/ns.yaml renamed to kube/deploy/apps/collabora/app/ns.yaml

@@ -4,3 +4,13 @@ kind: Kustomization
 resources:
   - ns.yaml
   - ks.yaml
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: not-used
+      namespace: collabora
+    unsetOnly: true
+components:
+  - ../../core/flux-system/alerts/template/

Diff for: kube/deploy/apps/collabora/kustomization.yaml

@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/notification.toolkit.fluxcd.io/alert_v1beta3.json
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: github
+spec:
+  providerRef:
+    name: github
+  eventSeverity: error
+  eventSources:
+    - kind: Kustomization
+      name: "*"
+  exclusionList:
+    - "error.*lookup github\\.com"
+    - "error.*lookup raw\\.githubusercontent\\.com"
+    - "dial.*tcp.*timeout"
+    - "waiting.*socket"
+  suspend: false

Diff for: kube/deploy/core/flux-system/alerts/github/alert.yaml

@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name flux-system-github
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: 1p
+  dataFrom:
+    - extract:
+        key: "Flux Alerts - ${CLUSTER_NAME}"
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: *name
+    template:
+      type: Opaque
+      data:
+        token: '{{ .SECRET_FLUX_ALERTS_GITHUB }}'

Diff for: kube/deploy/core/flux-system/alerts/github/es.yaml

@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/notification.toolkit.fluxcd.io/provider_v1beta3.json
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: github
+spec:
+  type: github
+  address: https://github.com/JJGadgets/Biohazard
+  secretRef:
+    name: flux-system-github

Diff for: kube/deploy/core/flux-system/alerts/github/provider.yaml

@@ -0,0 +1,54 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/notification.toolkit.fluxcd.io/alert_v1beta3.json
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: alertmanager
+spec:
+  providerRef:
+    name: alertmanager
+  eventSeverity: error
+  eventSources:
+    - kind: GitRepository
+      name: "*"
+    - kind: HelmRelease
+      name: "*"
+    - kind: HelmRepository
+      name: "*"
+    - kind: Kustomization
+      name: "*"
+    - kind: OCIRepository
+      name: "*"
+  exclusionList:
+    - "error.*lookup github\\.com"
+    - "error.*lookup raw\\.githubusercontent\\.com"
+    - "dial.*tcp.*timeout"
+    - "waiting.*socket"
+  suspend: false
+---
+# yaml-language-server: $schema=https://crds.jank.ing/notification.toolkit.fluxcd.io/alert_v1beta3.json
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: discord
+spec:
+  providerRef:
+    name: discord
+  eventSeverity: info
+  eventSources:
+    - kind: GitRepository
+      name: "*"
+    - kind: HelmRelease
+      name: "*"
+    - kind: HelmRepository
+      name: "*"
+    - kind: Kustomization
+      name: "*"
+    - kind: OCIRepository
+      name: "*"
+  exclusionList:
+    - "error.*lookup github\\.com"
+    - "error.*lookup raw\\.githubusercontent\\.com"
+    - "dial.*tcp.*timeout"
+    - "waiting.*socket"
+  suspend: false

Diff for: kube/deploy/core/flux-system/alerts/template/alert.yaml

@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name flux-system-discord
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: 1p
+  dataFrom:
+    - extract:
+        key: "Flux Alerts - ${CLUSTER_NAME}"
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: *name
+    template:
+      type: Opaque
+      data:
+        address: '{{ .SECRET_FLUX_ALERTS_DISCORD }}'

Diff for: kube/deploy/core/flux-system/alerts/template/es.yaml

@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - ./es.yaml
+  - ./provider.yaml
+  - ./alert.yaml

Diff for: kube/deploy/core/flux-system/alerts/template/kustomization.yaml

@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/notification.toolkit.fluxcd.io/provider_v1beta3.json
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: discord
+spec:
+  type: discord
+  secretRef:
+    name: flux-system-discord
+---
+# yaml-language-server: $schema=https://crds.jank.ing/notification.toolkit.fluxcd.io/provider_v1beta3.json
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: alertmanager
+spec:
+  type: alertmanager
+  address: http://alertmanager-local.monitoring.svc.cluster.local:9093/api/v2/alerts/

Diff for: kube/deploy/core/flux-system/alerts/template/provider.yaml

@@ -20,4 +20,26 @@ spec:
   path: ./kube/deploy/core/flux-system/misc
   dependsOn:
     - name: 1-core-kyverno-crds
-    - name: 1-core-kyverno-app
+    - name: 1-core-kyverno-app
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: zzz-flux-alerts-github
+  namespace: flux-system
+spec:
+  path: ./kube/deploy/core/flux-system/alerts/github
+  targetNamespace: flux-system
+  dependsOn:
+    - name: 1-core-secrets-es-1p
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: zzz-flux-alerts
+  namespace: flux-system
+spec:
+  path: ./kube/deploy/core/flux-system/alerts/template
+  targetNamespace: flux-system
+  dependsOn:
+    - name: 1-core-secrets-es-1p