From a230873614331b62cc49fdb7656a7f29957702f3 Mon Sep 17 00:00:00 2001
From: michaeljguarino <mguarino46@gmail.com>
Date: Thu, 7 Sep 2023 11:04:08 -0400
Subject: [PATCH] feat: Add support for alertmanager silence operator (#839)

* Add support for alertmanager silence operator

Seems to be one of the few ways to feasibly manage alertmanager silences around.  Can also integrate into the console.

* Move silence operator to separate chart

* Fix gitlab wildcard cert

we needed to explicitly name the cert for the kas ingress
---
 gitlab/helm/gitlab/values.yaml                |   5 +
 monitoring/helm/monitoring/Chart.lock         |   4 +-
 monitoring/helm/monitoring/Chart.yaml         |   4 +-
 monitoring/helm/silence-operator/.helmignore  |  23 +++++
 monitoring/helm/silence-operator/Chart.lock   |   6 ++
 monitoring/helm/silence-operator/Chart.yaml   |  10 ++
 monitoring/helm/silence-operator/README.md    |  13 +++
 .../charts/silence-operator-0.0.6.tgz         | Bin 0 -> 5109 bytes
 .../monitoring.giantswarm.io_silences.yaml    |  96 ++++++++++++++++++
 monitoring/helm/silence-operator/deps.yaml    |  10 ++
 .../silence-operator/templates/_helpers.tpl   |  62 +++++++++++
 .../silence-operator/templates/silences.yaml  |   8 ++
 monitoring/helm/silence-operator/values.yaml  |  18 ++++
 13 files changed, 255 insertions(+), 4 deletions(-)
 create mode 100644 monitoring/helm/silence-operator/.helmignore
 create mode 100644 monitoring/helm/silence-operator/Chart.lock
 create mode 100644 monitoring/helm/silence-operator/Chart.yaml
 create mode 100644 monitoring/helm/silence-operator/README.md
 create mode 100644 monitoring/helm/silence-operator/charts/silence-operator-0.0.6.tgz
 create mode 100644 monitoring/helm/silence-operator/crds/monitoring.giantswarm.io_silences.yaml
 create mode 100644 monitoring/helm/silence-operator/deps.yaml
 create mode 100644 monitoring/helm/silence-operator/templates/_helpers.tpl
 create mode 100644 monitoring/helm/silence-operator/templates/silences.yaml
 create mode 100644 monitoring/helm/silence-operator/values.yaml

diff --git a/gitlab/helm/gitlab/values.yaml b/gitlab/helm/gitlab/values.yaml
index c8a0ac5bc..a3025ed90 100644
--- a/gitlab/helm/gitlab/values.yaml
+++ b/gitlab/helm/gitlab/values.yaml
@@ -83,6 +83,11 @@ gitlab:
         cpu: 10m
         memory: 64Mi
   gitlab:
+    kas:
+      ingress:
+        tls:
+          secretName: gitlab-kas-tls
+          enabled: true
     webservice:
       minReplicas: 1
       ingress:
diff --git a/monitoring/helm/monitoring/Chart.lock b/monitoring/helm/monitoring/Chart.lock
index 53a392214..90e1d12e0 100644
--- a/monitoring/helm/monitoring/Chart.lock
+++ b/monitoring/helm/monitoring/Chart.lock
@@ -14,5 +14,5 @@ dependencies:
 - name: vpa
   repository: https://charts.fairwinds.com/stable
   version: 0.4.2
-digest: sha256:9b84774630023f82f5c08f274f2f36d5197e1b8108542d40d9d143802fb5fd14
-generated: "2022-09-13T17:50:46.461204+02:00"
+digest: sha256:787edb7415961eb351e0626cd804052182504834a0fc11b68fd8af44ce10c10b
+generated: "2023-09-06T13:54:58.679085-04:00"
diff --git a/monitoring/helm/monitoring/Chart.yaml b/monitoring/helm/monitoring/Chart.yaml
index bc2bc8784..ebac1903a 100644
--- a/monitoring/helm/monitoring/Chart.yaml
+++ b/monitoring/helm/monitoring/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: monitoring
 description: A Helm chart for Kubernetes
 type: application
-version: 0.2.27
+version: 0.2.28
 appVersion: "0.1.0"
 dependencies:
 - name: kube-prometheus-stack
@@ -22,4 +22,4 @@ dependencies:
   condition: opentelemetry-operator.enabled
 - name: vpa
   version: 0.4.2
-  repository: https://charts.fairwinds.com/stable
+  repository: https://charts.fairwinds.com/stable
\ No newline at end of file
diff --git a/monitoring/helm/silence-operator/.helmignore b/monitoring/helm/silence-operator/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/monitoring/helm/silence-operator/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/monitoring/helm/silence-operator/Chart.lock b/monitoring/helm/silence-operator/Chart.lock
new file mode 100644
index 000000000..36c0b814f
--- /dev/null
+++ b/monitoring/helm/silence-operator/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: silence-operator
+  repository: https://wiremind.github.io/wiremind-helm-charts
+  version: 0.0.6
+digest: sha256:95128fe4e6765a00cb3d655dfe5d9720711740bccc9c933381743add2e71c739
+generated: "2023-09-06T13:55:17.876963-04:00"
diff --git a/monitoring/helm/silence-operator/Chart.yaml b/monitoring/helm/silence-operator/Chart.yaml
new file mode 100644
index 000000000..8b8f8364e
--- /dev/null
+++ b/monitoring/helm/silence-operator/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+name: silence-operator
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.6
+appVersion: "1.16.0"
+dependencies:
+- name: silence-operator
+  version: 0.0.6
+  repository: https://wiremind.github.io/wiremind-helm-charts
\ No newline at end of file
diff --git a/monitoring/helm/silence-operator/README.md b/monitoring/helm/silence-operator/README.md
new file mode 100644
index 000000000..3e0a3e2ef
--- /dev/null
+++ b/monitoring/helm/silence-operator/README.md
@@ -0,0 +1,13 @@
+# silence-operator
+
+Deploys the alertmanager silence operator to allow for CRD managed alert silences.  You can specify any silences you might want to add using in your installations `values.yaml` file:
+
+```yaml
+silence-operator:
+  silences:
+    <name>:
+        matchers:
+        - name: alertname
+          value: <Alertname>
+          regex: false
+```
\ No newline at end of file
diff --git a/monitoring/helm/silence-operator/charts/silence-operator-0.0.6.tgz b/monitoring/helm/silence-operator/charts/silence-operator-0.0.6.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..9291b3fac0be7f01e787ce0c9f2d4f2162f84336
GIT binary patch
literal 5109
zcmV<R6AJ7fiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBzbK5r3c>m_7z$m$ClKx1&Se6^j_<rYe+`C-U*pKb@rqk)9
z5V?|2g8&VHvQ;PF{TTp!Cq>EfOPW4LXBrtVi^XDhv5N&jNhmNMTpoeIii_^y91G<w
zaY(<quhi@HdZXdc{M+mGs{i(P27|Bq!=3(cu(vlDjlSyjhr`{`SEzSy7__8VDlES0
z-MO#o;J%QABk~gnNjMv$#lXQ)l>OQB_Pn0E=lig`v%9w&ydF+>U*pka7sKAPhrfM2
z>hJaYd;ZiP^oG6@fb<24lxcfr*$Sm>g+k2m3?w?BAe8+>poIA(S`du<SSlVO0g}hU
z2kAM)*P!M~MRMHj3Vh|wh?>WfSc335Q^1tx^RRmnPe3qGAd5dkEER|@<uh*n=S6Jh
zT)^^*i$IPYH|^bVGb|k!MS_Q*<`7HAMYw>h6Jo*?CJcmW4Iw6UjQjwkE(ozug#F`+
z2nY!aJi;A>7!F~KN;UG9I244D#ug#==Y+v<FwCn@L&9(zG}fOA%zRFyt&+FtzaI7W
zc6LVJg!r0-(0|?A`-di;^cWWq(PctVO~pdzX<f%=R8@qNOpvBRIypI<Zi-;`!<_>S
zU0>@J*;N9dt4Y~SGHTEpfzAkKN?u_R)*CExhV6MH=W|Qcmz8Sze}QQX@?IB!HTr*d
zcXzL<|MzwVPx}8c5()7P#tuTyGO^P#7jXXqgb_W_DtyI;moZ*?gm(o*ToT2_vaRX=
zS9r3o@Jwc!r_)lq;~=E)Y>YbkR}@ov!YT2WW7K&&eb3d200~TW97ishuLlGSPbdUq
zG{sbc;~+#BQMyFq{Dw@YAb=^P)jbc8;%Ej6EqN@m)$8z7Ce@D&FvJ;MBF+HuDN=Kg
zV2UjS3mKt&2}*NnxTM(`@zc~Y2@|3i4vAUed_@b565>@VbP6>r;riZSSj=rBVp=Bw
z_8zdx?1Ii>;Pt$n9Mtl%P&V`id%7?wouwqdCo&XR1k;Exm=V?3vYi>TwnZ+i5VWa!
zovMq0HyC*XH?MtL8b3p)8II^`4gzXih_C=86&Da>&GLa6Tw9h(nPa3^|1s(`Nmqg}
zmQq_tM$jDFPqyCMDwKpo$uYY5<fNEf#voOJ-~A{aqkgX!W;r2*2GhZy_XDwjwFzhJ
zsWb3nLDce4+jQ3%zhvB^M4U2<h}nVs(F~&B>-CDc{}Mcol5C?a#0=Cqp2;!#<<~@v
z-E?k!8f)vYljI|0mc23RTo4v?s<k7*7bIw^PPvb%A(Zsz5X4kxzUuCxSN1>MLdL!i
zQch#~A3l-)CVC#1?=%s|XvaZliV20FxlAukim=%mzyT!;&cNp^kYh9$>cRV*`LPhd
z{AJ2z2bA(FjZh>AH&mrq%J+648XY{HYDKs-6X=-v)t#j6kJ)#a&{$}S2TZ2fhn8U9
z5g}D!v?2i<z!b++xmkWE0bOLB3gcASrph!mmWg=K$SQS4nO3=>o!9CBn)s~FWvTd#
z%~&H!e0<1brpBnBbUGz7+l2(N0Fe$gfJr<ntW2onYNWMv8{!u<BMt%qQjSqaYq@c^
zTWpmGGX!49nbr%0&Bm{LuTx!IUzb|o=L&(aWa<;@Y|2>(#ZiD2oGFdeY-xK@%LvBk
zlv7IB>_=0<(zckBawa7UU?Am*;1gIiQ@Tfj=^LPUnM;SAu?Pe)JY#crEea$A9;-@j
zBBbYY0dmf1pr_Dqk`;zR{_g(;&Mv?`;UXPL!o=v?q)v%}qP$+UW>W9K_l<OD=mN|{
zCup$(6UB;$y4qQ((K){Wmet3MafKD(%o5#+WK;y32$rG-As>YLPOo@*FFNacST^Jy
z9+Wa2F~NQV=x69>9wQ$!6hK7zvc6>Nh1`K_CGZ<l!z@Fe+uX0En*XODj3`zhyC3F2
zBM{P4(cN6ZHU8hu?r2o;|Mq&L-6#L=G1ARV_Z3=@aEv4<G$j<Yirx=3S^PPS(W~yK
zPmZqT99>741={a1@|yTS$n4{IPEyZB0Za*lx{c}SMjhnl)wIQcJiFnnml5RsWH%pl
z&Eo|KK>|P@wa_ykjdsjW5}w7=DY-@+w}TQ`zykf#qIqZp72&LhX-w%7UB;M_DS-gt
zC^7@^od1G_ZR#uCgC2}T6Yy~?0ZASL`aWAX?Xaf=XkaaJqxQl0j%rRMdNElVlDv6;
zrt1<mLox#YrRThzA^{YzOlX&AS81td^N2!Mgi<sCZKekZON0&b3AXDgtSgtPOr{x8
z)546fNtKo5n-HGL49;^ii1GgBGn?a>k;4M<PA#o$+Z4}I<}Hzn1Yv55I)9Vy-(;r(
z%XYdspEdt1abICtwag@2lzK|d)FymlYf(G_y2<pK>iOJO$5bS@{hhew=%cYtu@9*8
zO$T*8bZ#$HJPbLrsLBmcwG}O{bD*Io=XS$)jBaiaVLpw6mLYl;iI$2IDENwtcS%QH
zft!-iA7rr%U52B`%S~X9@NTwmd~?&#<RiL_xq=Ec>QJop9k`RF1(b4DV!kv|^DIGr
zb9z>X>o($It(I20S@qyGkA*O)F!P~2lA;hc@p^SZNUS}Ct>vb*V=Q5#K^85(_p20H
zxteDUGgMhtUaTfTt|h&ftAMiNm<xI&1)n;+os9t0bj9ah_4CwX|5^7n#L-=Y0c-5P
z!ES%IYX9wwcAo6N$4I64Z{N8fEEuChGxI;-$O%E=04qGsoU~T$l8csAF}9J6aFb3k
z*|wI|gVuR8(!R0>n(6zGh!GY5Q)sAxq*z+6^_C$WqmK<+FV-W@_dM)YOkvA5bzL>O
ziEQV~lLc<8c&4cxfZYU;3Ruf-P0us`jaNV}xZ6n&=+mc;)38(1v{_W_uLbpD(^O}9
zNz1Ie<{-vK@CysdYUrh1rP~3^8s>CINKsjwK_6=uzKo}$(kr|7C497huU5BO(dNSL
zAT+lrY%iE*j_bNkx|V69Fk3m6%=eOwnsO##M0qy4RHQ{(*R0_WD88=l^K-~>5_NJJ
zVC9y~v<;|J4_Os$xg7ZN^46fUK-UWE@N+BkEmGV1FF5<1Pwsvcpnd)Ck9PVE`#-&>
z_5U$a)wV9`qKbZ*VCB!dxt0-}{fAHPs$+DIkEvs11ZF=skJnX&KP@S%jkYLW4Z_O0
z7S^hWUlmSsy#$|Ck--`=%@r+_h5%x<eXUBFF2D21d7?7L>1l|JAB<U4n6vHX?c02<
zFK+x7BH@NvPGLcEb)Irinp?&ip_C7d{ZJY}(;%7#vfW_%gQDfKVnkbysyea^$BKy8
z15QP$&)dpMP{{z}nhDo{L!AVk*=yoI<B+xxp|FOo!MhrIEH`P0Ojg;s4xxdBx4<Y3
zdRAsN4~5>i>G+%5-I6NxO_DVVw`o@;_0H0yF*)S<@z(Ys7p<ciS;0B(Hj6<NQ|hLt
zR!Y)f&j^(a?M7Toy>$0wyjg99XBERf>F=a)dS^3G`FWpawn7MtSw+xY<WtU|lIOYs
zL~6d@ujHrao1VY;*W2?CKb{?(z8u@%CkJO||2;l^^YR~+zbg>BTCsH-sSIpU#m&y5
zhIe{&a(wpo{P^_eQkCQ|%y)u^<4S?i9|E*1bPCgYsqvu3XhxKqpJr;PwFM`YkA;;7
zqKWnZLx?4ahetl0)dv_rdiLvK2C?8Y4&eu_glYm{0{$mh&BvBIou=L!IaaTeI5=i>
zSv^&V+O$`8exoX$`N58rn!5s^pudMzXpI`Y1+7(wIhs}M#>;an>@_R(W@FlTxm>@c
zQRIt9UqXuUkd0T8TBAEJC^d-d*A<_KA!b2Uz+Kdx5Z0YwIj@zt;Mej#)`Z^=8f6k8
z5hC|=ie5Rj67c67xeRsQGO4gR*_Cd)AO={W=imSM&!fZhcOTv#9h`so>FD(A?eTlh
z^E&n3V?mKC-yJvI3Ly$F<wdu+UDQp?X4wt+6{8#n-Nw#JjXqGq;_DAM3`RpwVd2gG
zK!5)`>ISgrvY65uRtgK`UN5HTPEh=L$OH7vbqPu{F*|RL-yd~0qxAAJr|-}Ivpsb~
zasg8;@VvXcY$I#lM|XL-Jt?<nn-Q?wwpK4(RBE8*<(70l1tkb9G@X+(#M!#kNa64z
zAOg8jo7IK#gZAbQLIyBD$m!*$x;?^?>tagXY|lg@m!qXs++K;Z(cdc_cYR?m_tY>r
zJpFKZ{Nwxc{oj17R<$x6EHBa59#IhL#g77;srlEx)!>o+UM=rxPAH&X&~t)Zs?hVa
zPxNc8YQP)JkOZF(dgL47*|B*3^8AK;`qfLldK(3=qm0mPL3Zi{etuKL@>4Uh5qj~0
z?2~W$FJCr{yy6TXt86!&$RZ;*mnBRL0eXIuPQj;)?Z)+HR91U`wVB`0q<S~ET>UhV
zvBr39iWl6E5t~FnRu3#!eh)XSJW}yMgL*Q}*Q52<GR^(Q&7Q3cZas{R4epgjb#6F+
ztR5gNo#X1P-AqXW3dJnf4T#upS%GzxqRq{cwSB*E^(d#Nz-$KSd3M97c<3=8er1O9
zi%8Y!(!DA?+rPOf085Ee$u;U^LmqB(H8yo89$qChlC~;(cTooSt_L1S1w5$q7p`zs
z9nP$%+@f+HtlFwnT-ll~UkY0lR}=Mpd&_N&x~O@dGK|#n4H4$@$Cn*||IDc+{%<d~
zguw3l9L$>Yf1}<`E&f01J>CC*lvE7x<0z7OeE&^0{a?^2z%=%m+{Tp6$IFU$HIrz1
za=tnVVPoab-<86>?fBGBqvv>y(s+Gx53*^!$^ez`Ojbu%jZ}Yuq4vtUnjy1EKzjXp
z+5)b9H7$(0wv4Vsd37whJr3Ohp=OP3j7>cb-5P_gx7&;um6iII9)ochvUBAbS7i=y
z(E!*=(WJ?2(Ui>z<5K6RgG=^AWQ^Hb;l0P&>u%Q;1k5mhSpVv-UPRe9b5VdHEbL%t
z=O-a}K!n`yF0kl|m~}V2zLH;0=r+Ne5(;wP{*je8J2m&i!>HsI-NRr?_o<6`+Oy%6
z;7{T7_{t;IjR(xji$#NCDc!<va&;Q6>Dx3{D*6|waf7IJ=YXl2|4}a59{CmT05riW
zkEfwo<w#Na4T1F#OAX4fo}ps~dKu#^K$No?2&CqirNO)OZ2~0cJf;DP1T3^do&nQc
zX$j?1^al?o1W+Wn4^o2k3O!UGH@LY$I0*Xda4t8icy+ax5!Tb7+NKP#{-(luh}AY#
z&aF7UtC+cQKcRgup`mTT3-4`-$Zhr#ZejOqxtFkN6rbBWc}fqRTKs?Wc7;ocd|>~-
z*WanW|GKx^dwT!jQBq+)yYN;C8t-SirI`KclexuobCc?j=ateY-SLH`7WrqOuDG~x
zBV*#<K?kgp|GnX`EdPVvu>W-b=TVZ~>w9mf+B$QkOFsz{5H|BJzO~OL^uNIUK(in8
z&|7?j&CCT^NBe38_s!kjvxx*(+~;(R&JRx<grLxad2GxI=lL>%B=^YFFhAc~d|EYe
zi~L9O&Nu&US|k7c!A?c~`=ddB?@9h2BUStpJ?Hs@8bw858LhkMPe9=`MsSjEvnIOZ
z&Z^-)g<g;ap)f1HIGetoXW$ES|L=!bs?(Sq*bt*Jh6>wrAz|rTfL3o@kI`s%cV`zl
z#mDrT;JxSUlyl{j9@x8k$0l6yj<EQ;2+ROFU`umVF^VXJz!avYQ@NsIX*1VFUuXNU
zU#B@~pf$^|mkIQrm{NXql9KpH`j}$-_<u_4IhQI~S<0DjPY%l&CvV@R8BZ4Eqox-9
zFDBT(mjz&r{@)o4tN!0;XYl0zJxZ$Re>3OJ3xFxYv6^#1{xFhWun3bY;r7(jDW~wK
zSO~PjOUxo1k)kTpS)EnKt8EOV_U^S?K8vydF)2cO)iJ*D_9Xi!VF6*YKLzDvJoz1b
zl@QOOT7Hn#K;Hnp_K?^nj)344l4G)UHrtX!DLb^xQL@vqp?UPE(&0ujdJGAHYXwY?
zPp*=PhzIHJv@sA#vv9=8;olU3ncuwl)?@!O2-^Kk!e3h05;AQfaDVo<^8Sjc#s0IV
z{ykWLYxn>5s^|Ykd;Q^){r4DY>-Wei4?i?MM0RF4=&pL!UL=3CEkpZ>g5wBZ#*n>8
zR(_&j#pT_ZxqOm+%H<=PjE2Dc^5K~DrGOR~y11ov{)v{A5Yj4*P)fSBRsPLl;wJC7
zZm$T|$^U4uSKa^LeUksjNt?c{yF$K8M#?Sayv<m7G-<Ej^e9uHa0)i@9ID4+o35X%
zhSAvlXEb`&%l|{a|JUp7^?SAV|8}3=|9zCyCf8q3oUcJH^Dnt-KT!Gt>vg@OL=2rm
zTu`V&z^*w)mkL7E5Tdg;^tL*7S-x|yee`j77ll!i|I?#`H$NPCVQ_yuwl4nH@7KQn
z+<Q9z^El~Q{qw%gzk!Cyw<)GvBp*03A2X?Z)!B2L^Er`-NQ4;zHpk3|0Qo#xW?zRf
zAtm!+8Hs+G@|XqY%SgYzxZPKN(+>xmZ#vI`)@!`<9Ov1yXXxMj%6xLb+@vu$m}Bl5
z)#N9dV`;xsfI}#Ln?vXQR)zc9|3gYFHOLEqNY@DwT*jDsj&u6YgG2i%7?C}xFcmyR
zzic(e3FVX4F*ZeK^tcaCQ7rKc5M1Lh(xiS6oHE_;Y|gLTfP-|2a<90!c<DXu(>$f8
X^pu{`7nS}u009602*i#w0E7Sl=Xfl$

literal 0
HcmV?d00001

diff --git a/monitoring/helm/silence-operator/crds/monitoring.giantswarm.io_silences.yaml b/monitoring/helm/silence-operator/crds/monitoring.giantswarm.io_silences.yaml
new file mode 100644
index 000000000..a348f0638
--- /dev/null
+++ b/monitoring/helm/silence-operator/crds/monitoring.giantswarm.io_silences.yaml
@@ -0,0 +1,96 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.0
+  creationTimestamp: null
+  name: silences.monitoring.giantswarm.io
+spec:
+  group: monitoring.giantswarm.io
+  names:
+    categories:
+    - common
+    - giantswarm
+    kind: Silence
+    listKind: SilenceList
+    plural: silences
+    singular: silence
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Silence represents schema for managed silences in Alertmanager.
+          Reconciled by silence-operator.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              issue_url:
+                description: IssueURL is a link to a GitHub issue describing the problem.
+                type: string
+              matchers:
+                items:
+                  properties:
+                    isEqual:
+                      type: boolean
+                    isRegex:
+                      type: boolean
+                    name:
+                      type: string
+                    value:
+                      type: string
+                  required:
+                  - isRegex
+                  - name
+                  - value
+                  type: object
+                type: array
+              owner:
+                description: Owner is GitHub username of a person who created and/or
+                  owns the silence.
+                type: string
+              postmortem_url:
+                description: 'PostmortemURL is a link to a document describing the
+                  problem. Deprecated: Use IssueURL instead.'
+                type: string
+              targetTags:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    value:
+                      type: string
+                  required:
+                  - name
+                  - value
+                  type: object
+                type: array
+            required:
+            - matchers
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
\ No newline at end of file
diff --git a/monitoring/helm/silence-operator/deps.yaml b/monitoring/helm/silence-operator/deps.yaml
new file mode 100644
index 000000000..159841192
--- /dev/null
+++ b/monitoring/helm/silence-operator/deps.yaml
@@ -0,0 +1,10 @@
+apiVersion: plural.sh/v1alpha1
+kind: Dependencies
+metadata:
+  description: Deploys silence operator
+spec:
+  dependencies:
+  - type: helm
+    name: bootstrap
+    repo: bootstrap
+    version: '>= 0.5.1'
diff --git a/monitoring/helm/silence-operator/templates/_helpers.tpl b/monitoring/helm/silence-operator/templates/_helpers.tpl
new file mode 100644
index 000000000..34581a2dc
--- /dev/null
+++ b/monitoring/helm/silence-operator/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "silence-operator-plural.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "silence-operator-plural.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "silence-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "silence-operator-plural.labels" -}}
+helm.sh/chart: {{ include "silence-operator.chart" . }}
+{{ include "silence-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "silence-operator-plural.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "silence-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "silence-operator-plural.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "silence-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/monitoring/helm/silence-operator/templates/silences.yaml b/monitoring/helm/silence-operator/templates/silences.yaml
new file mode 100644
index 000000000..29f54e2f1
--- /dev/null
+++ b/monitoring/helm/silence-operator/templates/silences.yaml
@@ -0,0 +1,8 @@
+{{- range $name, $spec := .Values.silences -}}
+apiVersion: monitoring.giantswarm.io/v1alpha1
+kind: Silence
+metadata:
+  name: {{ $name }}
+spec:
+{{ $spec | toYaml | nindent 2 }}
+{{- end -}}
\ No newline at end of file
diff --git a/monitoring/helm/silence-operator/values.yaml b/monitoring/helm/silence-operator/values.yaml
new file mode 100644
index 000000000..57d79395b
--- /dev/null
+++ b/monitoring/helm/silence-operator/values.yaml
@@ -0,0 +1,18 @@
+silences: {}
+
+silence-operator:
+  sync:
+    enabled: true
+    init:
+      method:
+        kubernetes:
+          enabled: true
+          image:
+            name: ghcr.io/pluralsh/containers/kubectl
+            tag: 1.27-plural1.0.0
+  rbac:
+    create: true
+  operator:
+    alertmanager:
+      service:
+        address: "http://monitoring-alertmanager.monitoring:9093"
\ No newline at end of file