Creating a blacklist configuration in Prometheus/Alertmanger that allow excluding individual hosts and/or host/service combinations from creating alerts, e.g.:
blacklist_endpoints:
name: blacklisted_URLs
host: "test_URL"
labels: <label>
The above URLs should not create alerts no matter if it present in some other rules, In other words, These should be the priority if matching here.
Any Idea will be useful or any approach which we can take for achieving this.
Related
Is it possible to do a dynamic routing with a nginx ingress controller? By dynamic I mean based on the url I need to strip and fetch a value from the url and route based on that value. Let me know how if it’s possible. If it’s not possible with nginx controller , let me know any other way in which this is possible. Appreciate any help.
Ingress controllers are based on Ingress objects. Kubernetes objects definitions are static by nature (so we could version control them).
From what I gathered in the comments, when a user requests domain.com/foo they will be redirected to their instance of your app ? You will need a source to get the updated info.
I could see 2 ways of doing that:
Edit the ingress object manually or programmatically (using helm or some other templating software)
Make a dedicated app using a persistent database and trigger redirections from there: domain.com/* -> redirect app -> `user app. This way you can control your users list as you want.
It depends if the end user will stay on domain.com/user or if they get redirected to another unique domain. I would need more info to discuss that.
Attach tags to your services and let Traefik do the rest!
https://docs.traefik.io/routing/providers/consul-catalog/
I guess this could be very close to what you want to acheeve.
Best of luck!
Dynamic routing with Ambassador Header-based Routing
Ambassador is another Envoy-based solution. It has free and commercial versions. Ambassador is described as a «Kubernetes-native API gateway for microservices» and it brings corresponding benefits — such as the tight integration with the primitives of K8s. Having a pack of features you’d expect from an Ingress controller, it can also be used with a variety of service mesh solutions (Consul, Linkerd, Istio).
The headers Annotation
The headers attribute is a dictionary of header: value pairs. Ambassador Edge Stack will only allow requests that match the specified header: value pairs to reach the target service.
You can also set the value of a header to true to test for the existence of a header.
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: user-header-based-routing
spec:
prefix: /backend/
service: userA
headers:
x-authenticated-user: userA
...
My aim is to add additional fields to the searching parameters for the internal search - I have amended ExamineIndex.config to index the new property:
<IndexSet SetName="InternalIndexSet" IndexPath="~/App_Data/TEMP/ExamineIndexes/Internal/">
<IndexUserFields>
<add Name="briefing"/>
</IndexUserFields>
</IndexSet>
However, after rebuilding the internal index, it seems as though the internal search is only using the node name.
Is it possible to search multiple properties with the internal search?
You are quite right - the Content and Media searches only take into account the Node Name, along with a path restriction if the current user has a starting node specified.
Member search also includes the following additional fields:
email
loginName
As a reference, see the implementation here:
https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/Editors/EntityController.cs#L227-L283
If you want to implement a custom search, you'd have to create a plugin or dashboard that would allow you to implement the search features you want.
For some ideas, checkout the MemberListView project (which uses custom examine searching to populate the list): https://github.com/robertjf/umbMemberListView
I am interested in the possibility of providing a set of validation rules for user input values.
So for example a textbox called 'Today' might require a rule that looks something like
IsADate() and (Value >= Date())
My problem is that nobody can tell me what rules are needed. In order to deliver a solution I need users to be able to decide for themselves what rules they want.
It occurred to me I could create a database table containing a separate field for each input - each field having a user-definable check constraint and data type, but this is too limiting (in terms of how many rules I can define)
I could allow the users a UI which would effectively allow them to provide a where clause which then executes a select count(*) from dual where <plugin logic>
And then I started to think I am just database-obsessed.
Any thoughts?
I did something similar using application code and business logic. If you create a token parser based on some of your common business objects that you can load and evaluate for various views or forms then you can start to create a collection of custom variables.
#Date.CurrentDate
#Date.LastQuarter
#Customer.LastInvoiceNumber
#Customer.ZipCode
#Customer.MaxNumberOfOrderItems
If you expose your tokens in a list of rules for a particular field you can build a custom component that will let users build expressions like.
Value [ Greater Than ] [ #Customer.LastOrderNumber ] [ AND ]
Value [ Starts With ] [ #Customer.CustomerID ]
In my opinion this would be more flexible than using sql for validation.
If users have limited of Delphi / Pascal syntax knowledge, a quick solution is to let them create the validation as a pascal function, and use TJvInterpreter from JCL library.
Easy to use, simple to implement, that's a good work around !
Reference:
http://jvcl.delphi-jedi.org/JvInterpreter.htm
I am trying to get JVM metrics from my application, which runs three instances, with three separate JVMs. I can see the different data that I am interested in in the New Relic dashboard, on the Monitoring -> JVMs tab. I can also get the information I want for one of those JVMs, by hitting the REST API like so:
% curl -gH "x-api-key:KEY" 'https://api.newrelic.com/api/v1/applications/APPID/data.xml?metrics%5B%5D=GC%2FPS%20Scavenge&field=time_percentage&begin=T1&end=T2'
(I've replaced the values of some fields, but this is the full form of my request.)
I get a response including a long list of elements like this:
<metric name="GC/PS Scavenge" begin="T1" end="T2" app="MYAPP" agent_id="AGENTID">
<field name="time_percentage">0.018822634485032824</field>
</metric>
All of the metric elements include the same agent_id fields, and I never specified which agent to use. How can I either:
get metrics for all agents
specify which agent I am interested in (so I can send multiple requests, one for each JVM)
agent_id can be a particular JVM instance, and while you can't request for multiple agents at once you can request metrics for a single JVM.
You can get the JVM's agent_id in one of two ways:
1) an API call to
https://api.newrelic.com/api/v1/accounts/:account_id/applications/:app_id/instances.xml
2) browse to the JVM in the New Relic user interface (use the 'JVM' drop-down at the top right after you select your app), then grab the ID from the URL.
The ID will look something like [account_id]_i2043442
Some data is not available broken down by JVM, most notably a call to threshold_values.xml won't work if the agent_id isn't an application.
full documentation of the V1 API: http://newrelic.github.io/newrelic_api/
In our LDAP directory, we have users, who are mapped to groups. Those groups may be mapped to other groups. For example:
cn=group1,cn=groups,dc=example,dc=com
uniquemember cn=user1,cn=user,dc=example,dc=com
cn=group2,cn=groups,dc=example,dc=com
uniquemember cn=user2,cn=user,dc=example,dc=com
uniquemember cn=group1,cn=user,dc=example,dc=com
So User1 belongs to Group1, but User2 belongs to Group2, which in turn belongs to Group1
Within Grails, User1 has authority to Group1, but User2 only has authority to Group2. From what I've seen, there is no way to cause it to recursively look at the tree. Realistically, I probably only need a 2 level hierarchy, but even that doesn't seem to work.
I'm attempting to work through the Custom UserDetailsContextManager to see if I can iterate over the initial results and re-query LDAP by group, but I thought I'd see if there was an easier/better way.
You probably already saw this, but this is from the documentation:
// If you don't want to support group membership recursion (groups in groups), then use the following setting
// grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}' // Active Directory specific
// If you wish to support groups with group as members (recursive groups), use the following
grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = '(member:1.2.840.113556.1.4.1941:={0})' // Active Directory specific
http://grails-plugins.github.com/grails-spring-security-ldap/docs/manual/guide/2.%20Usage.html
Oracle OID has a product-specific extension for traversing the hierarchy, known as CONNECT_BY, which has LDAP OID 2.16.840.1.113894.1.8.3 . You can add this as a request control to ask the server to connect/follow hierarchies according to an attribute you specify. This can be done using both a Java LDAP client program, or using something like OpenLDAP ldapsearch, although the set-up is a little tricky.
If you want to use Java to follow the hierarchy, this page contains a sample program which shows how to setup the required javax.naming.ldap.Control implementation class, in this case named ConnectByControl.
You can also perform this sort of hierarchical search using ldapsearch, but it requires some preparation and implied understanding of the required control value, as the value is concatenated then base64-encoded. The value is in two-parts - the follow-me depth (0=unlimited), followed by the connect-by attribute name (in this case, uniquemember is the desired name). Set the baseDN in your query to the entry where you want to start the hierarchical search.
ldapsearch -H ldap://myoidserver.mycompany.com:389 -e 2.16.840.1.113894.1.8.3=MBECAQAEDHVuaXF1ZW1lbWJlcg== -b cn=some_group_containing_groups_nested_by_uniquemember,cn=some_groups,dc=mycompany,dc=com "(objectClass=*)" dn uniquemember
The -e 2.16.840.1.113894.1.8.3= adds the CONNECT_BY request control. The value, MBECAQAEDHVuaXF1ZW1lbWJlcg==, is ASN.1 BER-encoded then base64-encoded value 0uniquemember, for the depth and attribute-name mentioned above. This will print first the dn for cn=some_group_containing_groups_nested_by_uniquemember,... and its direct (user) uniquemembers, then each uniquemember will be "connected" or followed. If that entry itself has a set of uniquemember, i.e. it is a nested group, the process will continue until leaf/user entries are reached that have no nested uniquemembers.