Change TrackingΒΆ

These actions were built for tracking changes in your cluster

Git change auditΒΆ

Playbook Action: git_change_audit

Audit Kubernetes resources from the cluster to Git as yaml files (cluster/namespace/resources hierarchy). Monitor resource changes and save it to a dedicated Git repository.

Using this audit repository, you can easily detect unplanned changes on your clusters.

Add this to your Robusta configuration (Helm values.yaml):

customPlaybooks:
- actions:
  - git_change_audit:
      cluster_name: string
      git_key: '********'
      git_url: git@github.com:arikalon1/robusta-audit.git
  triggers:
  - on_kubernetes_any_resource_all_changes: {}

The above is an example. Try customizing the trigger and parameters.

required:
cluster_name (str)

This cluster name. Changes will be audited under this cluster name.

git_url (str)

Audit Git repository url.

git_key (str)

Git repository deployment key with write access. To set this up generate a private/public key pair for GitHub.

optional:
ignored_changes (str list)

List of changes that shouldn't be audited.

Deployment status reportΒΆ

Playbook Action: deployment_status_report

Collect predefined grafana panels screenshots, after a deployment change. The report will be generated in intervals, as configured in the 'delays' parameter. When the report is ready, it will be sent to the configured sinks.

Make sure to set 'grafanaRenderer.enableContainer' to 'true' in the values yaml to use this action.

Add this to your Robusta configuration (Helm values.yaml):

customPlaybooks:
- actions:
  - deployment_status_report:
      delays:
      - 1
      - 1
      grafana_api_key: '********'
      reports_panel_urls:
      - http://MY_GRAFANA/d-solo/SOME_OTHER_DASHBOARD/.../?orgId=1&from=now-1h&to=now&panelId=3
  triggers:
  - on_deployment_update: {}

The above is an example. Try customizing the trigger and parameters.

required:
grafana_api_key (str)

Grafana API key.

delays (int list)

List of seconds intervals in which to generate this report.

Specifying [60, 60] will generate this report twice, after 60 seconds and 120 seconds after the change.

reports_panel_urls (str list)

List of panel urls included in this report.

it's highly recommended to put relative time arguments, rather then absolute. i.e. from=now-1h&to=now

optional:
report_name (str) = Deployment change report

The name of the report.

fields_to_monitor (str list) = ['image']

List of yaml attributes to monitor. Any field that contains one of these strings will match.

Add deployment lines to grafanaΒΆ

Playbook Action: add_deployment_lines_to_grafana

Add annotations to Grafana when a Kubernetes resource is updated and the image tags change.

Supports Deployments, ReplicaSets, DaemonSets, StatefulSets, Jobs, and Pods

Add this to your Robusta configuration (Helm values.yaml):

customPlaybooks:
- actions:
  - add_deployment_lines_to_grafana:
      grafana_api_key: '********'
      grafana_dashboard_uid: 09ec8aa1e996d6ffcd6817bbaff4db1b
      grafana_url: http://grafana.namespace.svc
  triggers:
  - on_deployment_update: {}

The above is an example. Try customizing the trigger and parameters.

required:
grafana_api_key (str)

grafana key with write permissions.

grafana_dashboard_uid (str)

dashboard ID as it appears in the dashboard's url

optional:
grafana_url (str)

http(s) url of grafana or None for autodetection of an in-cluster grafana

grafana_dashboard_panel (str)

when present, annotations will be added only to panels with this text in their title.

cluster_name (str)

written as one of the annotation's tags

cluster_zone (str)
custom_tags (str list)

custom tags to add to the annotation

Resource babysitterΒΆ

Playbook Action: resource_babysitter

Track changes to a k8s resource. Send the diff as a finding

Add this to your Robusta configuration (Helm values.yaml):

customPlaybooks:
- actions:
  - resource_babysitter: {}
  triggers:
  - on_deployment_update: {}

The above is an example. Try customizing the trigger and parameters.

optional:
ignored_namespaces (str list)

List of namespaces to ignore