Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added ability to specify rules directory #816

Merged
merged 9 commits into from
Apr 19, 2022
Merged

Added ability to specify rules directory #816

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
49e8803
Added rules directory
sbezpalko-ecovadis Apr 19, 2022
a38d977
Bumped version
sbezpalko-ecovadis Apr 19, 2022
d8b1fbe
Set default value
sbezpalko-ecovadis Apr 19, 2022
127072e
Adjusted deployment
sbezpalko-ecovadis Apr 19, 2022
1a6f67f
Updated changelog
sbezpalko-ecovadis Apr 19, 2022
9c916ae
Merge branch 'master' of https://github.com/jertel/elastalert2
sbezpalko-ecovadis Apr 19, 2022
b064a5b
Adjusted comments
sbezpalko-ecovadis Apr 19, 2022
7888fc6
applying comments
sbezpalko-ecovadis Apr 19, 2022
b871a4e
Added readme
sbezpalko-ecovadis Apr 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
- Upgrade pylint 2.13.4 to 2.13.5 - [#808](https://github.com/jertel/elastalert2/pull/808) - @nsano-rururu
- Update documentation on Cloud ID support - [#810](https://github.com/jertel/elastalert2/pull/810) - @ferozsalam
- Upgrade tox 3.24.5 to 3.25.0 - [#813](https://github.com/jertel/elastalert2/pull/813) - @nsano-rururu
- [Kubernetes] Add support to specify rules directory - [#816](https://github.com/jertel/elastalert2/pull/816) @SBe

# 2.4.0

Expand Down
1 change: 1 addition & 0 deletions chart/elastalert2/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ The command removes all the Kubernetes components associated with the chart and
| `command` | command override for container | `NULL` |
| `args` | args override for container | `NULL` |
| `replicaCount` | number of replicas to run | 1 |
| `rulesFolder` | Locaton of rules directory. Usefull when you have one docker image and different set on rules per environemnt. For example development can reside in `/opt/elastalert/develop` and production in `/opt/elastalert/production`. | /opt/elastalert/rules |
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you help me understand this a bit better, in case others ask about it in the future? Typically when I am deploying a different set of rules to alternate environments my override yaml file defines the rules specific to each environment. The jertel/elastalert2 Docker image remains the same across all environments. How does changing this directory name make a difference?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of course.
As far as I know there are few ways to have this implemented right now.
We can (for example) define our own secret and mount it in the Pod.

But what we wanted to have is to have as little copy-pasting and being able to new rules locally with docker-compose.
So, we have prepared set of yml files, which contain rules definitions. They are different per environment.
During local development, devs just add files to appropriate directory and run docker-compose.
image

Our docker image just takes all those rules (both lab and prod) and mounts them in container (both set of rules are present in the container). And now I would like to be able, to tell ElastAlert that I want to use rules from lets say lab subdirectory.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for that detailed explanation, and thanks for the contribution!

| `elasticsearch.host` | elasticsearch endpoint to use | elasticsearch |
| `elasticsearch.port` | elasticsearch port to use | 9200 |
| `elasticsearch.useSsl` | whether or not to connect to es_host using SSL | False |
Expand Down
2 changes: 1 addition & 1 deletion chart/elastalert2/templates/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ metadata:
data:
elastalert_config: |-
---
rules_folder: /opt/elastalert/rules
rules_folder: {{ .Values.rulesFolder }}
{{- if .Values.scanSubdirectories }}
scan_subdirectories: {{ .Values.scanSubdirectories }}
{{- end }}
Expand Down
2 changes: 1 addition & 1 deletion chart/elastalert2/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ spec:
mountPath: '/opt/elastalert/config.yaml'
subPath: config.yaml
- name: {{ .Values.rulesVolumeName }}
mountPath: '/opt/elastalert/rules'
mountPath: {{ .Values.rulesFolder }}
{{- if .Values.elasticsearch.certsVolumeMounts }}
{{ toYaml .Values.elasticsearch.certsVolumeMounts | indent 10 }}
{{- end }}
Expand Down
3 changes: 3 additions & 0 deletions chart/elastalert2/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ revisionHistoryLimit: 5
# Default internal between alert checks against the elasticsearch datasource, in minutes
runIntervalMins: 1

# Location of directory where rules reside
rulesFolder: "/opt/elastalert/rules"

# Enable/disabe subdirectory scanning for rules
scanSubdirectories: true

Expand Down