{"id":15715387,"url":"https://github.com/cloudflare/sciuro","last_synced_at":"2026-07-04T03:05:53.022Z","repository":{"id":37615032,"uuid":"368312489","full_name":"cloudflare/sciuro","owner":"cloudflare","description":"Alertmanager to Kubernetes Node conditions bridge","archived":false,"fork":false,"pushed_at":"2025-03-21T18:11:38.000Z","size":288,"stargazers_count":172,"open_issues_count":5,"forks_count":5,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-03-28T17:06:03.739Z","etag":null,"topics":["alertmanager","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Starlark","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudflare.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-17T20:21:37.000Z","updated_at":"2025-03-17T14:52:02.000Z","dependencies_parsed_at":"2024-12-28T14:12:24.629Z","dependency_job_id":"88535ca7-5c5a-4947-8a9d-6e06aa9a2106","html_url":"https://github.com/cloudflare/sciuro","commit_stats":{"total_commits":13,"total_committers":3,"mean_commits":4.333333333333333,"dds":0.3846153846153846,"last_synced_commit":"c7518685a7cc360fef101d344c172aa9c76c608e"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fsciuro","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fsciuro/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fsciuro/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fsciuro/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudflare","download_url":"https://codeload.github.com/cloudflare/sciuro/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247226213,"owners_count":20904465,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alertmanager","kubernetes"],"created_at":"2024-10-03T21:41:24.354Z","updated_at":"2026-07-04T03:05:53.014Z","avatar_url":"https://github.com/cloudflare.png","language":"Starlark","funding_links":[],"categories":["Infrastructure \u0026 Operations"],"sub_categories":["Monitoring \u0026 Observability"],"readme":"\n![Sciuro](img/sciuro.png \"Sciuro\")\n\n* [Introduction](#introduction)\n* [Requirements](#requirements)\n\n# Introduction\n\nSciuro is a bridge between Alertmanager or Prometheus and Kubernetes to sync alerts as Node\nConditions. It is designed to work in tandem with other controllers that\nobserve Node Conditions such as [draino](https://github.com/planetlabs/draino)\nor [Cluster API](https://cluster-api.sigs.k8s.io/tasks/automated-machine-management/healthchecking).\n\n# Requirements\n\n* Alertmanager API v2 or Prometheus API v1\n* Kubernetes 1.12+\n\n# Deployment\n1. Download the manifests from the latest Github release\n\n```\nwget https://github.com/cloudflare/sciuro/releases/latest/download/cluster.yaml\nwget https://github.com/cloudflare/sciuro/releases/latest/download/stable.yaml\n```\n\n2. Apply the cluster-scoped resources that allow Sciuro to read nodes and\n   modify their status. If you choose a different namespace, adjust the\n   namespace name and `ClusterRoleBinding` accordingly.\n\n```\n# Review manifests and make adjustments for different namespace\nkubectl apply -f cluster.yaml\n```\n\n3. Edit the `sciuro` ConfigMap referencing the [Sciuro Configuration](#sciruo-configuration) section below. Apply the namespaced resources.  \n\n```\n# Review manifests and make adjustments to config map\nkubectl apply -f stable.yaml\n```\n\n## Sciuro Configuration\nThe following environment variables can be set to configure Sciuro. Modifying\nthe supplied ConfigMap will set the environment variables on the Deployment.\n\n### Alerts Fetch Configuration\n\nYou must set the URL for the Alertmanager or Prometheus instance(s) to sync from. In addition,\nfiltering should be configured both on a global level and for each specific\nnode. The Alertmanager\n[receiver](https://prometheus.io/docs/alerting/latest/configuration/#receiver)\nshould be set to filter globally, while the node filters are set for matching\nalerts to a specific node.\n\n```\n# AlertmanagerURL is the url for the Alertmanager instance to sync from\nSCIURO_ALERTMANAGER_URL: \"https://CHANGEME.example.com\"\n\n#PrometheusURLs is a list of Prometheus urls to sync from\nSCIURO_PROMETHEUS_URLS: \"https://CHANGEME.example.com,https://CHANGEME2.example.com\"\n\n# AlertReceiver is the receiver to use for server-side filtering of alerts\n# must be the same across all targeted nodes in the cluster\nSCIURO_ALERT_RECEIVER: \"CHANGEME\"\n\n# CEL_EXPRESSION is a Common Expression Language expression that runs against each alert.\n# `labels` is a map representing the prometheus labels of the alert.\n# There are two other valid variables available for substitution:\n# `FullName` and `ShortName` where `ShortName` is `FullName` up to the first . (dot)\nSCIURO_CEL_EXPRESSION: `\"node\" in labels \u0026\u0026 (labels[\"node\"] == FullName || labels[\"node\"] == ShortName)`\n```\n\nSome additional optional settings are as follows:\n```\n# AlertSilenced controls whether silenced alerts are retrieved from Alertmanager\nSCIURO_ALERT_SILENCED: \"false\"\n\n# AlertCacheTTL is the time between fetching alerts\nSCIURO_ALERT_CACHE_TTL: \"60s\"\n```\n\n### Reconciliation Configuration\n\nThe following are optional settings to configure how reconciliation with the\nKubernetes node resources behaves\n\n```\n# NodeResync is the period at which a node fully syncs with the current alerts\nSCIURO_NODE_RESYNC: \"2m\"\n\n# ReconcileTimeout is the maximum time given to reconcile a node.\nSCIURO_RECONCILE_TIMEOUT: \"45s\"\n\n# LingerResolvedDuration is the time that non-firing alerts are kept as conditions\n# with the False status. After this time, the condition will be removed entirely.\n# A value of 0 will never remove these conditions.\nSCIURO_LINGER_DURATION: \"96h\"\n\n# NodeConditionPrefix is the prefix for type of node condition.\nSCIURO_NODE_CONDITION_PREFIX: \"AlertManager_\"\n```\n\n### Miscellaneous Configuration\n\nTo change the address and port to serve metrics from:\n```\n# MetricsAddr is the address and port to serve metrics from\nSCIURO_METRICS_ADDR: \"0.0.0.0:8080\"\n\n# DevMode toggles additional logging information\nSCIURO_DEV_MODE: \"false\"\n\n# LeaderElectionNamespace is the namespace where the leader election config map will be\n# managed. Defaults to the current namespace.\nSCIURO_LEADER_NAMESPACE: \"\"\n\n# LeaderElectionID is the name of the configmap used to manage leader elections\nSCIURO_LEADER_ID: \"sciuro-leader\"\n```\n\n## Alertmanager Configuration\nSciuro is recommended to have its own Alertmanager\n[receiver](https://prometheus.io/docs/alerting/latest/configuration/#receiver).\nSince Sciuro works in a pull model currently, this receiver does not need to\npush anywhere and can simply be an empty receiver. In addition, a\n[route](https://prometheus.io/docs/alerting/latest/configuration/#route) needs\nto be setup to match alerts to this receiver. There are many configurations that\nwill achieve the above, however the below is one example partial Alertmanager\nconfiguration that allows alerts with a `notify: node-condition-k8s` label to\nbe picked up by Sciuro:\n\n```\nroute:\n  routes:\n    - match_re:\n        notify: (?:.*\\s+)?node-condition-k8s(?:\\s+.*)?\n      receiver: node-condition-k8s\n      continue: true\n\nreceivers:\n  - name: node-condition-k8s\n```\n\n## Prometheus Configuration\nWhen using Prometheus as an input source,\na more complex CEL expression is recommended since Prometheus\ndoes not have the concept of silences or receivers.\nA typical expression when using the Prometheus configuration may look like this:\n```\nlabels[\"node\"] == FullName \u0026\u0026 labels[\"notify\"].contains(\"node-condition-k8s\")\n```\n\nYou may also want to drop the alerts with a particular receiver.\nExample Prometheus configuration:\n```\n      alertmanagers:\n        - alert_relabel_configs:\n            - action: drop\n              regex: node-condition-k8s\n              source_labels:\n                - notify\n```\n\n# Creating alerts\nAssuming Prometheus as a source of alerts, an alert like the following can be\ncreated to add a condition to nodes for high uptime:\n```\nalert: NodeUpTooLong\nexpr: (time() - node_boot_time_seconds) / 60 / 60 / 24 \u003e 7\nlabels:\n  notify: node-condition-k8s\n  priority: \"8\"\nannotations:\n  description: Node '{{ $labels.instance }}' has been up for more than 7 days\n  summary: Node '{{ $labels.instance }}' uptime too long\n```\n\nWith this alert in place, conditions are added to the affected nodes:\n```\n$ kubectl get node worker01 -o json | jq '.status.conditions[] | select(.type | test(\"^AlertManager_\"))'\n{\n  \"lastHeartbeatTime\": \"2021-06-16T16:07:10Z\",\n  \"lastTransitionTime\": \"2021-06-16T15:34:07Z\",\n  \"message\": \"[P8] Node 'worker01' uptime too long\",\n  \"reason\": \"AlertIsFiring\",\n  \"status\": \"True\",\n  \"type\": \"AlertManager_NodeUpTooLong\"\n}\n```\n\n# Building\nSciuro is built and tested with [bazel](https://bazel.build/). To run tests:\n```\nmake test\n```\n\nTo build and push the multi-arch image index, set the repository at runtime:\n```\nbazel run //cmd/sciuro:push -- --repository=quay.io/myrepo/sciuro --tag=v1.2.3\n```\n\nTo render the manifests, define the docker repository base and namespace:\n```\nbazel build //manifests:cluster //manifests:stable \\\n  --define repo=quay.io/myrepo --define namespace=node-remediation\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudflare%2Fsciuro","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudflare%2Fsciuro","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudflare%2Fsciuro/lists"}