K3S-HOME/observability
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c8095a1dbd94242990d1a2d73b824cd442fdd54
observability/alertmanager/vault/alertmanager-secrets.yaml
Mayne0213 2c8095a1db FIX(alertmanager): alertmanager smtp auth by 
- loading config from secret
- Add ExternalSecret to generate alertmanager.yml with SMTP password
  from Vault
- Disable helm chart config (ConfigMap) and use extraSecretMounts
  instead
- Fixes "535 5.7.8 Error: authentication failed" SMTP error
2026-01-05 00:40:01 +09:00

83 lines
2.3 KiB
YAML
Raw Blame History

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: alertmanager-smtp
namespace: alertmanager
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: alertmanager-smtp
creationPolicy: Owner
data:
- secretKey: smtp_auth_password
remoteRef:
key: monitoring/alertmanager
property: SMTP_PASSWORD
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: alertmanager-config
namespace: alertmanager
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: alertmanager-config
creationPolicy: Owner
template:
engineVersion: v2
data:
alertmanager.yml: |
global:
resolve_timeout: 5m
smtp_smarthost: "smtp.mail.me.com:587"
smtp_from: "bluemayne0213@icloud.com"
smtp_auth_username: "bluemayne0213@icloud.com"
smtp_auth_password: "{{ .smtp_password }}"
smtp_require_tls: true
route:
group_by: ["alertname", "cluster", "service"]
group_wait: 30s
group_interval: 5m
repeat_interval: 4h
receiver: "email"
routes:
- match:
severity: critical
receiver: "email"
group_wait: 10s
repeat_interval: 1h
- match:
severity: warning
receiver: "email"
group_wait: 1m
repeat_interval: 4h
- match:
alertname: Watchdog
receiver: "null"
receivers:
- name: "email"
email_configs:
- to: "bluemayne0213@icloud.com"
send_resolved: true
headers:
subject: "[{{ "{{" }} .Status | toUpper {{ "}}" }}] {{ "{{" }} .CommonLabels.alertname {{ "}}" }}"
- name: "null"
inhibit_rules:
- source_match:
severity: "critical"
target_match:
severity: "warning"
equal: ["alertname", "cluster", "service"]
data:
- secretKey: smtp_password
remoteRef:
key: monitoring/alertmanager
property: SMTP_PASSWORD
Reference in New Issue View Git Blame Copy Permalink