From 8555b331b4c57ef69686dbd6e95e5d3123f896b5 Mon Sep 17 00:00:00 2001 From: Vibhor Dabas Date: Tue, 9 Jan 2024 11:17:02 +0530 Subject: [PATCH] fix: infra section edits --- canary-checker/docs/reference/ec2.mdx | 99 ++++++++++++------- canary-checker/docs/reference/gcs-bucket.mdx | 8 +- canary-checker/docs/reference/kubernetes.mdx | 29 +++--- canary-checker/docs/reference/ldap.mdx | 2 +- canary-checker/docs/reference/pod.mdx | 1 - canary-checker/docs/reference/s3-bucket.mdx | 8 +- canary-checker/docs/reference/s3-protocol.mdx | 13 ++- canary-checker/docs/reference/sftp.mdx | 2 +- canary-checker/docs/reference/smb.mdx | 2 +- canary-checker/sidebars.js | 11 --- 10 files changed, 101 insertions(+), 74 deletions(-) diff --git a/canary-checker/docs/reference/ec2.mdx b/canary-checker/docs/reference/ec2.mdx index dfa5aeb2..3b855cbe 100644 --- a/canary-checker/docs/reference/ec2.mdx +++ b/canary-checker/docs/reference/ec2.mdx @@ -30,7 +30,7 @@ spec: secretKeyRef: name: aws-credentials key: AWS_SECRET_ACCESS_KEY - region: af-south-1 + region: eu-west-1 userData: | #!/bin/bash yum install -y httpd @@ -41,7 +41,7 @@ spec: chmod 2775 /var/www find /var/www -type d -exec chmod 2775 {} \; find /var/www -type f -exec chmod 0664 {} \; - securityGroup: WebAccess + securityGroup: default ``` | Field | Description | Scheme | Required | @@ -77,42 +77,65 @@ There are 3 options when connecting to AWS: 2. `connection`, this is the recommended method, connections are reusable and secure - ```yaml title="aws-connection.yaml" - apiVersion: canaries.flanksource.com/v1 - kind: Canary - metadata: - name: aws-config-rule - spec: - interval: 30 - awsConfigRule: - - name: AWS Config Rule Checker - connection: connection://aws/internal - rules: - - "s3-bucket-public-read-prohibited" - ``` + ```yaml title="aws-connection.yaml" + apiVersion: canaries.flanksource.com/v1 + kind: Canary + metadata: + name: ec2-check + spec: + interval: 30 + ec2: + - name: ec2-check + ami: ami-04f7efe62f419d9f5 + description: test instance + connection: connection://aws/internal + region: eu-west-1 + userData: | + #!/bin/bash + yum install -y httpd + systemctl start httpd + systemctl enable httpd + usermod -a -G apache ec2-user + chown -R ec2-user:apache /var/www + chmod 2775 /var/www + find /var/www -type d -exec chmod 2775 {} \; + find /var/www -type f -exec chmod 0664 {} \; + securityGroup: default + ``` 3. `accessKey` and `secretKey` *EnvVar* with the credentials stored in a secret. - ```yaml title="aws.yaml" - apiVersion: canaries.flanksource.com/v1 - kind: Canary - metadata: - name: aws-config-rule - spec: - interval: 30 - awsConfigRule: - - name: AWS Config Rule Checker - accessKey: - valueFrom: - secretKeyRef: - name: aws-credentials - key: AWS_ACCESS_KEY_ID - secretKey: - valueFrom: - secretKeyRef: - name: aws-credentials - key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - rules: - - "s3-bucket-public-read-prohibited" - ``` + ```yaml title="aws.yaml" + apiVersion: canaries.flanksource.com/v1 + kind: Canary + metadata: + name: ec2-check + spec: + interval: 30 + ec2: + - name: ec2-check + ami: ami-04f7efe62f419d9f5 + description: test instance + accessKeyID: + valueFrom: + secretKeyRef: + name: aws-credentials + key: AWS_ACCESS_KEY_ID + secretKey: + valueFrom: + secretKeyRef: + name: aws-credentials + key: AWS_SECRET_ACCESS_KEY + region: eu-west-1 + userData: | + #!/bin/bash + yum install -y httpd + systemctl start httpd + systemctl enable httpd + usermod -a -G apache ec2-user + chown -R ec2-user:apache /var/www + chmod 2775 /var/www + find /var/www -type d -exec chmod 2775 {} \; + find /var/www -type f -exec chmod 0664 {} \; + securityGroup: default + ``` \ No newline at end of file diff --git a/canary-checker/docs/reference/gcs-bucket.mdx b/canary-checker/docs/reference/gcs-bucket.mdx index bd63b140..89041faf 100644 --- a/canary-checker/docs/reference/gcs-bucket.mdx +++ b/canary-checker/docs/reference/gcs-bucket.mdx @@ -58,10 +58,10 @@ spec: - name: gcs auth test path: gcs://somegcsbucket gcpConnection: - connection: connection://gcp/internal + connection: connection://gcp/internal ``` -3. `accessKey` and `secretKey` *EnvVar* with the credentials stored in a secret. +3. `credentials` *EnvVar* with the service account json key stored in a secret. ```yaml title="aws.yaml" apiVersion: canaries.flanksource.com/v1 @@ -81,3 +81,7 @@ spec: key: AUTH_ACCESS_TOKEN ``` +To create the secret +```bash +kubectl create secret generic gcp-credentials --from-file=AUTH_ACCESS_TOKEN=path/to/your/SA_Key.json +``` \ No newline at end of file diff --git a/canary-checker/docs/reference/kubernetes.mdx b/canary-checker/docs/reference/kubernetes.mdx index 1c95d903..28509edb 100644 --- a/canary-checker/docs/reference/kubernetes.mdx +++ b/canary-checker/docs/reference/kubernetes.mdx @@ -13,21 +13,20 @@ metadata: name: kube-check spec: interval: 30 - spec: - kubernetes: - - namespace: - name: default - name: k8s-ready pods - kind: Pod - resource: - labelSelector: app=k8s-ready - - namespace: - name: default - kind: Pod - name: k8s-not-ready pods - ready: false - resource: - labelSelector: app=k8s-not-ready + kubernetes: + - namespace: + name: default + name: k8s-ready pods + kind: Pod + resource: + labelSelector: app=k8s-ready + - namespace: + name: default + kind: Pod + name: k8s-not-ready pods + ready: false + resource: + labelSelector: app=k8s-not-ready ``` | Field | Description | Scheme | Required | diff --git a/canary-checker/docs/reference/ldap.mdx b/canary-checker/docs/reference/ldap.mdx index f0a06736..2e91ecce 100644 --- a/canary-checker/docs/reference/ldap.mdx +++ b/canary-checker/docs/reference/ldap.mdx @@ -18,7 +18,7 @@ spec: interval: 30 ldap: - name: ldap-org - url: ldap://apacheds.ldap.svc:10389 + url: ldap://apacheds.ldap.svc.cluster.local:10389 username: # value: uid=admin,ou=system valueFrom: diff --git a/canary-checker/docs/reference/pod.mdx b/canary-checker/docs/reference/pod.mdx index 26d4e583..27564ce0 100644 --- a/canary-checker/docs/reference/pod.mdx +++ b/canary-checker/docs/reference/pod.mdx @@ -40,7 +40,6 @@ spec: httpRetryInterval: 200 expectedContent: bar expectedHttpStatuses: [200, 201, 202] - priorityClass: canary-checker-priority ``` diff --git a/canary-checker/docs/reference/s3-bucket.mdx b/canary-checker/docs/reference/s3-bucket.mdx index bb6f4ac9..f704b118 100644 --- a/canary-checker/docs/reference/s3-bucket.mdx +++ b/canary-checker/docs/reference/s3-bucket.mdx @@ -49,7 +49,7 @@ There are 3 options when connecting to AWS: interval: 30 folder: - path: s3://some-bucket/folder - awsConnection: + awsConnection: connection: connection://aws/s3 name: folder-check-min minCount: 10 @@ -82,7 +82,9 @@ There are 3 options when connecting to AWS: secretKeyRef: name: aws-credentials key: AWS_SECRET_ACCESS_KEY - region: us-east-1AWS connection fields + region: us-east-1 + +### AWS connection fields | Field | Description | Scheme | Required | | --------------- | ------------------------------------------------------------ | ------------------------------------------------- | -------- | @@ -90,5 +92,5 @@ There are 3 options when connecting to AWS: | `accessKey` | Mutually exclusive with `connection` | *EnvVar* | Yes | | `secretKey` | Mutually exclusive with `connection` | *EnvVar* | Yes | | `endpoint` | Custom AWS endpoint | *string* | | -| `region` | AWS region | *string* | | +| `region` | AWS region | *string* | Yes | | `skipTLSVerify` | Skip TLS verify when connecting to aws | *bool* | | diff --git a/canary-checker/docs/reference/s3-protocol.mdx b/canary-checker/docs/reference/s3-protocol.mdx index 0c6449b6..05173f5f 100644 --- a/canary-checker/docs/reference/s3-protocol.mdx +++ b/canary-checker/docs/reference/s3-protocol.mdx @@ -28,6 +28,17 @@ spec: - name: s3-check bucketName: flanksource-public objectPath: dummy + region: us-east-1 + accessKey: + valueFrom: + secretKeyRef: + name: aws-credentials + key: AWS_ACCESS_KEY_ID + secretKey: + valueFrom: + secretKeyRef: + name: aws-credentials + key: AWS_SECRET_ACCESS_KEY ``` | Field | Description | Scheme | Required | @@ -47,5 +58,5 @@ spec: | `accessKey` | Mutually exclusive with `connection` | *EnvVar* | Yes | | `secretKey` | Mutually exclusive with `connection` | *EnvVar* | Yes | | `endpoint` | Custom AWS endpoint | *string* | | -| `region` | AWS region | *string* | | +| `region` | AWS region | *string* | Yes | | `skipTLSVerify` | Skip TLS verify when connecting to aws | *bool* | | diff --git a/canary-checker/docs/reference/sftp.mdx b/canary-checker/docs/reference/sftp.mdx index 47a13d75..cef60383 100644 --- a/canary-checker/docs/reference/sftp.mdx +++ b/canary-checker/docs/reference/sftp.mdx @@ -18,6 +18,7 @@ spec: folder: - path: /tmp name: sample sftp check + maxCount: 10 sftpConnection: host: 192.168.1.5 auth: @@ -31,7 +32,6 @@ spec: secretKeyRef: name: sftp-credentials key: PASSWORD - maxCount: 10 ``` | Field | Description | Scheme | Required | diff --git a/canary-checker/docs/reference/smb.mdx b/canary-checker/docs/reference/smb.mdx index 5bbe5ed2..dc35955c 100644 --- a/canary-checker/docs/reference/smb.mdx +++ b/canary-checker/docs/reference/smb.mdx @@ -16,7 +16,7 @@ metadata: spec: interval: 30 folder: - - path: smb://192.168.1.9/Some Public Folder/somedir + - path: smb:\\192.168.1.9\Some Public Folder\somedir name: sample smb check smbConnection: username: diff --git a/canary-checker/sidebars.js b/canary-checker/sidebars.js index 19cd662a..8e4c21ca 100644 --- a/canary-checker/sidebars.js +++ b/canary-checker/sidebars.js @@ -373,16 +373,5 @@ module.exports = { }, ], }, - { - type: 'category', - label: 'References', - items: [ - { - type: 'doc', - id: 'reference/connections', - label: 'Connections', - }, - ], - } ], };