From 8d79da7ae726ea761bdafcb8614203620f459cfa Mon Sep 17 00:00:00 2001 From: Jef Spaleta Date: Fri, 1 Jul 2022 13:08:08 -0800 Subject: [PATCH 1/5] Add gitlab docs --- docs/GITLAB.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 docs/GITLAB.md diff --git a/docs/GITLAB.md b/docs/GITLAB.md new file mode 100644 index 0000000..6f7792c --- /dev/null +++ b/docs/GITLAB.md @@ -0,0 +1,27 @@ +## GitLab +You can use the `sensu/sensu-flow` docker image [docker image](https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#define-image-in-the-gitlab-ciyml-file) with GitLab +Please note, it's a good idea to use GitLab's support for [Vault Secrets](https://docs.gitlab.com/ee/ci/yaml/index.html#secrets) for sensitive authentication variables such as the Sensu api key or password. + +Here's a reference example for a GitLab CI/CD job definition making use of the `sensu/sensu-flow` docker image together with an api-key seeded into a vault. +``` +stages: + - deploy + +.sensu_flow: + image: sensu/sensu-flow:latest + variables: + MATCHING_CONDITION: "== '$CI_PROJECT_NAME'" + SENSU_BACKEND_URL: https://sensu-api.example.com + secrets: + SENSU_API_KEY: + vault: sensu/sensu-flow/api-key + file: false + script: + - /sensuflow.sh + +sensu_flow: + extends: .sensu_flow + stage: deploy + variables: + VERBOSE: "1" +``` From ff0a579045b9224059daa7cb6643ff560926da14 Mon Sep 17 00:00:00 2001 From: Jef Spaleta Date: Fri, 1 Jul 2022 13:28:35 -0800 Subject: [PATCH 2/5] Updated documentation --- README.md | 9 +++++++-- docs/GITLAB.md | 27 +++++++++++++++++++++++++-- sensuflow.sh | 7 ++++--- 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 8a01b8d..c041a99 100644 --- a/README.md +++ b/README.md @@ -260,9 +260,14 @@ _OR_ description: Optional boolean argument to to disable sanity checks default: false -## Adapting to Other CI/CD Workflows -If you would like to adapt this for other CI/CD workflows, take a look at the sensuflow.sh script from this repositorory. The script should be self-documenting with regard to needed executable dependancies and information concerning environment variables used. +## Using the `sensu/sensuflow` Docker container image with CI/CD Workflows +While this is originally developed and tested for use with GitHub Actions, there is a vendor neutral Docker container image `sensu/sensuflow` now available as of version `0.6.0` that should be suitable for use with any CI/CD tool chain that is capable of using container images for CI/CD jobs. Here's a list of contributed instructions for alternative CI/CD vendors: + +* [GitLab](docs/GITLAB.md) + +Contributed instructions for additional CI/CD services are welcome. + ## Goals SensuFlow is under active development, so please don't hesitate to submit issues for any enhancements you'd like to see. diff --git a/docs/GITLAB.md b/docs/GITLAB.md index 6f7792c..a46f5c1 100644 --- a/docs/GITLAB.md +++ b/docs/GITLAB.md @@ -1,7 +1,30 @@ ## GitLab -You can use the `sensu/sensu-flow` docker image [docker image](https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#define-image-in-the-gitlab-ciyml-file) with GitLab -Please note, it's a good idea to use GitLab's support for [Vault Secrets](https://docs.gitlab.com/ee/ci/yaml/index.html#secrets) for sensitive authentication variables such as the Sensu api key or password. +You can use the `sensu/sensu-flow` [Docker container image](https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#define-image-in-the-gitlab-ciyml-file) with GitLab. This container image includes everything needed to run the `sensuflow.sh` script originally developed for GitHub actions. Please note, it's a good idea to use GitLab's support for [Vault Secrets](https://docs.gitlab.com/ee/ci/yaml/index.html#secrets) for sensitive authentication variables such as the Sensu api key or password. +### Important environment variables +When using the docker image with GitLab, you'll need to be aware of several environment variables used by the `sensuflow.sh` script run within the Docker container. These variables are documented in the `sensuflow.sh` header comments, but here's a quick summary for reference. + +``` +## Required Environment Variables +# SENSU_API_URL: sensu backend api url used by sensuctl +# SENSU_API_KEY: sensu api key for sensuctl, used instead of user and password above +## Optional Environment Variables +# SENSU_CA: CA certificate as a string +# SENSU_CA_FILE: CA certificate file, if set overrides SENSU_CA +# CONFIGURE_OPTIONS: Additional sensuctl configure options +# NAMESPACES_DIR: directory holding sensuflow namepace subdirectories +# NAMESPACES_FILE: file holding namespace resource definitions sensuflow action should create +# MANAGED_RESOURCES: comma seperated list of resources +# MATCHING_LABEL: resource label to match +# MATCHING_CONDITION: condition to match +# DISABLE_SANITY_CHECKS: if set disable sanity checks +# DISABLE_TLS_VERIFY: if set disable TLS verification +## Deprecated Authentication Environment Variables +# SENSU_USER: sensu user for sensuctl configue (deprecated, use SENSU_API_KEY) +# SENSU_PASSWORD: sensu password for sensuctl configure (deprecated, use SENSU_API_KEY) +``` + +### Reference GitLab CI/CD job definition Here's a reference example for a GitLab CI/CD job definition making use of the `sensu/sensu-flow` docker image together with an api-key seeded into a vault. ``` stages: diff --git a/sensuflow.sh b/sensuflow.sh index c98eea1..c07dab8 100755 --- a/sensuflow.sh +++ b/sensuflow.sh @@ -8,10 +8,8 @@ # jq: https://stedolan.github.io/jq/ # ## Required Environment Variables -# SENSU_USER: sensu user for sensuctl configure -# SENSU_PASSWORD: sensu password for sensuctl configure -# SENSU_API_KEY: sensu api key for sensuctl, used instead of user and password above # SENSU_API_URL: sensu backend api url used by sensuctl +# SENSU_API_KEY: sensu api key for sensuctl, used instead of user and password above ## Optional Environment Variables # SENSU_CA: CA certificate as a string # SENSU_CA_FILE: CA certificate file, if set overrides SENSU_CA @@ -23,6 +21,9 @@ # MATCHING_CONDITION: condition to match # DISABLE_SANITY_CHECKS: if set disable sanity checks # DISABLE_TLS_VERIFY: if set disable TLS verification +## Deprecated Authentication Environment Variables +# SENSU_USER: sensu user for sensuctl configue (deprecated, use SENSU_API_KEY) +# SENSU_PASSWORD: sensu password for sensuctl configure (deprecated, use SENSU_API_KEY) ## GitHub Action Notes # GitHub Actions prefaces variables with INPUT_ From d04813dd8b92a5e790f317c04deb24df78c685de Mon Sep 17 00:00:00 2001 From: Jef Spaleta Date: Fri, 1 Jul 2022 13:31:10 -0800 Subject: [PATCH 3/5] Updated documentation --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c041a99..2ae371a 100644 --- a/README.md +++ b/README.md @@ -260,8 +260,8 @@ _OR_ description: Optional boolean argument to to disable sanity checks default: false -## Using the `sensu/sensuflow` Docker container image with CI/CD Workflows -While this is originally developed and tested for use with GitHub Actions, there is a vendor neutral Docker container image `sensu/sensuflow` now available as of version `0.6.0` that should be suitable for use with any CI/CD tool chain that is capable of using container images for CI/CD jobs. Here's a list of contributed instructions for alternative CI/CD vendors: +## Using the Docker container image with other CI/CD tools +While this is originally developed and tested for use with GitHub Actions, there is a vendor neutral `sensu/sensuflow` [Docker](https://hub.docker.com/repository/docker/sensu/sensu-flow) container image `sensu/sensuflow` now available as of version `0.6.0` that should be suitable for use with any CI/CD tool chain that is capable of using container images for CI/CD jobs. Here's a list of contributed instructions for alternative CI/CD vendors: * [GitLab](docs/GITLAB.md) From 5cb70bc97dda8db0a8c14710419bf50f79db8745 Mon Sep 17 00:00:00 2001 From: Jef Spaleta Date: Fri, 1 Jul 2022 13:32:02 -0800 Subject: [PATCH 4/5] Updated documentation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2ae371a..d82d4d1 100644 --- a/README.md +++ b/README.md @@ -261,7 +261,7 @@ _OR_ ## Using the Docker container image with other CI/CD tools -While this is originally developed and tested for use with GitHub Actions, there is a vendor neutral `sensu/sensuflow` [Docker](https://hub.docker.com/repository/docker/sensu/sensu-flow) container image `sensu/sensuflow` now available as of version `0.6.0` that should be suitable for use with any CI/CD tool chain that is capable of using container images for CI/CD jobs. Here's a list of contributed instructions for alternative CI/CD vendors: +While this is originally developed and tested for use with GitHub Actions, there is a vendor neutral `sensu/sensuflow` [Docker](https://hub.docker.com/repository/docker/sensu/sensu-flow) container image available as of version `0.6.0` that should be suitable for use with any CI/CD tool chain that is capable of using container images for CI/CD jobs. Here's a list of contributed instructions for alternative CI/CD vendors: * [GitLab](docs/GITLAB.md) From 87270fe155bad6c1b8010d960bd2ef010961f570 Mon Sep 17 00:00:00 2001 From: Jef Spaleta Date: Fri, 1 Jul 2022 13:43:34 -0800 Subject: [PATCH 5/5] Updated documentation --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d82d4d1..92f6d05 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ jobs: - name: Checkout uses: actions/checkout@v2 - # Step 2: use the versioned sensu/sensuflow action + # Step 2: use the versioned sensu/sensu-flow action - name: Sensuflow with required settings uses: sensu/sensu-flow@0.6.0 with: @@ -261,7 +261,7 @@ _OR_ ## Using the Docker container image with other CI/CD tools -While this is originally developed and tested for use with GitHub Actions, there is a vendor neutral `sensu/sensuflow` [Docker](https://hub.docker.com/repository/docker/sensu/sensu-flow) container image available as of version `0.6.0` that should be suitable for use with any CI/CD tool chain that is capable of using container images for CI/CD jobs. Here's a list of contributed instructions for alternative CI/CD vendors: +While this is originally developed and tested for use with GitHub Actions, there is a vendor neutral `sensu/sensu-flow` [Docker](https://hub.docker.com/repository/docker/sensu/sensu-flow) container image available as of version `0.6.0` that should be suitable for use with any CI/CD tool chain that is capable of using container images for CI/CD jobs. Here's a list of contributed instructions for alternative CI/CD vendors: * [GitLab](docs/GITLAB.md)