From 39365262accd3a8bb30b1b4a84ee3cb54baf6bd4 Mon Sep 17 00:00:00 2001 From: tom-j-smith Date: Fri, 17 Nov 2023 15:24:11 +0000 Subject: [PATCH 1/7] Update cluster name in elasticsearch monitor --- .../cloud-platform-ephemeral-test/account/kibana-alerts.tf | 2 +- terraform/global-resources/kibana-alerts.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/aws-accounts/cloud-platform-ephemeral-test/account/kibana-alerts.tf b/terraform/aws-accounts/cloud-platform-ephemeral-test/account/kibana-alerts.tf index 096098350..43666ee33 100644 --- a/terraform/aws-accounts/cloud-platform-ephemeral-test/account/kibana-alerts.tf +++ b/terraform/aws-accounts/cloud-platform-ephemeral-test/account/kibana-alerts.tf @@ -122,7 +122,7 @@ resource "elasticsearch_opensearch_monitor" "psa_violations" { { "search": { "indices": [ - "live-kubernetes-*" + "live_kubernetes_cluster*" ], "query": { "size": 0, diff --git a/terraform/global-resources/kibana-alerts.tf b/terraform/global-resources/kibana-alerts.tf index 115ca4fbf..cf4752c59 100644 --- a/terraform/global-resources/kibana-alerts.tf +++ b/terraform/global-resources/kibana-alerts.tf @@ -122,7 +122,7 @@ resource "elasticsearch_opensearch_monitor" "psa_violations" { { "search": { "indices": [ - "live-kubernetes-*" + "live_kubernetes_cluster*" ], "query": { "size": 0, From a2169495cf66a3396b3e36ce9fcfd9640c94fd11 Mon Sep 17 00:00:00 2001 From: tom-j-smith Date: Fri, 17 Nov 2023 16:47:59 +0000 Subject: [PATCH 2/7] Add range for monitor query and update message --- terraform/global-resources/kibana-alerts.tf | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/terraform/global-resources/kibana-alerts.tf b/terraform/global-resources/kibana-alerts.tf index cf4752c59..ad6bf87c1 100644 --- a/terraform/global-resources/kibana-alerts.tf +++ b/terraform/global-resources/kibana-alerts.tf @@ -132,6 +132,18 @@ resource "elasticsearch_opensearch_monitor" "psa_violations" { "adjust_pure_negative": true, "boost": 1, "filter": [ + { + "range": { + "@timestamp": { + "boost": 1, + "from": "{{period_end}}||-10m", + "to": "{{period_end}}", + "include_lower": true, + "include_upper": true, + "format": "epoch_millis" + } + } + }, { "multi_match": { "type": "phrase", @@ -194,7 +206,7 @@ resource "elasticsearch_opensearch_monitor" "psa_violations" { "unit": "MINUTES" }, "message_template": { - "source": "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.\n- Trigger: {{ctx.trigger.name}}\n- Severity: {{ctx.trigger.severity}}\n- Period start: {{ctx.periodStart}}\n- Period end: {{ctx.periodEnd}}\n- Contact the user to rectify.", + "source": "One or more namespaces have PodSecurity Violations. Search `"violates PodSecurity"` on Kibana and investigate the affected namespaces.", "lang": "mustache" }, "subject_template": { From 9f53fc03b8b13a5c695e2f009f9328589165da36 Mon Sep 17 00:00:00 2001 From: tom-j-smith Date: Fri, 17 Nov 2023 16:55:25 +0000 Subject: [PATCH 3/7] fix message formatting --- terraform/global-resources/kibana-alerts.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/global-resources/kibana-alerts.tf b/terraform/global-resources/kibana-alerts.tf index ad6bf87c1..7369f6b32 100644 --- a/terraform/global-resources/kibana-alerts.tf +++ b/terraform/global-resources/kibana-alerts.tf @@ -206,7 +206,7 @@ resource "elasticsearch_opensearch_monitor" "psa_violations" { "unit": "MINUTES" }, "message_template": { - "source": "One or more namespaces have PodSecurity Violations. Search `"violates PodSecurity"` on Kibana and investigate the affected namespaces.", + "source": "One or more namespaces have PodSecurity Violations. Search \"violates PodSecurity\" on Kibana and investigate the affected namespaces.", "lang": "mustache" }, "subject_template": { From 058def9b9f241fe9721a0f6090f8d2efbb1ed6bc Mon Sep 17 00:00:00 2001 From: tom-j-smith Date: Fri, 17 Nov 2023 17:16:17 +0000 Subject: [PATCH 4/7] Change to the alert message --- terraform/global-resources/kibana-alerts.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/global-resources/kibana-alerts.tf b/terraform/global-resources/kibana-alerts.tf index 7369f6b32..6c8d109f1 100644 --- a/terraform/global-resources/kibana-alerts.tf +++ b/terraform/global-resources/kibana-alerts.tf @@ -206,11 +206,11 @@ resource "elasticsearch_opensearch_monitor" "psa_violations" { "unit": "MINUTES" }, "message_template": { - "source": "One or more namespaces have PodSecurity Violations. Search \"violates PodSecurity\" on Kibana and investigate the affected namespaces.", + "source": "Search \"violates PodSecurity\" on Kibana and investigate the affected namespaces.\nContact the user to rectify.", "lang": "mustache" }, "subject_template": { - "source": "PodSecurity Violations found", + "source": "One or more namespaces have PodSecurity Violations in the past 10 minutes.", "lang": "mustache" } } From d2ebd8549b8d63bbe21fe7009657182f94bc98f1 Mon Sep 17 00:00:00 2001 From: tom-j-smith Date: Fri, 17 Nov 2023 17:23:24 +0000 Subject: [PATCH 5/7] Increase throttle on alert message --- terraform/global-resources/kibana-alerts.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/global-resources/kibana-alerts.tf b/terraform/global-resources/kibana-alerts.tf index 6c8d109f1..9406630a6 100644 --- a/terraform/global-resources/kibana-alerts.tf +++ b/terraform/global-resources/kibana-alerts.tf @@ -202,7 +202,7 @@ resource "elasticsearch_opensearch_monitor" "psa_violations" { "destination_id": "${elasticsearch_opensearch_destination.cloud_platform_alerts.id}", "throttle_enabled": true, "throttle": { - "value": 60, + "value": 1440, "unit": "MINUTES" }, "message_template": { From 550cd8a6cc31983dd390fd3d275e49d79907381d Mon Sep 17 00:00:00 2001 From: Poornima Krishnasamy Date: Mon, 20 Nov 2023 11:15:42 +0000 Subject: [PATCH 6/7] Bump kuberhealthy to 1.2.9 (#2614) --- .../cloud-platform-aws/vpc/eks/components/components.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf b/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf index a7f252ea8..a91e1c1eb 100644 --- a/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf +++ b/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf @@ -234,7 +234,7 @@ module "velero" { } module "kuberhealthy" { - source = "github.com/ministryofjustice/cloud-platform-terraform-kuberhealthy?ref=1.2.8" + source = "github.com/ministryofjustice/cloud-platform-terraform-kuberhealthy?ref=1.2.9" dependence_prometheus = module.monitoring.prometheus_operator_crds_status } From 41318e0d9b33c94eb134c5cce395f4b7f51fce0c Mon Sep 17 00:00:00 2001 From: Poornima Krishnasamy Date: Mon, 20 Nov 2023 11:53:36 +0000 Subject: [PATCH 7/7] Bump gatekeeper fot 1.9.2 (#2615) --- .../cloud-platform-aws/vpc/eks/components/components.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf b/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf index a91e1c1eb..b1879502f 100644 --- a/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf +++ b/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf @@ -179,7 +179,7 @@ module "monitoring" { } module "gatekeeper" { - source = "github.com/ministryofjustice/cloud-platform-terraform-gatekeeper?ref=1.9.1" + source = "github.com/ministryofjustice/cloud-platform-terraform-gatekeeper?ref=1.9.2" depends_on = [module.monitoring, module.modsec_ingress_controllers_v1, module.cert_manager] dryrun_map = {