├── README.md ├── build ├── Dockerfile ├── Makefile ├── config.yml ├── requirements.txt └── sentry.conf.py └── deploy └── k8s ├── 00namespace.yml ├── 10secrets.yml ├── 20web.yml ├── 30worker.yml └── 40cron.yml /README.md: -------------------------------------------------------------------------------- 1 | # Sentry on Kubernetes 2 | 3 | ## Quickstart 4 | 5 | First and foremost, shout out to the people at `sentry.io` for their project. I recommend forking and helping the community. 6 | 7 | ### Custom Image 8 | 9 | If you want to customize specific settings for your installation, build a custom `sentry` image by modifying the files `config.yml`, `Dockerfile` and `sentry.conf.py` in the `build` directory. 10 | 11 | Then, proceed to upload the custom image to your repository of choice, as following: 12 | 13 | ```bash 14 | REPOSITORY=some-repo/your-sentry make build push 15 | ``` 16 | 17 | If you don't want to build a custom image, you may use `script3r/sentry-k8s`. 18 | 19 | ### Prereqs 20 | 21 | You'll need to setup a `PostgreSQL` database with a user and database designated for `sentry`. 22 | 23 | You will also want to run the `sentry` migrations on it. For more details see https://docs.sentry.io/server/installation/docker/. 24 | 25 | ### Deploy to Kubernetes 26 | 27 | 28 | Modify the secrets file to contain the actual secrets used in the project. Make sure they're base64 encoded. For example, if your database name and database user are `sentry`, then your secrets file should contain: 29 | 30 | ```yaml 31 | dbName: c2VudHJ5 32 | dbUser: c2VudHJ5 33 | ``` 34 | 35 | To deploy to Kubernetes, simply type: 36 | 37 | ```bash 38 | kubectl apply -f deploy/k8s/ 39 | ``` 40 | 41 | Notice that this will create a namespace named `sentry`. Confirm the machines are up by typing: 42 | 43 | ```bash 44 | kubectl get pods -nsentry 45 | ``` 46 | 47 | You should see images for `web`, `worker` and `cron`. 48 | 49 | Enjoy! Your `sentry` is now exposed as a service `sentry-web-service` listening on port 80. It is recommended to front this with a TLS/SSL enabled proxy. 50 | 51 | 52 | ### TLS Notes 53 | 54 | Notice that by default, this setup script enables TLS/SSL by setting the environment variable `SENTRY_USE_SSL` to `1` in `20web.yml`. 55 | 56 | If you want to disable TLS (don't do it!), you may set this environment variable to `0`. 57 | -------------------------------------------------------------------------------- /build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM sentry:8.22-onbuild 2 | -------------------------------------------------------------------------------- /build/Makefile: -------------------------------------------------------------------------------- 1 | REPOSITORY?=sentry-onpremise 2 | TAG?=latest 3 | 4 | OK_COLOR=\033[32;01m 5 | NO_COLOR=\033[0m 6 | 7 | build: 8 | @echo "$(OK_COLOR)==>$(NO_COLOR) Building $(REPOSITORY):$(TAG)" 9 | @docker build --rm -t $(REPOSITORY):$(TAG) . 10 | 11 | $(REPOSITORY)_$(TAG).tar: build 12 | @echo "$(OK_COLOR)==>$(NO_COLOR) Saving $(REPOSITORY):$(TAG) > $@" 13 | @docker save $(REPOSITORY):$(TAG) > $@ 14 | 15 | push: build 16 | @echo "$(OK_COLOR)==>$(NO_COLOR) Pushing $(REPOSITORY):$(TAG)" 17 | @docker push $(REPOSITORY):$(TAG) 18 | 19 | all: build push 20 | 21 | .PHONY: all build push 22 | -------------------------------------------------------------------------------- /build/config.yml: -------------------------------------------------------------------------------- 1 | # While a lot of configuration in Sentry can be changed via the UI, for all 2 | # new-style config (as of 8.0) you can also declare values here in this file 3 | # to enforce defaults or to ensure they cannot be changed via the UI. For more 4 | # information see the Sentry documentation. 5 | 6 | ############### 7 | # Mail Server # 8 | ############### 9 | 10 | # mail.backend: 'smtp' # Use dummy if you want to disable email entirely 11 | # mail.host: 'localhost' 12 | # mail.port: 25 13 | # mail.username: '' 14 | # mail.password: '' 15 | # mail.use-tls: false 16 | # The email address to send on behalf of 17 | # mail.from: 'root@localhost' 18 | 19 | # If you'd like to configure email replies, enable this. 20 | # mail.enable-replies: false 21 | 22 | # When email-replies are enabled, this value is used in the Reply-To header 23 | # mail.reply-hostname: '' 24 | 25 | # If you're using mailgun for inbound mail, set your API key and configure a 26 | # route to forward to /api/hooks/mailgun/inbound/ 27 | # mail.mailgun-api-key: '' 28 | 29 | ################### 30 | # System Settings # 31 | ################### 32 | 33 | # If this file ever becomes compromised, it's important to regenerate your a new key 34 | # Changing this value will result in all current sessions being invalidated. 35 | # A new key can be generated with `$ sentry config generate-secret-key` 36 | # system.secret-key: 'changeme' 37 | 38 | # The ``redis.clusters`` setting is used, unsurprisingly, to configure Redis 39 | # clusters. These clusters can be then referred to by name when configuring 40 | # backends such as the cache, digests, or TSDB backend. 41 | # redis.clusters: 42 | # default: 43 | # hosts: 44 | # 0: 45 | # host: 127.0.0.1 46 | # port: 6379 47 | 48 | ################ 49 | # File storage # 50 | ################ 51 | 52 | # Uploaded media uses these `filestore` settings. The available 53 | # backends are either `filesystem` or `s3`. 54 | 55 | # filestore.backend: 'filesystem' 56 | # filestore.options: 57 | # location: '/tmp/sentry-files' 58 | 59 | # filestore.backend: 's3' 60 | # filestore.options: 61 | # access_key: 'AKIXXXXXX' 62 | # secret_key: 'XXXXXXX' 63 | # bucket_name: 's3-bucket-name' 64 | -------------------------------------------------------------------------------- /build/requirements.txt: -------------------------------------------------------------------------------- 1 | # Add plugins here 2 | -------------------------------------------------------------------------------- /build/sentry.conf.py: -------------------------------------------------------------------------------- 1 | # This file is just Python, with a touch of Django which means 2 | # you can inherit and tweak settings to your hearts content. 3 | 4 | # For Docker, the following environment variables are supported: 5 | # SENTRY_POSTGRES_HOST 6 | # SENTRY_POSTGRES_PORT 7 | # SENTRY_DB_NAME 8 | # SENTRY_DB_USER 9 | # SENTRY_DB_PASSWORD 10 | # SENTRY_RABBITMQ_HOST 11 | # SENTRY_RABBITMQ_USERNAME 12 | # SENTRY_RABBITMQ_PASSWORD 13 | # SENTRY_RABBITMQ_VHOST 14 | # SENTRY_REDIS_HOST 15 | # SENTRY_REDIS_PASSWORD 16 | # SENTRY_REDIS_PORT 17 | # SENTRY_REDIS_DB 18 | # SENTRY_MEMCACHED_HOST 19 | # SENTRY_MEMCACHED_PORT 20 | # SENTRY_FILESTORE_DIR 21 | # SENTRY_SERVER_EMAIL 22 | # SENTRY_EMAIL_HOST 23 | # SENTRY_EMAIL_PORT 24 | # SENTRY_EMAIL_USER 25 | # SENTRY_EMAIL_PASSWORD 26 | # SENTRY_EMAIL_USE_TLS 27 | # SENTRY_ENABLE_EMAIL_REPLIES 28 | # SENTRY_SMTP_HOSTNAME 29 | # SENTRY_MAILGUN_API_KEY 30 | # SENTRY_SINGLE_ORGANIZATION 31 | # SENTRY_SECRET_KEY 32 | # GITHUB_APP_ID 33 | # GITHUB_API_SECRET 34 | # BITBUCKET_CONSUMER_KEY 35 | # BITBUCKET_CONSUMER_SECRET 36 | from sentry.conf.server import * # NOQA 37 | 38 | import os 39 | import os.path 40 | 41 | CONF_ROOT = os.path.dirname(__file__) 42 | 43 | postgres = env('SENTRY_POSTGRES_HOST') or (env('POSTGRES_PORT_5432_TCP_ADDR') and 'postgres') 44 | if postgres: 45 | DATABASES = { 46 | 'default': { 47 | 'ENGINE': 'sentry.db.postgres', 48 | 'NAME': ( 49 | env('SENTRY_DB_NAME') 50 | or env('POSTGRES_ENV_POSTGRES_USER') 51 | or 'postgres' 52 | ), 53 | 'USER': ( 54 | env('SENTRY_DB_USER') 55 | or env('POSTGRES_ENV_POSTGRES_USER') 56 | or 'postgres' 57 | ), 58 | 'PASSWORD': ( 59 | env('SENTRY_DB_PASSWORD') 60 | or env('POSTGRES_ENV_POSTGRES_PASSWORD') 61 | or '' 62 | ), 63 | 'HOST': postgres, 64 | 'PORT': ( 65 | env('SENTRY_POSTGRES_PORT') 66 | or '' 67 | ), 68 | 'OPTIONS': { 69 | 'autocommit': True, 70 | }, 71 | }, 72 | } 73 | 74 | # You should not change this setting after your database has been created 75 | # unless you have altered all schemas first 76 | SENTRY_USE_BIG_INTS = True 77 | 78 | # If you're expecting any kind of real traffic on Sentry, we highly recommend 79 | # configuring the CACHES and Redis settings 80 | 81 | ########### 82 | # General # 83 | ########### 84 | 85 | # Instruct Sentry that this install intends to be run by a single organization 86 | # and thus various UI optimizations should be enabled. 87 | SENTRY_SINGLE_ORGANIZATION = env('SENTRY_SINGLE_ORGANIZATION', True) 88 | 89 | ######### 90 | # Redis # 91 | ######### 92 | 93 | # Generic Redis configuration used as defaults for various things including: 94 | # Buffers, Quotas, TSDB 95 | 96 | redis = env('SENTRY_REDIS_HOST') or (env('REDIS_PORT_6379_TCP_ADDR') and 'redis') 97 | if not redis: 98 | raise Exception('Error: REDIS_PORT_6379_TCP_ADDR (or SENTRY_REDIS_HOST) is undefined, did you forget to `--link` a redis container?') 99 | 100 | redis_password = env('SENTRY_REDIS_PASSWORD') or '' 101 | redis_port = env('SENTRY_REDIS_PORT') or '6379' 102 | redis_db = env('SENTRY_REDIS_DB') or '0' 103 | 104 | # handle the case of redis-sentinel 105 | if redis_port == '26379': 106 | from redis.sentinel import Sentinel 107 | 108 | redis_master = env('SENTRY_REDIS_MASTER') or 'mymaster' 109 | sentinel = Sentinel([(redis, redis_port),], socket_timeout=0.1) 110 | redis_host = sentinel.discover_master(redis_master) 111 | 112 | if not redis_host: 113 | raise Exception('Error: could not obtain redis master from sentinel') 114 | 115 | # select the primary 116 | redis = redis_host[0] 117 | redis_port = redis_host[1] 118 | 119 | SENTRY_OPTIONS.update({ 120 | 'redis.clusters': { 121 | 'default': { 122 | 'hosts': { 123 | 0: { 124 | 'host': redis, 125 | 'password': redis_password, 126 | 'port': redis_port, 127 | 'db': redis_db, 128 | }, 129 | }, 130 | }, 131 | }, 132 | }) 133 | 134 | ######### 135 | # Cache # 136 | ######### 137 | 138 | # Sentry currently utilizes two separate mechanisms. While CACHES is not a 139 | # requirement, it will optimize several high throughput patterns. 140 | 141 | memcached = env('SENTRY_MEMCACHED_HOST') or (env('MEMCACHED_PORT_11211_TCP_ADDR') and 'memcached') 142 | if memcached: 143 | memcached_port = ( 144 | env('SENTRY_MEMCACHED_PORT') 145 | or '11211' 146 | ) 147 | CACHES = { 148 | 'default': { 149 | 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 150 | 'LOCATION': [memcached + ':' + memcached_port], 151 | 'TIMEOUT': 3600, 152 | } 153 | } 154 | 155 | # A primary cache is required for things such as processing events 156 | SENTRY_CACHE = 'sentry.cache.redis.RedisCache' 157 | 158 | ######### 159 | # Queue # 160 | ######### 161 | 162 | # See https://docs.getsentry.com/on-premise/server/queue/ for more 163 | # information on configuring your queue broker and workers. Sentry relies 164 | # on a Python framework called Celery to manage queues. 165 | 166 | rabbitmq = env('SENTRY_RABBITMQ_HOST') or (env('RABBITMQ_PORT_5672_TCP_ADDR') and 'rabbitmq') 167 | 168 | if rabbitmq: 169 | BROKER_URL = ( 170 | 'amqp://' + ( 171 | env('SENTRY_RABBITMQ_USERNAME') 172 | or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_USER') 173 | or 'guest' 174 | ) + ':' + ( 175 | env('SENTRY_RABBITMQ_PASSWORD') 176 | or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_PASS') 177 | or 'guest' 178 | ) + '@' + rabbitmq + ':5672/' + ( 179 | env('SENTRY_RABBITMQ_VHOST') 180 | or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_VHOST') 181 | or '/' 182 | ) 183 | ) 184 | else: 185 | BROKER_URL = 'redis://:' + redis_password + '@' + redis + ':' + redis_port + '/' + redis_db 186 | 187 | 188 | ############### 189 | # Rate Limits # 190 | ############### 191 | 192 | # Rate limits apply to notification handlers and are enforced per-project 193 | # automatically. 194 | 195 | SENTRY_RATELIMITER = 'sentry.ratelimits.redis.RedisRateLimiter' 196 | 197 | ################## 198 | # Update Buffers # 199 | ################## 200 | 201 | # Buffers (combined with queueing) act as an intermediate layer between the 202 | # database and the storage API. They will greatly improve efficiency on large 203 | # numbers of the same events being sent to the API in a short amount of time. 204 | # (read: if you send any kind of real data to Sentry, you should enable buffers) 205 | 206 | SENTRY_BUFFER = 'sentry.buffer.redis.RedisBuffer' 207 | 208 | ########## 209 | # Quotas # 210 | ########## 211 | 212 | # Quotas allow you to rate limit individual projects or the Sentry install as 213 | # a whole. 214 | 215 | SENTRY_QUOTAS = 'sentry.quotas.redis.RedisQuota' 216 | 217 | ######## 218 | # TSDB # 219 | ######## 220 | 221 | # The TSDB is used for building charts as well as making things like per-rate 222 | # alerts possible. 223 | 224 | SENTRY_TSDB = 'sentry.tsdb.redis.RedisTSDB' 225 | 226 | ########### 227 | # Digests # 228 | ########### 229 | 230 | # The digest backend powers notification summaries. 231 | 232 | SENTRY_DIGESTS = 'sentry.digests.backends.redis.RedisBackend' 233 | 234 | ################ 235 | # File storage # 236 | ################ 237 | 238 | # Uploaded media uses these `filestore` settings. The available 239 | # backends are either `filesystem` or `s3`. 240 | 241 | SENTRY_OPTIONS['filestore.backend'] = 'filesystem' 242 | SENTRY_OPTIONS['filestore.options'] = { 243 | 'location': env('SENTRY_FILESTORE_DIR'), 244 | } 245 | 246 | ############## 247 | # Web Server # 248 | ############## 249 | 250 | # If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto 251 | # header and set `SENTRY_USE_SSL=1` 252 | 253 | if env('SENTRY_USE_SSL', False): 254 | SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') 255 | SESSION_COOKIE_SECURE = True 256 | CSRF_COOKIE_SECURE = True 257 | SOCIAL_AUTH_REDIRECT_IS_HTTPS = True 258 | 259 | SENTRY_WEB_HOST = '0.0.0.0' 260 | SENTRY_WEB_PORT = int(env('SENTRY_WEB_PORT', 9000)) 261 | SENTRY_WEB_OPTIONS = { 262 | 'workers': int(env('SENTRY_WEB_WORKERS', 3)), # the number of web workers 263 | } 264 | 265 | ############### 266 | # Mail Server # 267 | ############### 268 | 269 | 270 | email = env('SENTRY_EMAIL_HOST') or (env('SMTP_PORT_25_TCP_ADDR') and 'smtp') 271 | if email: 272 | SENTRY_OPTIONS['mail.backend'] = 'smtp' 273 | SENTRY_OPTIONS['mail.host'] = email 274 | SENTRY_OPTIONS['mail.password'] = env('SENTRY_EMAIL_PASSWORD') or '' 275 | SENTRY_OPTIONS['mail.username'] = env('SENTRY_EMAIL_USER') or '' 276 | SENTRY_OPTIONS['mail.port'] = int(env('SENTRY_EMAIL_PORT') or 25) 277 | SENTRY_OPTIONS['mail.use-tls'] = env('SENTRY_EMAIL_USE_TLS', False) 278 | else: 279 | SENTRY_OPTIONS['mail.backend'] = 'dummy' 280 | 281 | # The email address to send on behalf of 282 | SENTRY_OPTIONS['mail.from'] = env('SENTRY_SERVER_EMAIL') or 'root@localhost' 283 | 284 | # If you're using mailgun for inbound mail, set your API key and configure a 285 | # route to forward to /api/hooks/mailgun/inbound/ 286 | SENTRY_OPTIONS['mail.mailgun-api-key'] = env('SENTRY_MAILGUN_API_KEY') or '' 287 | 288 | # If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES 289 | if SENTRY_OPTIONS['mail.mailgun-api-key']: 290 | SENTRY_OPTIONS['mail.enable-replies'] = True 291 | else: 292 | SENTRY_OPTIONS['mail.enable-replies'] = env('SENTRY_ENABLE_EMAIL_REPLIES', False) 293 | 294 | if SENTRY_OPTIONS['mail.enable-replies']: 295 | SENTRY_OPTIONS['mail.reply-hostname'] = env('SENTRY_SMTP_HOSTNAME') or '' 296 | 297 | # If this value ever becomes compromised, it's important to regenerate your 298 | # SENTRY_SECRET_KEY. Changing this value will result in all current sessions 299 | # being invalidated. 300 | secret_key = env('SENTRY_SECRET_KEY') 301 | if not secret_key: 302 | raise Exception('Error: SENTRY_SECRET_KEY is undefined, run `generate-secret-key` and set to -e SENTRY_SECRET_KEY') 303 | 304 | if 'SENTRY_RUNNING_UWSGI' not in os.environ and len(secret_key) < 32: 305 | print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') 306 | print('!! CAUTION !!') 307 | print('!! Your SENTRY_SECRET_KEY is potentially insecure. !!') 308 | print('!! We recommend at least 32 characters long. !!') 309 | print('!! Regenerate with `generate-secret-key`. !!') 310 | print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') 311 | 312 | SENTRY_OPTIONS['system.secret-key'] = secret_key 313 | 314 | if 'GITHUB_APP_ID' in os.environ: 315 | GITHUB_EXTENDED_PERMISSIONS = ['repo'] 316 | GITHUB_APP_ID = env('GITHUB_APP_ID') 317 | GITHUB_API_SECRET = env('GITHUB_API_SECRET') 318 | 319 | if 'BITBUCKET_CONSUMER_KEY' in os.environ: 320 | BITBUCKET_CONSUMER_KEY = env('BITBUCKET_CONSUMER_KEY') 321 | BITBUCKET_CONSUMER_SECRET = env('BITBUCKET_CONSUMER_SECRET') 322 | -------------------------------------------------------------------------------- /deploy/k8s/00namespace.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: sentry 6 | -------------------------------------------------------------------------------- /deploy/k8s/10secrets.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: sentrysecrets 6 | namespace: sentry 7 | type: Opaque 8 | data: 9 | secretKey: 10 | dbName: 11 | dbUser: 12 | dbHost: 13 | dbPassword: 14 | emailHost: 15 | emailUseTLS: 16 | emailSender: 17 | redisHost: 18 | redisPassword: 19 | redisDb: 20 | redisPort: 21 | memcachedHost: 22 | memcachedPort: 23 | rabbitmqPort: 24 | rabbitmqUsername: 25 | rabbitmqPassword: 26 | rabbitmqVhost: 27 | -------------------------------------------------------------------------------- /deploy/k8s/20web.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: sentry-web 6 | namespace: sentry 7 | labels: 8 | app: sentry-web 9 | spec: 10 | replicas: 3 11 | selector: 12 | matchLabels: 13 | app: sentry-web 14 | template: 15 | metadata: 16 | namespace: sentry 17 | labels: 18 | app: sentry-web 19 | spec: 20 | containers: 21 | - name: sentry-web 22 | image: docker.mia.ulti.io/globalsecurity/sentry:latest 23 | imagePullPolicy: Always 24 | args: ['run', 'web'] 25 | env: 26 | - name: SENTRY_SECRET_KEY 27 | valueFrom: 28 | secretKeyRef: 29 | name: sentrysecrets 30 | key: secretKey 31 | - name: SENTRY_DB_NAME 32 | valueFrom: 33 | secretKeyRef: 34 | name: sentrysecrets 35 | key: dbName 36 | - name: SENTRY_DB_USER 37 | valueFrom: 38 | secretKeyRef: 39 | name: sentrysecrets 40 | key: dbUser 41 | - name: SENTRY_DB_PASSWORD 42 | valueFrom: 43 | secretKeyRef: 44 | name: sentrysecrets 45 | key: dbPassword 46 | - name: SENTRY_POSTGRES_HOST 47 | valueFrom: 48 | secretKeyRef: 49 | name: sentrysecrets 50 | key: dbHost 51 | - name: SENTRY_POSTGRES_PORT 52 | valueFrom: 53 | secretKeyRef: 54 | name: sentrysecrets 55 | key: dbPort 56 | - name: SENTRY_EMAIL_HOST 57 | valueFrom: 58 | secretKeyRef: 59 | name: sentrysecrets 60 | key: emailHost 61 | - name: SENTRY_EMAIL_USE_TLS 62 | valueFrom: 63 | secretKeyRef: 64 | name: sentrysecrets 65 | key: emailUseTLS 66 | - name: SENTRY_SERVER_EMAIL 67 | valueFrom: 68 | secretKeyRef: 69 | name: sentrysecrets 70 | key: emailSender 71 | - name: SENTRY_REDIS_HOST 72 | valueFrom: 73 | secretKeyRef: 74 | name: sentrysecrets 75 | key: redisHost 76 | - name: SENTRY_REDIS_PORT 77 | valueFrom: 78 | secretKeyRef: 79 | name: sentrysecrets 80 | key: redisPort 81 | - name: SENTRY_MEMCACHED_HOST 82 | valueFrom: 83 | secretKeyRef: 84 | name: sentrysecrets 85 | key: memcachedHost 86 | - name: SENTRY_MEMCACHED_PORT 87 | valueFrom: 88 | secretKeyRef: 89 | name: sentrysecrets 90 | key: memcachedPort 91 | - name: SENTRY_RABBITMQ_HOST 92 | valueFrom: 93 | secretKeyRef: 94 | name: sentrysecrets 95 | key: rabbitmqHost 96 | - name: SENTRY_RABBITMQ_USERNAME 97 | valueFrom: 98 | secretKeyRef: 99 | name: sentrysecrets 100 | key: rabbitmqUsername 101 | - name: SENTRY_RABBITMQ_PASSWORD 102 | valueFrom: 103 | secretKeyRef: 104 | name: sentrysecrets 105 | key: rabbitmqPassword 106 | - name: SENTRY_RABBITMQ_VHOST 107 | valueFrom: 108 | secretKeyRef: 109 | name: sentrysecrets 110 | key: rabbitmqVhost 111 | - name: SENTRY_USE_SSL 112 | value: "1" 113 | - name: SENTRY_WEB_PORT 114 | value: "8000" 115 | - name: SENTRY_WEB_WORKERS 116 | value: "3" 117 | ports: 118 | - containerPort: 8000 119 | --- 120 | kind: Service 121 | apiVersion: v1 122 | metadata: 123 | name: sentry-web-service 124 | namespace: sentry 125 | spec: 126 | selector: 127 | app: sentry-web 128 | ports: 129 | - protocol: TCP 130 | port: 80 131 | targetPort: 8000 132 | -------------------------------------------------------------------------------- /deploy/k8s/30worker.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: sentry-worker 6 | namespace: sentry 7 | labels: 8 | app: sentry-worker 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: sentry-worker 14 | template: 15 | metadata: 16 | namespace: sentry 17 | labels: 18 | app: sentry-worker 19 | spec: 20 | containers: 21 | - name: sentry-worker 22 | image: docker.mia.ulti.io/globalsecurity/sentry:latest 23 | imagePullPolicy: Always 24 | args: ['run', 'worker'] 25 | env: 26 | - name: SENTRY_SECRET_KEY 27 | valueFrom: 28 | secretKeyRef: 29 | name: sentrysecrets 30 | key: secretKey 31 | - name: SENTRY_DB_NAME 32 | valueFrom: 33 | secretKeyRef: 34 | name: sentrysecrets 35 | key: dbName 36 | - name: SENTRY_DB_USER 37 | valueFrom: 38 | secretKeyRef: 39 | name: sentrysecrets 40 | key: dbUser 41 | - name: SENTRY_DB_PASSWORD 42 | valueFrom: 43 | secretKeyRef: 44 | name: sentrysecrets 45 | key: dbPassword 46 | - name: SENTRY_POSTGRES_HOST 47 | valueFrom: 48 | secretKeyRef: 49 | name: sentrysecrets 50 | key: dbHost 51 | - name: SENTRY_POSTGRES_PORT 52 | valueFrom: 53 | secretKeyRef: 54 | name: sentrysecrets 55 | key: dbPort 56 | - name: SENTRY_EMAIL_HOST 57 | valueFrom: 58 | secretKeyRef: 59 | name: sentrysecrets 60 | key: emailHost 61 | - name: SENTRY_EMAIL_USE_TLS 62 | valueFrom: 63 | secretKeyRef: 64 | name: sentrysecrets 65 | key: emailUseTLS 66 | - name: SENTRY_SERVER_EMAIL 67 | valueFrom: 68 | secretKeyRef: 69 | name: sentrysecrets 70 | key: emailSender 71 | - name: SENTRY_REDIS_HOST 72 | valueFrom: 73 | secretKeyRef: 74 | name: sentrysecrets 75 | key: redisHost 76 | - name: SENTRY_REDIS_PORT 77 | valueFrom: 78 | secretKeyRef: 79 | name: sentrysecrets 80 | key: redisPort 81 | - name: SENTRY_MEMCACHED_HOST 82 | valueFrom: 83 | secretKeyRef: 84 | name: sentrysecrets 85 | key: memcachedHost 86 | - name: SENTRY_MEMCACHED_PORT 87 | valueFrom: 88 | secretKeyRef: 89 | name: sentrysecrets 90 | key: memcachedPort 91 | - name: SENTRY_RABBITMQ_HOST 92 | valueFrom: 93 | secretKeyRef: 94 | name: sentrysecrets 95 | key: rabbitmqHost 96 | - name: SENTRY_RABBITMQ_USERNAME 97 | valueFrom: 98 | secretKeyRef: 99 | name: sentrysecrets 100 | key: rabbitmqUsername 101 | - name: SENTRY_RABBITMQ_PASSWORD 102 | valueFrom: 103 | secretKeyRef: 104 | name: sentrysecrets 105 | key: rabbitmqPassword 106 | - name: SENTRY_RABBITMQ_VHOST 107 | valueFrom: 108 | secretKeyRef: 109 | name: sentrysecrets 110 | key: rabbitmqVhost 111 | -------------------------------------------------------------------------------- /deploy/k8s/40cron.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: sentry-cron 6 | namespace: sentry 7 | labels: 8 | app: sentry-cron 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: sentry-cron 14 | template: 15 | metadata: 16 | namespace: sentry 17 | labels: 18 | app: sentry-cron 19 | spec: 20 | containers: 21 | - name: sentry-cron 22 | image: docker.mia.ulti.io/globalsecurity/sentry:latest 23 | imagePullPolicy: Always 24 | args: ['run', 'cron'] 25 | env: 26 | - name: SENTRY_SECRET_KEY 27 | valueFrom: 28 | secretKeyRef: 29 | name: sentrysecrets 30 | key: secretKey 31 | - name: SENTRY_DB_NAME 32 | valueFrom: 33 | secretKeyRef: 34 | name: sentrysecrets 35 | key: dbName 36 | - name: SENTRY_DB_USER 37 | valueFrom: 38 | secretKeyRef: 39 | name: sentrysecrets 40 | key: dbUser 41 | - name: SENTRY_DB_PASSWORD 42 | valueFrom: 43 | secretKeyRef: 44 | name: sentrysecrets 45 | key: dbPassword 46 | - name: SENTRY_POSTGRES_HOST 47 | valueFrom: 48 | secretKeyRef: 49 | name: sentrysecrets 50 | key: dbHost 51 | - name: SENTRY_POSTGRES_PORT 52 | valueFrom: 53 | secretKeyRef: 54 | name: sentrysecrets 55 | key: dbPort 56 | - name: SENTRY_EMAIL_HOST 57 | valueFrom: 58 | secretKeyRef: 59 | name: sentrysecrets 60 | key: emailHost 61 | - name: SENTRY_EMAIL_USE_TLS 62 | valueFrom: 63 | secretKeyRef: 64 | name: sentrysecrets 65 | key: emailUseTLS 66 | - name: SENTRY_SERVER_EMAIL 67 | valueFrom: 68 | secretKeyRef: 69 | name: sentrysecrets 70 | key: emailSender 71 | - name: SENTRY_REDIS_HOST 72 | valueFrom: 73 | secretKeyRef: 74 | name: sentrysecrets 75 | key: redisHost 76 | - name: SENTRY_REDIS_PORT 77 | valueFrom: 78 | secretKeyRef: 79 | name: sentrysecrets 80 | key: redisPort 81 | - name: SENTRY_MEMCACHED_HOST 82 | valueFrom: 83 | secretKeyRef: 84 | name: sentrysecrets 85 | key: memcachedHost 86 | - name: SENTRY_MEMCACHED_PORT 87 | valueFrom: 88 | secretKeyRef: 89 | name: sentrysecrets 90 | key: memcachedPort 91 | - name: SENTRY_RABBITMQ_HOST 92 | valueFrom: 93 | secretKeyRef: 94 | name: sentrysecrets 95 | key: rabbitmqHost 96 | - name: SENTRY_RABBITMQ_USERNAME 97 | valueFrom: 98 | secretKeyRef: 99 | name: sentrysecrets 100 | key: rabbitmqUsername 101 | - name: SENTRY_RABBITMQ_PASSWORD 102 | valueFrom: 103 | secretKeyRef: 104 | name: sentrysecrets 105 | key: rabbitmqPassword 106 | - name: SENTRY_RABBITMQ_VHOST 107 | valueFrom: 108 | secretKeyRef: 109 | name: sentrysecrets 110 | key: rabbitmqVhost 111 | --------------------------------------------------------------------------------