红帽全球峰会第 5 章 Integrating by using generic webhooks
With Red Hat Advanced Cluster Security for Kubernetes, you can send alert notifications as JSON messages to any webhook receiver. When a violation occurs, Red Hat Advanced Cluster Security for Kubernetes makes an HTTP POST request on the configured URL. The POST request body includes JSON-formatted information about the alert.
The webhook POST request’s JSON data includes a v1.Alert object and any custom fields that you configure, as shown in the following example:
{
"alert": {
"id": "<id>",
"time": "<timestamp>",
"policy": {
"name": "<name>",
...
},
...
},
"<custom_field_1>": "<custom_value_1>"
}You can create multiple webhooks. For example, you can create one webhook for receiving all audit logs and another webhook for alert notifications.
To forward alerts from Red Hat Advanced Cluster Security for Kubernetes to any webhook receiver:
- Set up a webhook URL to receive alerts.
- Use the webhook URL to set up notifications in Red Hat Advanced Cluster Security for Kubernetes.
- Identify the policies you want to send notifications for, and update the notification settings for those policies.
5.1. Configuring integrations by using webhooks
Create a new integration in Red Hat Advanced Cluster Security for Kubernetes by using the webhook URL.
Procedure
-
In the RHACS portal, go to Platform Configuration
Integrations. - Scroll down to the Notifier Integrations section and select Generic Webhook.
- Click New integration.
- Enter a name for Integration name.
- Enter the webhook URL in the Endpoint field.
If your webhook receiver uses an untrusted certificate, enter a CA certificate in the CA certificate field. Otherwise, leave it blank.
注意The server certificate used by the webhook receiver must be valid for the endpoint DNS name. You can click Skip TLS verification to ignore this validation. Red Hat does not suggest turning off TLS verification. Without TLS verification, data could be intercepted by an unintended recipient.
Optional: Click Enable audit logging to receive alerts about all the changes made in Red Hat Advanced Cluster Security for Kubernetes.
注意Red Hat suggests using separate webhooks for alerts and audit logs to handle these messages differently.
To authenticate with the webhook receiver, enter details for one of the following:
- Username and Password for basic HTTP authentication
-
Custom Header, for example:
Authorization: Bearer <access_token>
-
Use Extra fields to include additional key-value pairs in the JSON object that Red Hat Advanced Cluster Security for Kubernetes sends. For example, if your webhook receiver accepts objects from multiple sources, you can add
"source": "rhacs"as an extra field and filter on this value to identify all alerts from Red Hat Advanced Cluster Security for Kubernetes. - Select Test to send a test message to verify that the integration with your generic webhook is working.
- Select Save to create the configuration.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}