argoproj-labs / argo-kube-notifier Goto Github PK
View Code? Open in Web Editor NEWArgo Kube Notifier controller monitors Kubernetes resources
Argo Kube Notifier controller monitors Kubernetes resources
Is your feature request related to a problem? Please describe.
As a new user, I am generally more comfortable pulling from an official docker repo than from an individual's repo. If the image were hosted by argoproj, it'd appear safer. Don't know how hard this would be for someone in the argo group.
Describe the solution you'd like
argo-kube-notifier docker image hosted by argoproj
Additional context
This could be a good thing to change at the same time as CR #11
Currently hosted @ https://hub.docker.com/r/sarabala1979/argo-kube-notifier
Changes needed in these locations:
Describe the bug
When a notification is deleted it's not reflected in "kube-notifier-controller" - resulting in notifications being send after deletion.
To Reproduce
Create notification. E.g
kubectl apply -f hello-notifier.yaml -n hello-app
.. trigger notification condition to check a notification is send.
Delete notification:
kubectl delete notifications.argoproj.io hello-notifier -n hello-app
Trigger notification condition again, resulting in notification is being send again, even if it's been deleted.
Expected behavior
When a given notification is deleted, kube-notifier-controller should not send any notifications of given kind.
Additional context
In order to update "kube-notifier-controller" with latest changes (notification deletion), i had to restart controller manually (by deleting pod)
The Argo maintainers recently agreed to require all Argoproj Labs project repositories to contain a SECURITY.md
file which documents:
This will help direct vulnerability reporting to the right parties which can fix the issue.
You are free to use the following as examples/templates:
Also, please note that in the future we are exploring a requirement that argoproj-labs projects perform a CII self-assessment to better inform its users about which security best practices are being followed.
Is your feature request related to a problem? Please describe.
I'm trying to build the current Dockerfile and it is failing. Without time to debug this I'm forced to use the current image which was pushed July 2019 and is many commits behind master.
Describe the solution you'd like
Update Dockerfile so it builds.
Describe alternatives you've considered
Figure it out myself.
Additional context
Note that the latest CI build failed (commit 87513f3).
Cloning this repo and running in root:
->docker build .
Sending build context to Docker daemon 63.37MB
Step 1/12 : FROM golang:1.10.3 as builder
---> d0e7a411e3da
Step 2/12 : WORKDIR /go/src/github.com/argoproj-labs/argo-kube-notifier
---> Using cache
---> 4f4f1fc132d9
Step 3/12 : COPY pkg/ pkg/
---> Using cache
---> 3c0fba13f106
Step 4/12 : COPY cmd/ cmd/
---> Using cache
---> a7ca518c0b2a
Step 5/12 : COPY vendor/ vendor/
COPY failed: stat /var/snap/docker/common/var-lib-docker/tmp/docker-builder190568069/vendor: no such file or directory
Describe the bug
I got the following error log from the controller when I created a notification resource.
{"level":"info","ts":1566366594.654175,"logger":"entrypoint","msg":"setting up client for manager"}
{"level":"info","ts":1566366594.6545167,"logger":"entrypoint","msg":"setting up manager"}
{"level":"info","ts":1566366594.949193,"logger":"entrypoint","msg":"Registering Components."}
{"level":"info","ts":1566366594.9494047,"logger":"entrypoint","msg":"setting up scheme"}
{"level":"info","ts":1566366594.949644,"logger":"entrypoint","msg":"Setting up controller"}
{"level":"info","ts":1566366594.9497604,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"notification-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566366594.9498649,"logger":"entrypoint","msg":"setting up webhooks"}
{"level":"info","ts":1566366594.9499733,"logger":"entrypoint","msg":"Starting the Cmd."}
{"level":"info","ts":1566366595.0514185,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"notification-controller"}
{"level":"info","ts":1566366595.151721,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"notification-controller","worker count":1}
1059609
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0xfced74]
goroutine 178 [running]:
github.com/argoproj-labs/argo-kube-notifier/notification/controller.(*Watcher).runWatch(0xc42001ac80)
/go/src/github.com/argoproj-labs/argo-kube-notifier/notification/controller/Watcher.go:68 +0x34
github.com/argoproj-labs/argo-kube-notifier/notification/controller.(*Watcher).watch(0xc42001ac80)
/go/src/github.com/argoproj-labs/argo-kube-notifier/notification/controller/Watcher.go:38 +0x45
created by github.com/argoproj-labs/argo-kube-notifier/notification/controller.(*NewNotificationController).RegisterNotification
/go/src/github.com/argoproj-labs/argo-kube-notifier/notification/controller/controller.go:85 +0x5b9
I installed the revision of 47c5a859d0f3a72fe938138a357c879521aa474d
.
To Reproduce
I tried the following manifest. I masked sensitive data.
apiVersion: argoproj.io/v1alpha1
kind: Notification
metadata:
name: notification-test
spec:
monitorResource:
Group: argoproj.io
Resource: workflows
Version: alphav1
namespace: default
notifiers:
- name: slack
slack:
tokenSecret:
name: my-slack-secret
key: token
hookUrlSecret:
name: my-slack-secret
key: hookURL
channel: ***
rules:
- name: wf
anyconditions:
- jsonpath: "status/phase"
operator: "eq"
value: "Failed"
- jsonpath: "status/phase"
operator: "eq"
value: "Error"
events:
- message: "Workflow ={{.metadata.name}} Failed."
notificationLevel: critical
notifierNames:
- slack
initialDelaySec: 10
throttleMintues: 1
---
apiVersion: v1
kind: Secret
metadata:
name: my-slack-secret
namespace: default
type: Opaque
data:
hookURL: ***
token: ***
Expected behavior
It should not fail with the segfault.
Screenshots
N/A
Desktop (please complete the following information):
N/A
Smartphone (please complete the following information):
N/A
Additional context
N/A
Is your feature request related to a problem? Please describe.
I updated the slack URL after I tried several notifications with my old incoming webhook URL, but the operator didn't take new one until I delete the pod and let it restarted.
Describe the solution you'd like
We're caching the client once it gets created.
We need a mechanism to sync secrets and recreate slack clients.
Describe alternatives you've considered
Just delete the operator pod when a secret gets updated although it doesn't scale at all.
Additional context
N/A
Describe the bug
Notification controller checks ressources in all namespaces - and not only the namespace where notification is applied.
To Reproduce
kubectl apply -f example/foo-notifier.yaml -n foo
apiVersion: argoproj.io/v1alpha1
kind: Notification
metadata:
name: "foo-notifier"
namespace: foo
spec:
Namespace: foo
monitorResource:
Resource: pods
Version: v1
rules:
- allConditions:
- jsonPath: metadata/name
operator: ne
value: badName
events:
-
message: |
Test notification from namespace: {{ .metadata.namespace }}
notificationLevel: info
notifierNames:
- slack
name: "test-notification"
initialDelaySec: 1
throttleMinutes: 10
notifiers:
- name: slack
slack:
channel: placeholder
hookUrlSecret:
key: hookURL
name: webhook-server-secret
If initialDelaySec > 0 - a warning in kube-notifier-controller-0 is logged and no message is send
kubectl logs -f kube-notifier-controller-0
time="2020-05-18T07:19:47Z" level=warning msg="Error occured getting resource. pods \"bar-sjshv\" not found"
If initialDelaySec = 0 - the notification is send :
"Test notification from namespace: bar"
Expected behavior
The controller would only watch ressources in the namespace where notification is applied. In the above example, ressources in namespace foo, but not bar
Describe the bug
/etc/ssl/cert folder mounted from host on AWS EKS
actual error: "x509: failed to load system roots and no roots provided
To Reproduce
Steps to reproduce the behavior:
Expected behavior
/etc/ssl/certs from any host should work, removing the hostmount for /etc/ssl/certs and apt installing ca-certificates allows for a successful CURL to test the webhook integration.
Currently, Argo-Kube-notifier supports only slack and mail notifications. As part of the future release, we would like to see MS teams integration also included in the solution
Describe the bug
The "throttleMinutes" parameter does not seem to have any effect. A notification is send every time condition is met (once every minute or so), even though throttleMinutes is set to e.g 10 minutes.
To Reproduce
Steps to reproduce the behavior:
Apply notification where condition will always be true, with throttleMinutes: 10 - Example:
apiVersion: argoproj.io/v1alpha1
kind: Notification
metadata:
name: "dummy-notification"
namespace: placeholder
spec:
Namespace: placeholder
monitorResource:
Resource: pods
Version: v1
rules:
- allConditions:
- jsonPath: metadata/name
operator: ne
value: badName
events:
-
message: |
Dummy notification
notificationLevel: info
notifierNames:
- slack
name: "dummy-notification"
initialDelaySec: 1
throttleMinutes: 10
notifiers:
- name: slack
slack:
channel: placeholder
hookUrlSecret:
key: hookURL
name: webhook-server-secret
Expected behavior
When condition is met, notification should be send once after 1 sec (initialDelaySec: 1), but only if no simular notification is send within last 10 min (throttleMinutes)
Screenshots
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Describe the bug
No alerts triggered when restartCount > 0.
To Reproduce
apiVersion: argoproj.io/v1alpha1
kind: Notification
metadata:
name: "dummy-notification"
namespace: dev
spec:
Namespace: dev
monitorResource:
Resource: pods
Version: v1
rules:
- allConditions:
- jsonPath: status/containerStatuses[0]/restartCount
operator: gt
value: "0"
events:
- message: "Condition Triggered : Pod ={{.metadata.name}} is being tested"
emailSubject: "[ALERT] Argo Notification Condition Triggered {{.metadata.name}}"
notificationLevel: info
notifierNames:
- slack
name: "dummy-notification"
initialDelaySec: 1
throttleMinutes: 1
notifiers:
- name: slack
slack:
channel: alerts
hookUrlSecret:
key: hookURL
name: my-slack-secret
Expected behavior
I expect a notification everytime a pod has had a restart greater than 0.
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Is your feature request related to a problem? Please describe.
As a new user, I was discouraged from using argo-kube-notifier when I discovered that the latest docker image is many months old.
Describe the solution you'd like
Continuously Deploy most recent commit to master to DockerHub
Describe alternatives you've considered
Making sure all merges into master can be built with a simple docker build .
command with a checksuite would mitigate the impact of discovering the image is old.
Additional Context
PR #10 is the result of trying to get it to build.
Describe the bug
Fails to start the pod due to image pull error
Failed to pull image "sarabala1979/argocd-kube-notifier:latest": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/sarabala1979/argocd-kube-notifier:latest": failed to resolve reference "docker.io/sarabala1979/argocd-kube-notifier:latest": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.