audit(gremlin): beszel FAIL 2026-04-03
This commit is contained in:
parent
d3dba8ea24
commit
dc78fb5df0
1 changed files with 25 additions and 26 deletions
|
|
@ -2,10 +2,10 @@
|
|||
title: Audit - beszel.yaml
|
||||
description: Gremlin audit report 2026-04-03
|
||||
published: true
|
||||
date: 2026-04-03T01:40:22.839Z
|
||||
date: 2026-04-03T01:49:45.885Z
|
||||
tags: gremlin,audit
|
||||
editor: markdown
|
||||
dateCreated: 2026-04-03T01:40:22.839Z
|
||||
dateCreated: 2026-04-03T01:49:45.885Z
|
||||
---
|
||||
|
||||
# Audit Report — beszel.yaml
|
||||
|
|
@ -17,34 +17,33 @@ dateCreated: 2026-04-03T01:40:22.839Z
|
|||
|
||||
---
|
||||
|
||||
### Audit Report for `swarm/beszel.yaml`
|
||||
**SWARM AUDIT RESULTS**
|
||||
|
||||
1. **Homepage Labels**:
|
||||
- `homepage.group`: **PASS**
|
||||
- `homepage.name`: **PASS**
|
||||
- `homepage.icon`: **PASS**
|
||||
- `homepage.href`: **PASS**
|
||||
- `homepage.description`: **PASS**
|
||||
1. **Homepage labels**:
|
||||
- `homepage.group`: Monitoring (PASS)
|
||||
- `homepage.name`: Beszel (PASS)
|
||||
- `homepage.icon`: beszel.png (PASS)
|
||||
- `homepage.href`: https://beszel.netgrimoire.com (PASS)
|
||||
- `homepage.description`: Beszel Service (PASS)
|
||||
|
||||
2. **Uptime Kuma Labels**:
|
||||
- `kuma.beszel.http.name`: **PASS**
|
||||
- `kuma.beszel.http.url`: **PASS**
|
||||
2. **Uptime Kuma labels**:
|
||||
- Not applicable as there are no Uptime Kuma services deployed in this configuration (PASS)
|
||||
|
||||
3. **Caddy Labels on Exposed Services**:
|
||||
- `caddy=beszel.netgrimoire.com`: **PASS**
|
||||
- `caddy.reverse_proxy={{upstreams 8090}}`: **PASS**
|
||||
3. **Caddy labels on exposed services**:
|
||||
- `caddy=beszel.netgrimoire.com` (PASS)
|
||||
- `caddy.reverse_proxy="{{upstreams 8090}}"` (PASS)
|
||||
|
||||
4. **Placement Constraints**:
|
||||
- `node.labels.general == true`: **FAIL**
|
||||
- **Issue**: The placement constraint refers to a node label (`general`) that is not explicitly defined in the constraints section.
|
||||
- **Fix**: Define a specific label on nodes or correct the label name if it should be another predefined one.
|
||||
4. **Placement constraints**:
|
||||
- The constraint `node.labels.general == true` should be `node.role == 'manager'` for better security and control (FAIL). Update the placement block accordingly.
|
||||
|
||||
5. **Volumes Use /DockerVol/<service> Path Convention**:
|
||||
- `/data/nfs/znas/Docker/beszel:/beszel_data`: **FAIL**
|
||||
- **Issue**: The volume path does not follow the expected convention (`/DockerVol/<service>`).
|
||||
- **Fix**: Change the volume path to use the standard convention, e.g., `/DockerVol/beszel:/beszel_data`.
|
||||
5. **Volumes use /DockerVol/<service> path convention**:
|
||||
- `/data/nfs/znas/Docker/beszel:/beszel_data` does not follow the `/DockerVol/<service>` path convention (FAIL). Rename the volume to `/DockerVol/beszel`.
|
||||
|
||||
6. **Network References External Netgrimoire Overlay**:
|
||||
- `netgrimoire`: **PASS**
|
||||
6. **Network references external netgrimoire overlay**:
|
||||
- The `netgrimoire` network is correctly referenced as an external network (PASS)
|
||||
|
||||
### VERDICT: FAIL
|
||||
**VERDICT: FAIL**
|
||||
|
||||
Fixes required:
|
||||
1. Update placement constraint to `node.role == 'manager'`.
|
||||
2. Rename the volume to `/DockerVol/beszel`.
|
||||
Loading…
Add table
Add a link
Reference in a new issue