https://github.com/adfinis/scrubbed

Alertmanager anonymization webhook proxy
https://github.com/adfinis/scrubbed

alerting alertmanager alertmanager-webhook alertmanager-webhook-receiver compliance kubernetes openshift

Last synced: 4 months ago
JSON representation

Alertmanager anonymization webhook proxy

• Host: GitHub
• URL: https://github.com/adfinis/scrubbed
• Owner: adfinis
• License: gpl-3.0
• Created: 2024-07-02T10:18:58.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2025-03-28T19:17:59.000Z (about 1 year ago)
• Last Synced: 2025-06-30T14:05:04.631Z (12 months ago)
• Topics: alerting, alertmanager, alertmanager-webhook, alertmanager-webhook-receiver, compliance, kubernetes, openshift
• Language: Go
• Homepage:
• Size: 77.1 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Alertmanager Webhook Content Scrubber

This repository creates and publishes Docker image for deployment of Alertmanager filtering proxy.

This proxy is useful for preventing sensitive information (e.g. IP addressess, hostnames, alert descriptions, etc.) leaving organisational boundaries when monitoring is outsourced to external entity.

For convenience, Dockerfile and deployment to couple filtering proxy with Signalilo is also provided.

## Installation

See `deploy/kustomize` for Kustomize based deployment.

## Configuration

Patch ConfigMaps using Kustomize overlay. Examples provided in `deploy/kustomize/overlays`.

### Proxy

Implicitly uses default HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables.

### Alertmanager

Add receiver to Alertmanager configuration:

```yaml

receivers:

  - name: Default

    webhook_configs:

      - url: >-

          http://scrubbed.scrubbed.svc.cluster.local:8080/webhook

        send_resolved: true

        http_config:

          bearer_token: "foo"

```

## Development

### Release Management

The CI/CD setup uses semantic commit messages following the

[conventional commits standard](https://www.conventionalcommits.org/en/v1.0.0/).

There is a GitHub Action in [.github/workflows/semantic-release.yaml](./.github/workflows/semantic-release.yaml)

that uses [go-semantic-commit](https://go-semantic-release.xyz/) to create new releases.

The commit message should be structured as follows:

```console

[optional scope]: 

[optional body]

[optional footer(s)]

```

The commit contains the following structural elements, to communicate intent to the consumers of your library:

1. **fix:** a commit of the type `fix` patches gets released with a PATCH version bump

1. **feat:** a commit of the type `feat` gets released as a MINOR version bump

1. **BREAKING CHANGE:** a commit that has a footer `BREAKING CHANGE:` gets released as a MAJOR version bump

1. types other than `fix:` and `feat:` are allowed and don't trigger a release

If a commit does not contain a conventional commit style message you can fix

it during the squash and merge operation on the PR.

## References

* https://github.com/vshn/signalilo

* https://prometheus.io/docs/alerting/latest/configuration/#webhook_config