第33关 使用gin开发webhook转发服务，实现prometheus和falco的钉钉、企业微信、飞书报警发送

------> 课程视频同步分享在今日头条和B站

大家好，我是博哥爱运维。
出这期视频，也是为了给第30关的falco公开课补一个坑，关于falco报警这块这期将补上，同时，对于这个gin开发的webhook服务源码这块，计划是放在后面运维golang开发课程里面再分享出来会比较好，毕竟这个需要一些golang开发语言的基础。

支持的镜像，为了方便大家下载使用，特地在阿里云注册一个个人镜像仓库:

registry.cn-beijing.aliyuncs.com/bogeit/boge-webhook:1.0

docker容器化运行

docker run -d\--name boge-webhook \-p9999:9999 \-eTZ="Asia/Shanghai"\
  registry.cn-beijing.aliyuncs.com/bogeit/boge-webhook:1.0 \-webhook https://open.feishu.cn/open-apis/bot/v2/hook/xxxxxxxxxxxxxxxxxxx \-port9999\-filters"serviceA,DeadMansSnitch"

k8s运行

apiVersion: v1
kind: Service
metadata:name: boge-webhook
  labels:app: boge-webhook
    model: falco
spec:ports:-port:80protocol: TCP
    targetPort:9999type: ClusterIP
  selector:app: boge-webhook
    model: falco

---apiVersion: apps/v1
kind: Deployment
metadata:labels:app: boge-webhook
    model: falco
  name: boge-webhook
spec:replicas:1selector:matchLabels:app: boge-webhook
      model: falco
  template:metadata:labels:app: boge-webhook
        model: falco
    spec:containers:-name: boge-webhook
        image: registry.cn-beijing.aliyuncs.com/bogeit/boge-webhook:1.0env:-name: TZ
            value: Asia/Shanghai
        ports:-containerPort:9999args:--webhook
          -"https://open.feishu.cn/open-apis/bot/v2/hook/xxxxxxxxxxxxxxxxxxx"--port
          -"9999"--filters
          -"serviceA,DeadMansSnitch"# 对于falco，filters白名单字段只填pod名称开头关键词是匹配所有ns，填namespace_pod开头关键词是匹配指定ns里面的服务

测试接口

# curl 10.0.1.201:9999/status{"msg":"ok"}# curl -X POST -H 'Content-type: application/json' -d '{"name": "boge","titlea": "'"$(id)"'", "texta": "'"$(whoami)--$(hostname)"'"}' 10.0.1.201:9999/b01bdc063/boge/getjson# 查看webhook后端服务日志# docker logs boge-webhook[GIN-debug][WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug][WARNING] Running in"debug" mode. Switch to "release" mode in production.
 - using env:   exportGIN_MODE=release
 - using code:  gin.SetMode(gin.ReleaseMode)[GIN-debug] GET    /status                   --> main.MyWebServer.func1 (3 handlers)[GIN-debug] POST   /b01bdc063/boge/getjson   --> main.MyWebServer.func2 (3 handlers)[GIN-debug] POST   /7332f19/prometheus/dingtalk --> main.MyWebServer.func3 (3 handlers)[GIN-debug] POST   /1bdc0637/prometheus/feishu --> main.MyWebServer.func4 (3 handlers)[GIN-debug] POST   /5e00fc1a/prometheus/weixin --> main.MyWebServer.func5 (3 handlers)[GIN-debug] POST   /3c1e8/falcon/feishu      --> main.MyWebServer.func6 (3 handlers)[GIN-debug] POST   /3c1e8/falcon/dingtalk    --> main.MyWebServer.func7 (3 handlers)[GIN-debug] POST   /3c1e8/falcon/weixin      --> main.MyWebServer.func8 (3 handlers)[GIN-debug][WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.[GIN-debug] Listening and serving HTTP on :9999
{"name":"boge","titlea":"uid=0(root) gid=0(root) groups=0(root)", "texta":"root--boge"}[GIN]2024/04/02 - 17:45:50 |200|78.745µs |10.0.1.201 | POST     "/b01bdc063/boge/getjson"

编辑 falco 服务的 webhook 接收配置

falco相关内容可以查看博哥之前分享的文档：
https://blog.csdn.net/weixin_46887489/article/details/135758197

# 配置 falcosidekick 报警输出的 webhook 地址:

kubectl -n falco edit secrets falco-falcosidekick
  #在下面配置(内容是base64编码 http://10.0.1.201:9999/3c1e8/falcon/feishu)
  WEBHOOK_ADDRESS: aaHR0cDovLzEwLjAuMS4yMDE6OTk5OS8zYzFlOC9mYWxjb24vZmVpc2h1Cg==

编辑 prometheus 服务的 webhook 接收配置

http://10.0.1.201:9999/1bdc0637/prometheus/feishu
详细配置见博哥之前讲解的 prometheus发送报警的文档:
https://blog.csdn.net/weixin_46887489/article/details/135612462

大家有什么问题，可以找博哥进技术交流群里面交流，目前群已接近400人，想进群趁早