Extends the prom/alertmanager
image and includes a8m/envsubst
to provide
environment substitation.
This is intended to be used with https://github.com/coreos/prometheus-operator (hence it's Kubernetes specific).
Alertmanager does not provide an easy way to substitute secrets into its configuration file.
Various receivers require credentials to authenticate. We want to commit alertmanager configs to Git, but we don't want to commit the credentials (at least not in the same file).
The Alertmanager CRD supports mounting of both secrets
and configmaps
.
configMaps: ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/.
secrets: Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.
You must create a ConfigMap
named alertmanager
containing the config to be templated.
This must be added to the configMaps
option in the CRD.
You must create 1 or more secrets and add them to the secrets
option in the CRD.
Example:
kubectl create secret generic alertmanager \
--from-literal=TEAM_DB_API_KEY=foo \
--from-literal=TEAM_X_API_KEY=foo \
--from-literal=TEAM_Y_API_KEY=foo --dry-run -o yaml
You can test this locally with the example ./configmaps
and ./secrets
directories in this repo.
docker run \
-v $(pwd)/configmaps:/etc/alertmanager/configmaps \
-v $(pwd)/secrets:/etc/alertmanager/secrets
mintel/docker-alertmanager