Merge pull request #104 from flanksource/docusaurus-mission-control

fix : Mission Control docs to docusaurus

canary-checker/docs/concepts/authentication.md

@@ -0,0 +1,102 @@
+# Authentication
+
+Canary checker uses the Kubernetes ValuesFrom pattern to retrieve sensitive values like usernames, password and access keys.
+
+Whenever a field uses the `EnvVar` object type you have the option of specifying the value in 3 ways:
+
+## EnvVar
+
+1. Statically in the `value` field
+1. Via a Kubernetes Config Map via the `configMapKeyRef` field
+1. Via a Kubernetes Secret via the `secretKeyRef` field
+
+### Static Values
+
+Using a HTTP health check as an example for static values:
+
+```yaml title="http-basic-auth-static.yaml"
+apiVersion: canaries.flanksource.com/v1
+kind: Canary
+metadata:
+  name: http-basic-auth
+spec:
+  http:
+    - url: https://httpbin.org/basic-auth/hello/world
+      responseCodes: [200]
+      authentication:
+        username:
+          value: hello
+        password:
+          value: world
+```
+
+### Kubernetes Configmaps
+
+To use a configmap, we first need to create the configmap:
+
+```bash
+kubectl create configmap basic-auth --from-literal=user=hello --from-literal=pass=world -n default
+```
+
+```yaml title="http-basic-auth-configmap.yaml"
+apiVersion: canaries.flanksource.com/v1
+kind: Canary
+metadata:
+  name: http-basic-auth-configmap
+spec:
+  http:
+    - url: https://httpbin.org/basic-auth/hello/world
+      responseCodes: [200]
+      authentication:
+        username:
+          valueFrom:
+            configMapKeyRef:
+              name: basic-auth
+              key: user
+        password:
+          valueFrom:
+            configMapKeyRef:
+              name: basic-auth
+              key: pass
+```
+
+### Kubernetes Secrets
+
+To use a secret, first we create the secret:
+
+```bash
+kubectl create secret generic basic-auth --from-literal=user=hello --from-literal=pass=world -n default
+```
+
+```yaml title="http-basic-auth-secret.yaml"
+apiVersion: canaries.flanksource.com/v1
+kind: Canary
+metadata:
+  name: http-basic-auth-configmap
+spec:
+  http:
+    - url: https://httpbin.org/basic-auth/hello/world
+      responseCodes: [200]
+      authentication:
+        username:
+          valueFrom:
+            secretKeyRef:
+              name: basic-auth
+              key: user
+        password:
+          valueFrom:
+            secretKeyRef:
+              name: basic-auth
+              key: pass
+```
+
+### Recommendations
+
+Kubernetes Secrets are, by default, stored unencrypted in the API server's underlying data store (etcd). Anyone with API access can retrieve or modify a Secret, and so can anyone with access to etcd. With this in mind, it is recommended to implement some level of security to prevent unauthorized access to your Kubernetes secrets.
+You may consider the following for your encryption and security needs:
+
+- [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/getting-started/)
+- [Bitnami Sealed Secrets](https://www.youtube.com/watch?v=xd2QoV6GJlc&ab_channel=DevOpsToolkit)
+- [KSOPS](https://blog.oddbit.com/post/2021-03-09-getting-started-with-ksops/)
+- [Enable Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/)
+- [Enable or configure RBAC rules](https://kubernetes.io/docs/reference/access-authn-authz/authorization/)

docs/canary-checker/docs/concepts/troubleshooting.md → canary-checker/docs/concepts/troubleshooting.md

@@ -1,10 +1,10 @@
 # Troubleshooting
 
-1. Run the check from the CLI
+## Run the check from the CLI
 
    The easiest way of troubleshooting is to run the `canary-checker run` command with a copy of the canary CRD locally, this enables rapid feedback loops.
 
-1. Enable trace and debug
+## Enable trace and debug
 
   To increase the amount of logs for a particular trace add a `trace: true` annotation:
 
@@ -26,12 +26,25 @@
   Trace level logging will return the HTTP response body which may contain sensitive data (The authorization headers will be sanitized)
   :::
 
-
-
 ### Trace Levels
 
 | Level   | Logs                                                         |
 | ------- | ------------------------------------------------------------ |
 | `debug` | - HTTP Request and Response Header                           |
 | `trace` | - HTTP Request and Response Header <br/>- HTTP Response Body <br />- Custom Metrics |
 
+
+## Run checks immediately using `next-runtime`
+
+To run a canary outside of its normall schedule add the annotation:
+
+```bash
+ kubectl annotate canary <canary> next-runtime=$(date -Iseconds) -n
+ ```
+
+## Temporarily pause a canary using `suspend`
+
+```bash
+ kubectl annotate canary <canary> supend=true
+ ```
+

docs/canary-checker/docs/reference/alert-manager.md → canary-checker/docs/reference/alert-manager.mdx

@@ -45,7 +45,7 @@ spec:
 | `description` | Description for the check                                   | `string`                                     |          |
 | `icon`        | Icon for overwriting default icon on the dashboard          | `string`                                     |          |
 | `labels`      | Labels for check                                            | `map[string]string`                          |          |
-| `test`        | Evaluate whether a check is healthy                         | [`Expression`](/concepts/health-evaluation)  |          |
-| `display`     | Expression to change the formatting of the display          | [`Expression`](/concepts/display-formatting) |          |
-| `transform`   | Transform data from a check into multiple individual checks | [`Expression`](/concepts/transforms)          |          |
-| `metrics`     | Metrics to export from                                      | [`[]Metrics`](/concepts/metrics-exporter)    |          |
+| `test`        | Evaluate whether a check is healthy                         | [`Expression`](../concepts/health-evaluation)  |          |
+| `display`     | Expression to change the formatting of the display          | [`Expression`](../concepts/display-formatting) |          |
+| `transform`   | Transform data from a check into multiple individual checks | [`Expression`](../concepts/transforms)          |          |
+| `metrics`     | Metrics to export from                                      | [`[]Metrics`](../concepts/metrics-exporter)    |          |

docs/canary-checker/docs/reference/aws-config-rule.md → canary-checker/docs/reference/aws-config-rule.mdx

@@ -2,25 +2,25 @@
 title: AWS Config Rule
 ---
 
-# <Icon name="aws-config"/> AWS Config Rule
+# <Icon name="aws-config" /> AWS Config Rule
 
 Check if any AWS resources are failing AWS config rule checks.
 
-  ```yaml
-  apiVersion: canaries.flanksource.com/v1
-  kind: Canary
-  metadata:
-    name: aws-config-rule
-  spec:
-    interval: 30
-    awsConfigRule:
-      - description: "AWS Config Rule Checker"
-        name: AWS Config Rule Checker
-        rules:
-          - "s3-bucket-public-read-prohibited"
-        ignoreRules:
-          - "s3-bucket-public-write-prohibited"
-  ```
+```yaml
+apiVersion: canaries.flanksource.com/v1
+kind: Canary
+metadata:
+  name: aws-config-rule
+spec:
+  interval: 30
+  awsConfigRule:
+    - description: "AWS Config Rule Checker"
+      name: AWS Config Rule Checker
+      rules:
+        - "s3-bucket-public-read-prohibited"
+      ignoreRules:
+        - "s3-bucket-public-write-prohibited"
+```
 
 | Field             | Description                                                  | Scheme                                            | Required |
 | ----------------- | ------------------------------------------------------------ | ------------------------------------------------- | -------- |
@@ -31,14 +31,14 @@ Check if any AWS resources are failing AWS config rule checks.
 | `description` | Description for the check                                   | `string`                                     |          |
 | `icon`        | Icon for overwriting default icon on the dashboard          | `string`                                     |          |
 | `labels`      | Labels for check                                            | `map[string]string`                          |          |
-| `test`        | Evaluate whether a check is healthy                         | [`Expression`](/concepts/health-evaluation)  |          |
-| `display`     | Expression to change the formatting of the display          | [`Expression`](/concepts/display-formatting) |          |
-| `transform`   | Transform data from a check into multiple individual checks | [`Expression`](/concepts/transforms)          |          |
-| `metrics`     | Metrics to export from                                      | [`[]Metrics`](/concepts/metrics-exporter)    |          |
+| `test`        | Evaluate whether a check is healthy                         | [`Expression`](../concepts/health-evaluation)  |          |
+| `display`     | Expression to change the formatting of the display          | [`Expression`](../concepts/display-formatting) |          |
+| `transform`   | Transform data from a check into multiple individual checks | [`Expression`](../concepts/transforms)          |          |
+| `metrics`     | Metrics to export from                                      | [`[]Metrics`](../concepts/metrics-exporter)    |          |
 | **Connection**    |                                                              |                                                   |          |
-| `connection`      | Path of existing connection e.g. `connection://aws/instance` <br/>Mutually exclusive with `accessKey` <br/> <Commercial/> | [Connection](../concepts/connections)             |          |
-| `accessKey`       | Mutually exclusive with `connection`                         | [*EnvVar*](../../concepts/authentication/#envvar) | Yes      |
-| `secretKey`       | Mutually exclusive with `connection`                         | [*EnvVar*](../../concepts/authentication/#envvar) | Yes      |
+| `connection`      | Path of existing connection e.g. `connection://aws/instance` <br />Mutually exclusive with `accessKey` <br /> <Commercial /> | [Connection](../concepts/connections)             |          |
+| `accessKey`       | Mutually exclusive with `connection`                         | <CommonLink to="authentication" anchor="envvar">*EnvVar*</CommonLink> | Yes      |
+| `secretKey`       | Mutually exclusive with `connection`                         | <CommonLink to="authentication" anchor="envvar">*EnvVar*</CommonLink> | Yes      |
 | `endpoint`        | Custom AWS Config endpoint                                   | *string*                                          |          |
 | `region`          | AWS region                                                   | *string*                                          |          |
 | `skipTLSVerify`   | Skip TLS verify when connecting to AWS                       | *bool*                                            |          |
@@ -48,6 +48,7 @@ Check if any AWS resources are failing AWS config rule checks.
 There are 3 options when connecting to AWS:
 
 1. An AWS [instance profile](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) or [pod identity](https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html) (the default if no `connection` or `accessKey` is specified)
+
 2. `connection`, this is the recommended method, connections are reusable and secure
 
     ```yaml title="aws-connection.yaml"
@@ -64,7 +65,7 @@ There are 3 options when connecting to AWS:
             - "s3-bucket-public-read-prohibited"
     ```
 
-3. `accessKey` and `secretKey` [*EnvVar*](../../concepts/authentication/#envvar) with the credentials stored in a secret.
+3. `accessKey` and `secretKey` <CommonLink to="authentication" anchor="envvar">*EnvVar*</CommonLink> with the credentials stored in a secret.
 
     ```yaml title="aws.yaml"
     apiVersion: canaries.flanksource.com/v1

docs/canary-checker/docs/reference/aws-config.md → canary-checker/docs/reference/aws-config.mdx

@@ -2,7 +2,7 @@
 title: Aws Config
 ---
 
-# <Icon name="aws-config"/> AWS Config
+# <Icon name="aws-config" /> AWS Config
 
 AWS Config checks .
 
@@ -27,14 +27,14 @@ spec:
 | `description` | Description for the check                                   | `string`                                     |          |
 | `icon`        | Icon for overwriting default icon on the dashboard          | `string`                                     |          |
 | `labels`      | Labels for check                                            | `map[string]string`                          |          |
-| `test`        | Evaluate whether a check is healthy                         | [`Expression`](/concepts/health-evaluation)  |          |
-| `display`     | Expression to change the formatting of the display          | [`Expression`](/concepts/display-formatting) |          |
-| `transform`   | Transform data from a check into multiple individual checks | [`Expression`](/concepts/transforms)          |          |
-| `metrics`     | Metrics to export from                                      | [`[]Metrics`](/concepts/metrics-exporter)    |          |
+| `test`        | Evaluate whether a check is healthy                         | [`Expression`](../concepts/health-evaluation)  |          |
+| `display`     | Expression to change the formatting of the display          | [`Expression`](../concepts/display-formatting) |          |
+| `transform`   | Transform data from a check into multiple individual checks | [`Expression`](../concepts/transforms)          |          |
+| `metrics`     | Metrics to export from                                      | [`[]Metrics`](../concepts/metrics-exporter)    |          |
 | **Connection**   |                                                              |                                                   |          |
 | `connection`     | Path of existing connection e.g. `connection://aws/instance` Mutually exclusive with `accessKey`, `secretKey` | [Connection](../concepts/connections)             |          |
-| `accessKey`      | Mutually exclusive with `connection`                         | [*EnvVar*](../../concepts/authentication/#envvar) | Yes      |
-| `secretKey`      | Mutually exclusive with `connection`                         | [*EnvVar*](../../concepts/authentication/#envvar) | Yes      |
+| `accessKey`      | Mutually exclusive with `connection`                         | <CommonLink to="authentication" anchor="envvar">*EnvVar*</CommonLink> | Yes      |
+| `secretKey`      | Mutually exclusive with `connection`                         | <CommonLink to="authentication" anchor="envvar">*EnvVar*</CommonLink> | Yes      |
 | `endpoint`       | Custom AWS endpoint                                          | *string*                                          |          |
 | `region`         | AWS region                                                   | *string*                                          |          |
 | `skipTLSVerify`  | Skip TLS verify when connecting to AWS                       | *bool*                                            |          |
@@ -72,7 +72,7 @@ There are 3 options when connecting to AWS:
           query: "SELECT * FROM aws_config_rule"
     ```
 
-3. `accessKey` and `secretKey` [*EnvVar*](../../concepts/authentication/#envvar) with the credentials stored in a secret
+3. `accessKey` and `secretKey` <CommonLink to="authentication" anchor="envvar">*EnvVar*</CommonLink> with the credentials stored in a secret
 
     ```yaml title="aws-static.yaml"
     apiVersion: canaries.flanksource.com/v1

docs/canary-checker/docs/reference/azure-devops.md → canary-checker/docs/reference/azure-devops.mdx

@@ -2,9 +2,9 @@
 title: Azure DevOps
 ---
 
-# <Icon name="azure-devops"/> Azure Devops
+# <Icon name="azure-devops" /> Azure Devops
 
-<Standard/>
+    <Standard />
 
 Azure Devops checks for healthy pipeline runs.
 
@@ -40,10 +40,10 @@ spec:
 | `description` | Description for the check                                   | `string`                                     |          |
 | `icon`        | Icon for overwriting default icon on the dashboard          | `string`                                     |          |
 | `labels`      | Labels for check                                            | `map[string]string`                          |          |
-| `test`        | Evaluate whether a check is healthy                         | [`Expression`](/concepts/health-evaluation)  |          |
-| `display`     | Expression to change the formatting of the display          | [`Expression`](/concepts/display-formatting) |          |
-| `transform`   | Transform data from a check into multiple individual checks | [`Expression`](/concepts/transforms)          |          |
-| `metrics`     | Metrics to export from                                      | [`[]Metrics`](/concepts/metrics-exporter)    |          |
+| `test`        | Evaluate whether a check is healthy                         | [`Expression`](../concepts/health-evaluation)  |          |
+| `display`     | Expression to change the formatting of the display          | [`Expression`](../concepts/display-formatting) |          |
+| `transform`   | Transform data from a check into multiple individual checks | [`Expression`](../concepts/transforms)          |          |
+| `metrics`     | Metrics to export from                                      | [`[]Metrics`](../concepts/metrics-exporter)    |          |
 | **Connection**            |                                                              |                                                   |          |
-| `connection`              | Connection Name e.g. `connection://azuredevops/org` <br/>Mutually exclusive with `personalAccessToken` <br/><Commercial/> | `string`                                          |          |
-| **`personalAccessToken`** | Mutually exclusive with `connection`, See [Creating ADO PAT's](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows) | [*EnvVar*](../../concepts/authentication/#envvar) | true     |
+| `connection`              | Connection Name e.g. `connection://azuredevops/org` <br />Mutually exclusive with `personalAccessToken` <br /><Commercial /> | `string`                                          |          |
+| **`personalAccessToken`** | Mutually exclusive with `connection`, See [Creating ADO PAT's](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows) | <CommonLink to="authentication" anchor="envvar">*EnvVar*</CommonLink> | true     |