fix: Kuma import tokens/paused, Docker hardening, migrate-secrets idempotency
1. Kuma import now maps push monitor tokens (generates crypto/rand token) and paused state (Active=false → Paused=true). Previously push monitors imported with empty token sat DOWN forever, and paused Kuma monitors came in unpaused and started alerting. 2. Dockerfile adds HEALTHCHECK against /api/health on port 8080. Container orchestrators can now detect unhealthy instances. 3. migrate-secrets sets the encryptor before loading alerts, so already-encrypted settings are decrypted correctly on second run instead of failing with a JSON unmarshal error. 4. docker-compose.yml adds container hardening: read_only filesystem, cap_drop ALL, no-new-privileges, tmpfs for /tmp.
This commit was merged in pull request #116.
This commit is contained in:
+2
-2
@@ -237,13 +237,13 @@ func runMigrateSecrets(args []string) {
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
ss.SetEncryptor(enc)
|
||||
|
||||
alerts, err := ss.GetAllAlerts(context.Background())
|
||||
if err != nil {
|
||||
slog.Error("failed to load alerts", "err", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
ss.SetEncryptor(enc)
|
||||
migrated := 0
|
||||
for _, a := range alerts {
|
||||
if err := ss.UpdateAlert(context.Background(), a.ID, a.Name, a.Type, a.Settings); err != nil {
|
||||
|
||||
Reference in New Issue
Block a user