Change Tracking

These actions were built for tracking changes in your cluster

Git change audit

Playbook Action: git_change_audit

Description

Audit Kubernetes resources from the cluster to Git as yaml files (cluster/namespace/resources hierarchy). Monitor resource changes and save it to a dedicated Git repository.

Using this audit repository, you can easily detect unplanned changes on your clusters.

Example Config

Add this to your Robusta configuration (Helm values.yaml):

customPlaybooks:
- actions:
  - git_change_audit:
      cluster_name: string
      git_key: '********'
      git_url: git@github.com:arikalon1/robusta-audit.git
  triggers:
  - on_kubernetes_any_resource_all_changes: {}

The above is an example. Try customizing the trigger and parameters.

Parameters

required:

cluster_name (str)

This cluster name. Changes will be audited under this cluster name.

git_url (str)

Audit Git repository url.

git_key (str)

Git repository deployment key with write access. To set this up generate a private/public key pair for GitHub.

optional:

ignored_changes (str list)

List of changes that shouldn't be audited.

Supported Triggers

• on_kubernetes_any_resource_all_changes

• on_kubernetes_any_resource_create

• on_kubernetes_any_resource_delete

• on_kubernetes_any_resource_update

Or any other inheriting trigger. See Trigger-Action Compatibility for details

Deployment status report

Playbook Action: deployment_status_report

Description

Collect predefined grafana panels screenshots, after a deployment change. The report will be generated in intervals, as configured in the 'delays' parameter. When the report is ready, it will be sent to the configured sinks.

Make sure to set 'grafanaRenderer.enableContainer' to 'true' in the values yaml to use this action.

Example Config

Add this to your Robusta configuration (Helm values.yaml):

customPlaybooks:
- actions:
  - deployment_status_report:
      delays:
      - 1
      - 1
      grafana_api_key: '********'
      reports_panel_urls:
      - http://MY_GRAFANA/d-solo/SOME_OTHER_DASHBOARD/.../?orgId=1&from=now-1h&to=now&panelId=3
  triggers:
  - on_deployment_update: {}

The above is an example. Try customizing the trigger and parameters.

Parameters

required:

grafana_api_key (str)

Grafana API key.

delays (int list)

List of seconds intervals in which to generate this report. Specifying [60, 60] will generate this report twice, after 60 seconds and 120 seconds after the change.

reports_panel_urls (str list)

List of panel urls included in this report. it's highly recommended to put relative time arguments, rather then absolute. i.e. from=now-1h&to=now

optional:

report_name (str) = Deployment change report

The name of the report.

fields_to_monitor (str list) = ['image']

List of yaml attributes to monitor. Any field that contains one of these strings will match.

Supported Triggers

• on_deployment_all_changes

• on_deployment_create

• on_deployment_delete

• on_deployment_update

Add deployment lines to grafana

Playbook Action: add_deployment_lines_to_grafana

Description

Add annotations to Grafana when a Kubernetes resource is updated and the image tags change.

Supports Deployments, ReplicaSets, DaemonSets, StatefulSets, Jobs, and Pods

Example Config

Add this to your Robusta configuration (Helm values.yaml):

customPlaybooks:
- actions:
  - add_deployment_lines_to_grafana:
      grafana_api_key: '********'
      grafana_dashboard_uid: 09ec8aa1e996d6ffcd6817bbaff4db1b
      grafana_url: http://grafana.namespace.svc
  triggers:
  - on_deployment_update: {}

The above is an example. Try customizing the trigger and parameters.

Parameters

required:

grafana_api_key (str)

grafana key with write permissions.

grafana_dashboard_uid (str)

dashboard ID as it appears in the dashboard's url

optional:

grafana_url (str)

http(s) url of grafana or None for autodetection of an in-cluster grafana

grafana_dashboard_panel (str)

when present, annotations will be added only to panels with this text in their title.

cluster_name (str)

written as one of the annotation's tags

cluster_zone (str)

custom_tags (str list)

custom tags to add to the annotation

Supported Triggers

• on_deployment_update

• on_kubernetes_any_resource_all_changes

• on_kubernetes_any_resource_create

• on_kubernetes_any_resource_delete

• on_kubernetes_any_resource_update

Or any other inheriting trigger. See Trigger-Action Compatibility for details

Resource babysitter

Playbook Action: resource_babysitter

Description

Track changes to a k8s resource. Send the diff as a finding

Example Config

Add this to your Robusta configuration (Helm values.yaml):

customPlaybooks:
- actions:
  - resource_babysitter: {}
  triggers:
  - on_deployment_update: {}

The above is an example. Try customizing the trigger and parameters.

Parameters

optional:

fields_to_monitor (str list) = ['spec']

List of yaml attributes to monitor. Any field that contains one of these strings will match.

omitted_fields (str list) = ['status', 'metadata.generation', 'metadata.resourceVersion', 'metadata.managedFields', 'spec.replicas']

List of yaml attributes changes to ignore.

ignored_namespaces (str list)

List of namespaces to ignore

Supported Triggers

• on_deployment_update

• on_kubernetes_any_resource_all_changes

• on_kubernetes_any_resource_create

• on_kubernetes_any_resource_delete

• on_kubernetes_any_resource_update

Or any other inheriting trigger. See Trigger-Action Compatibility for details