Initial functionality of both argusd and argus-controller.
diff --git a/docs/docs/arguswatcher/index.html b/docs/docs/arguswatcher/index.html
index ef32616..716133a 100644
--- a/docs/docs/arguswatcher/index.html
+++ b/docs/docs/arguswatcher/index.html
@@ -14,9 +14,9 @@
-
+
+{"description":"Once you have Argus installed on your cluster, you are ready to start setting up watchers for your deployments. All possible configurations of the how, and what, of setting up an ArgusWatcher on your deployments are described below.","@type":"BlogPosting","url":"/argus/docs/arguswatcher/","headline":"Defining an ArgusWatcher","datePublished":"2018-11-30T16:26:38-05:00","dateModified":"2018-11-30T16:26:38-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"/argus/docs/arguswatcher/"},"@context":"http://schema.org"}
diff --git a/docs/docs/examples/index.html b/docs/docs/examples/index.html
index 128b667..c08198f 100644
--- a/docs/docs/examples/index.html
+++ b/docs/docs/examples/index.html
@@ -14,9 +14,9 @@
-
+
+{"description":"Topics","@type":"BlogPosting","url":"/argus/docs/examples/","headline":"Examples","datePublished":"2018-11-30T16:26:38-05:00","dateModified":"2018-11-30T16:26:38-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"/argus/docs/examples/"},"@context":"http://schema.org"}
@@ -128,19 +128,69 @@
Whether you’re running a vanilla Kubernetes cluster with minikube, or in a
+cloud-provided one such as GKE, we provide a set of examples to test out
+Argus located in the examples/
+folder of the
+GitHub repo.
+
+
NGiNX Example
+
+
kubectl run nginx --image=nginx
+kubectl apply -f\
+ https://raw.githubusercontent.com/clustergarage/argus/master/examples/nginx-argus-watch.yaml
+
+
+
This is a basic example of monitoring two different paths for a single event.
+The watcher spec has a single subject that watches:
If you were to change any of the files under /etc/nginx it would notify on
+that modify message.
+
+
You could also edit this watcher and update the paths to include
+/var/log/nginx. This should update the watcher, that you can then exec into
+the container to generate some messages:
Another interesting test to try is to edit the ArgusWatcher
+definition
+with recursive: true on the subject to receive all events that happen under
+subdirectories of the specified paths as well. For example, editing the
+/etc/nginx/conf.d/default.conf once it is watching recursively would report
+messages when it previously would have not.
The “Hello World” of Kubernetes deployments can be monitored fairly easily.
+Since this creates both a backend and frontend deployment with differing
+labels, we’ll need to create two watchers as well.
-
kubectl run nginx --image=nginx
-kubectl apply -f\
- https://raw.githubusercontent.com/clustergarage/argus/master/examples/nginx-argus-watch.yaml
+
The frontend matches on labels: app=guestbook,tier=frontend with a subject:
+
+
paths:
+-/var/www/html
+events:
+-modify
+
The backend matches on labels: app=redis,tier=backend with a subject:
+
+
paths:
+-/data
+events:
+-create
+-modify
+
+
+
The Redis app that runs in this backend container will create and modify
+various data objects as it goes. We can see these being monitored as they
+happen as a simple test.
+
OpenShift
+
With an OpenShift cluster, we provide some slightly different examples, though
+the watcher definition is completely environment-agnostic. These are also
+located under the examples/
+folder of the
+GitHub repo.
Another basic example, for OpenShift specifically, to test the same kind of
+watchers you would be doing above in regular Kubernetes environments, simply
+watching a path for multiple events:
This advanced example combines a Jenkins deployment with an NGiNX sidecar, so
+multiple containers are running in a single pod. This will allow us to still
+define our watchers the same way, which will attempt to monitor specified paths
+in each of the containers. If that container does not have that path, e.g.
+Jenkins’ container will not have an /etc/nginx path to watch, so it will
+ignore it.
+
+
In addition to multiple containers running in this pod, we set up multiple
+subjects, one dealing with modify events on files/folders we would not want
+to see any changes happen to (such as password and secrets files):
The other subject will recursively watch a well-known Jenkins directory for
+open events, ignoring a set of paths we wouldn’t care to monitor, and tacking
+on a custom tag on each message (foo=bar).
diff --git a/docs/docs/getting-started/index.html b/docs/docs/getting-started/index.html
index df05e1f..d561f12 100644
--- a/docs/docs/getting-started/index.html
+++ b/docs/docs/getting-started/index.html
@@ -14,9 +14,9 @@
-
+
+{"description":"Argus works by configuring a custom Kubernetes resource that defines paths and events that you want to be notified about for your current deployments. This custom resource, in conjunction with a cluster controller running and listening for lifecycle events, is responsible for maintaining a source of truth between the state of the cluster and the daemons listening for filesystem events on each node.","@type":"BlogPosting","url":"/argus/docs/getting-started/","headline":"Getting Started","datePublished":"2018-11-30T16:26:38-05:00","dateModified":"2018-11-30T16:26:38-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"/argus/docs/getting-started/"},"@context":"http://schema.org"}
diff --git a/docs/docs/monitoring/index.html b/docs/docs/monitoring/index.html
index 882de54..3968ff5 100644
--- a/docs/docs/monitoring/index.html
+++ b/docs/docs/monitoring/index.html
@@ -14,9 +14,9 @@
-
+
+{"description":"Once you have ArgusWatchers defined, you’re ready to start monitoring for notify events; perhaps you’ll even want to set up alerts on high priority events. There are generic logfiles included in both apps, and we provide out-of-the-box metrics handling with Prometheus so you’ll be able to receive time-series data that you can immediately monitor. Ultimately, it will be up to you to use your logging framework of choice to monitor the way you’re used to doing.","@type":"BlogPosting","url":"/argus/docs/monitoring/","headline":"Monitoring Watches","datePublished":"2018-11-30T16:26:38-05:00","dateModified":"2018-11-30T16:26:38-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"/argus/docs/monitoring/"},"@context":"http://schema.org"}
diff --git a/docs/docs/overview/index.html b/docs/docs/overview/index.html
index da70fc9..86183d6 100644
--- a/docs/docs/overview/index.html
+++ b/docs/docs/overview/index.html
@@ -14,9 +14,9 @@
-
+
+{"description":"Argus is a set of custom Kubernetes resources that facilitates filesystem event monitoring on specified paths. It provides a rich set of configurations to run alongside your existing Kubernetes deployments to make it easy to denote assessment-ready file integrity monitoring.","@type":"BlogPosting","url":"/argus/docs/overview/","headline":"Overview","datePublished":"2018-11-30T16:26:38-05:00","dateModified":"2018-11-30T16:26:38-05:00","mainEntityOfPage":{"@type":"WebPage","@id":"/argus/docs/overview/"},"@context":"http://schema.org"}
diff --git a/docs/feed.xml b/docs/feed.xml
index c329706..abf5831 100644
--- a/docs/feed.xml
+++ b/docs/feed.xml
@@ -1 +1 @@
-Jekyll2018-11-30T15:21:57-05:00/argus/ArgusFile Integrity Monitoring for Kubernetes
\ No newline at end of file
+Jekyll2018-11-30T16:26:38-05:00/argus/ArgusFile Integrity Monitoring for Kubernetes
\ No newline at end of file
diff --git a/examples/sidecar/sidecar-argus-watch.yaml b/examples/sidecar/sidecar-argus-watch.yaml
index 85b93de..db85cbc 100644
--- a/examples/sidecar/sidecar-argus-watch.yaml
+++ b/examples/sidecar/sidecar-argus-watch.yaml
@@ -9,16 +9,14 @@ spec:
matchLabels:
app: jenkins
subjects:
- - events:
- - modify
- paths:
+ - paths:
- /var/lib/jenkins/password
- /var/lib/jenkins/secret.key
- /var/lib/jenkins/secrets
- /etc/nginx
- - events:
- - open
- paths:
+ events:
+ - modify
+ - paths:
- /var/lib/jenkins
ignore:
- .groovy
@@ -26,4 +24,8 @@ spec:
- .pki
- plugins
- war
+ events:
+ - open
recursive: true
+ tags:
+ foo: bar
diff --git a/jekyll/_data/changelog.yml b/jekyll/_data/changelog.yml
index 2f88d2c..f9101ff 100644
--- a/jekyll/_data/changelog.yml
+++ b/jekyll/_data/changelog.yml
@@ -15,7 +15,7 @@
argus-controller.
- Updated definitions for using insecure or secure options.
- title: v0.1.0
- label: Release
+ label: Pre-Release
date: 10/10/2018
list:
- Initial functionality of both argusd and argus-controller.
diff --git a/jekyll/_docs/examples.md b/jekyll/_docs/examples.md
index c702f71..83410fb 100644
--- a/jekyll/_docs/examples.md
+++ b/jekyll/_docs/examples.md
@@ -12,6 +12,60 @@ tags: examples
## Kubernetes
+Whether you're running a vanilla Kubernetes cluster with minikube, or in a
+cloud-provided one such as GKE, we provide a set of examples to test out
+Argus located in the [examples/
+folder](https://github.com/clustergarage/argus/tree/master/examples) of the
+GitHub repo.
+
+### NGiNX Example
+
+```shell
+kubectl run nginx --image=nginx
+kubectl apply -f \
+ https://raw.githubusercontent.com/clustergarage/argus/master/examples/nginx-argus-watch.yaml
+```
+
+This is a basic example of monitoring two different paths for a single event.
+The watcher spec has a single subject that watches:
+
+```yaml
+paths:
+- /etc/nginx
+- /etc/init.d/nginx
+events:
+- modify
+```
+
+If you were to change any of the files under `/etc/nginx` it would notify on
+that `modify` message.
+
+You could also edit this watcher and update the `paths` to include
+`/var/log/nginx`. This should update the watcher, that you can then exec into
+the container to generate some messages:
+
+```shell
+$ kubectl exec -it -- /bin/bash
+
+root@:/# echo "test" >> /var/log/nginx/foo.log
+```
+
+This will create a new log file and generate a `MODIFY` event that will show up
+in the `argusd` logs:
+
+```shell
+$ kubectl logs
+
+MODIFY file '/var/log/nginx/foo.log' (:)
+```
+
+Another interesting test to try is to edit the [ArgusWatcher
+definition]({{site.baseurl}}/docs/arguswatcher/#recursively-watching-a-directory)
+with `recursive: true` on the subject to receive all events that happen under
+subdirectories of the specified paths as well. For example, editing the
+`/etc/nginx/conf.d/default.conf` once it is watching recursively would report
+messages when it previously would have not.
+
### Guestbook Example
```shell
@@ -21,16 +75,41 @@ kubectl apply -f \
https://raw.githubusercontent.com/clustergarage/argus/master/examples/guestbook-argus-watch.yaml
```
-### NGiNX Example
+The "Hello World" of Kubernetes deployments can be monitored fairly easily.
+Since this creates both a backend and frontend deployment with differing
+labels, we'll need to create two watchers as well.
-```shell
-kubectl run nginx --image=nginx
-kubectl apply -f \
- https://raw.githubusercontent.com/clustergarage/argus/master/examples/nginx-argus-watch.yaml
+The frontend matches on labels: `app=guestbook,tier=frontend` with a subject:
+
+```yaml
+paths:
+- /var/www/html
+events:
+- modify
+```
+
+The backend matches on labels: `app=redis,tier=backend` with a subject:
+
+```yaml
+paths:
+- /data
+events:
+- create
+- modify
```
+The Redis app that runs in this backend container will create and modify
+various data objects as it goes. We can see these being monitored as they
+happen as a simple test.
+
## OpenShift
+With an OpenShift cluster, we provide some slightly different examples, though
+the watcher definition is completely environment-agnostic. These are also
+located under the [examples/
+folder](https://github.com/clustergarage/argus/tree/master/examples) of the
+GitHub repo.
+
### Django Example
```shell
@@ -39,7 +118,19 @@ oc apply -f \
https://raw.githubusercontent.com/clustergarage/argus/master/examples/djangoex-argus-watch.yaml
```
-### Jenkins Sidecar Example
+Another basic example, for OpenShift specifically, to test the same kind of
+watchers you would be doing above in regular Kubernetes environments, simply
+watching a path for multiple events:
+
+```yaml
+paths:
+- /opt/app-root
+events:
+- create
+- modify
+```
+
+### Jenkins Sidecar Example (Advanced)
```shell
oc apply -f \
@@ -48,3 +139,51 @@ oc apply -f \
https://raw.githubusercontent.com/clustergarage/argus/master/examples/sidecar/sidecar-argus-watch.yaml
```
+This advanced example combines a Jenkins deployment with an NGiNX sidecar, so
+multiple containers are running in a single pod. This will allow us to still
+define our watchers the same way, which will attempt to monitor specified paths
+in each of the containers. If that container does not have that path, e.g.
+Jenkins' container will not have an `/etc/nginx` path to watch, so it will
+ignore it.
+
+In addition to multiple containers running in this pod, we set up multiple
+subjects, one dealing with `modify` events on files/folders we would not want
+to see any changes happen to (such as password and secrets files):
+
+```yaml
+paths:
+- /var/lib/jenkins/password
+- /var/lib/jenkins/secret.key
+- /var/lib/jenkins/secrets
+- /etc/nginx
+events:
+- modify
+```
+
+The other subject will recursively watch a well-known Jenkins directory for
+`open` events, ignoring a set of paths we wouldn't care to monitor, and tacking
+on a custom tag on each message (`foo=bar`).
+
+```yaml
+paths:
+- /var/lib/jenkins
+ignore:
+- .groovy
+- .java
+- .pki
+- plugins
+- war
+events:
+- open
+recursive: true
+tags:
+ foo: bar
+```
+
+Messages generated with this custom tag will look similar to this:
+
+```shell
+$ oc logs
+
+OPEN file '/var/lib/jenkins//' (:) foo=bar
+```
diff --git a/jekyll/_docs/getting-started.md b/jekyll/_docs/getting-started.md
index e6832b0..38aff17 100644
--- a/jekyll/_docs/getting-started.md
+++ b/jekyll/_docs/getting-started.md
@@ -199,4 +199,4 @@ suspect you may be having problems not recorded there, open a detailed issue
with all steps and pertinent information about your cluster setup.
If you wish to contact us directly, use the form located on the
-[Contact]({{ site.baseurl }}/contact/) page.
+[Contact]({{site.baseurl}}/contact/) page.
diff --git a/jekyll/_docs/monitoring.md b/jekyll/_docs/monitoring.md
index 13f5f3f..70a2267 100644
--- a/jekyll/_docs/monitoring.md
+++ b/jekyll/_docs/monitoring.md
@@ -5,7 +5,7 @@ subtitle: Set up monitoring and alerts of watchers
tags: monitoring arguswatcher
---
-Once you have [ArgusWatchers]({{ site.baseurl }}/docs/arguswatcher/) defined,
+Once you have [ArgusWatchers]({{site.baseurl}}/docs/arguswatcher/) defined,
you're ready to start monitoring for notify events; perhaps you'll even want to
set up alerts on high priority events. There are generic logfiles included in
both apps, and we provide out-of-the-box metrics handling with