diff --git a/aws-msa-reference/lma/site-values.yaml b/aws-msa-reference/lma/site-values.yaml index 1558e0b..a39b182 100644 --- a/aws-msa-reference/lma/site-values.yaml +++ b/aws-msa-reference/lma/site-values.yaml @@ -337,7 +337,26 @@ charts: for: 30m labels: severity: critical - + - alert: policy-audited + annotations: + Checkpoint: 정책위반이 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }}) + description: 클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반이 발생했습니다. 메시지 - {{ $labels.violation_msg }} + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system', violation_enforcement='warn'} == 1 + for: 1m + labels: + severity: critical + - alert: policy-blocked + annotations: + Checkpoint: "정책위반이 시도가 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }})" + description: "클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반 시도가 발생했습니다. 메시지 - {{ $labels.violation_msg }}" + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) 시도 + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system',violation_enforcement=''} == 1 + for: 1m + labels: + severity: critical - name: thanos-config override: objectStorage: diff --git a/aws-reference/lma/site-values.yaml b/aws-reference/lma/site-values.yaml index 1558e0b..4ba03b3 100644 --- a/aws-reference/lma/site-values.yaml +++ b/aws-reference/lma/site-values.yaml @@ -337,7 +337,27 @@ charts: for: 30m labels: severity: critical - + - alert: policy-audited + annotations: + Checkpoint: 정책위반이 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }}) + description: 클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반이 발생했습니다. 메시지 - {{ $labels.violation_msg }} + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system', violation_enforcement='warn'} == 1 + for: 1m + labels: + severity: critical + - alert: policy-blocked + annotations: + Checkpoint: "정책위반이 시도가 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }})" + description: "클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반 시도가 발생했습니다. 메시지 - {{ $labels.violation_msg }}" + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) 시도 + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system',violation_enforcement=''} == 1 + for: 1m + labels: + severity: critical + - name: thanos-config override: objectStorage: diff --git a/byoh-reference/lma/site-values.yaml b/byoh-reference/lma/site-values.yaml index 166c147..3974685 100644 --- a/byoh-reference/lma/site-values.yaml +++ b/byoh-reference/lma/site-values.yaml @@ -345,6 +345,26 @@ charts: for: 30m labels: severity: critical + - alert: policy-audited + annotations: + Checkpoint: 정책위반이 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }}) + description: 클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반이 발생했습니다. 메시지 - {{ $labels.violation_msg }} + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system', violation_enforcement='warn'} == 1 + for: 1m + labels: + severity: critical + - alert: policy-blocked + annotations: + Checkpoint: "정책위반이 시도가 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }})" + description: "클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반 시도가 발생했습니다. 메시지 - {{ $labels.violation_msg }}" + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) 시도 + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system',violation_enforcement=''} == 1 + for: 1m + labels: + severity: critical - name: thanos-config override: diff --git a/eks-msa-reference/lma/site-values.yaml b/eks-msa-reference/lma/site-values.yaml index 7c2430a..baff9e8 100644 --- a/eks-msa-reference/lma/site-values.yaml +++ b/eks-msa-reference/lma/site-values.yaml @@ -338,6 +338,26 @@ charts: for: 30m labels: severity: critical + - alert: policy-audited + annotations: + Checkpoint: 정책위반이 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }}) + description: 클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반이 발생했습니다. 메시지 - {{ $labels.violation_msg }} + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system', violation_enforcement='warn'} == 1 + for: 1m + labels: + severity: critical + - alert: policy-blocked + annotations: + Checkpoint: "정책위반이 시도가 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }})" + description: "클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반 시도가 발생했습니다. 메시지 - {{ $labels.violation_msg }}" + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) 시도 + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system',violation_enforcement=''} == 1 + for: 1m + labels: + severity: critical - name: thanos-config override: diff --git a/eks-reference/lma/site-values.yaml b/eks-reference/lma/site-values.yaml index 7c2430a..baff9e8 100644 --- a/eks-reference/lma/site-values.yaml +++ b/eks-reference/lma/site-values.yaml @@ -338,6 +338,26 @@ charts: for: 30m labels: severity: critical + - alert: policy-audited + annotations: + Checkpoint: 정책위반이 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }}) + description: 클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반이 발생했습니다. 메시지 - {{ $labels.violation_msg }} + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system', violation_enforcement='warn'} == 1 + for: 1m + labels: + severity: critical + - alert: policy-blocked + annotations: + Checkpoint: "정책위반이 시도가 발생하였습니다.({{ $labels.kind }} / {{ $labels.name }})" + description: "클러스터 ( {{ $labels.taco_cluster }})의 자원({{ $labels.violating_kind }} - {{ $labels.violating_namespace }} / {{ $labels.violating_nam }})에서 정책({{ $labels.kind }} / {{ $labels.name }})위반 시도가 발생했습니다. 메시지 - {{ $labels.violation_msg }}" + discriminative: $labels.kind,$labels.name,$labels.taco_cluster,$labels.violating_kind,$labels.violating_name,$labels.violating_namespace,$labels.violation_msg + message: 정책 위반({{ $labels.kind }} / {{ $labels.name }}) 시도 + expr: opa_scorecard_constraint_violations{namespace!='kube-system|taco-system|gatekeeper-system',violation_enforcement=''} == 1 + for: 1m + labels: + severity: critical - name: thanos-config override: