botkube/deploy-all-in-one-tls.yaml

---
apiVersion: v1
kind: Namespace
metadata:
  name: botkube
---
# Configmap
apiVersion: v1
kind: ConfigMap
metadata:
  name: botkube-configmap
  namespace: botkube
  labels:
    app: botkube
data:
  resource_config.yaml: |
    ## Resources you want to watch
    resources:
      - name: pod                # Name of the resources e.g pod, deployment, ingress, etc. (Resource name must be in singular form)
        namespaces:
          include:
            - all
          ignore:                 # List of namespaces to be ignored (omitempty), used only with include: all
            -                     # example : include [all], ignore [x,y,z]
        events:                   # List of lifecycle events you want to receive, e.g create, update, delete, error OR all
          - create
          - delete
          - error
      - name: service
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: deployment
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - update
          - delete
          - error
        updateSetting:
          includeDiff: true
          fields:
            - spec.template.spec.containers[*].image
            - status.availableReplicas
      - name: statefulset
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - update
          - delete
          - error
        updateSetting:
          includeDiff: true
          fields:
            - spec.template.spec.containers[*].image
            - status.readyReplicas
      - name: ingress
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: node
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: namespace
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: persistentvolume
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: persistentvolumeclaim
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: configmap
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: daemonset
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - update
          - delete
          - error
        updateSetting:
          includeDiff: true
          fields:
            - spec.template.spec.containers[*].image
            - status.numberReady
      - name: job
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - update
          - delete
          - error
        updateSetting:
          includeDiff: true
          fields:
            - spec.template.spec.containers[*].image
            - status.conditions[*].type
      - name: role
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: rolebinding
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: clusterrole
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error
      - name: clusterrolebinding
        namespaces:
          include:
            - all
          ignore:
            -
        events:
          - create
          - delete
          - error

    # Check true if you want to receive recommendations
    # about the best practices for the created resource
    recommendations: true

    # Setting to support multiple clusters
    settings:
      # Cluster name to differentiate incoming messages
      clustername: not-configured
      # Kubectl executor configs
      kubectl:
        # Set true to enable kubectl commands execution
        enabled: false
        commands:
          # method which are allowed
          verbs: ["api-resources", "api-versions", "cluster-info", "describe", "diff", "explain", "get", "logs", "top", "auth"]
          # resource configuration which is allowed
          resources: ["deployments", "pods" , "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes"]
        # set Namespace to execute botkube kubectl commands by default
        defaultNamespace: default
        # Set true to enable commands execution from configured channel only
        restrictAccess: false
      # Set true to enable config watcher
      configwatcher: true
      # Set false to disable upgrade notification
      upgradeNotifier: true
---
# secret
apiVersion: v1
kind: Secret
metadata:
  name: botkube-communication-secret
  namespace: botkube
  labels:
    app: botkube
type: Opaque
stringData:
  comm_config.yaml: |
    # Communication settings
    communications:
      # Settings for Slack
      slack:
        enabled: false
        channel: 'SLACK_CHANNEL'
        token: 'SLACK_API_TOKEN'
        notiftype: short                            # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)

      # Settings for Mattermost
      mattermost:
        enabled: false
        url: 'MATTERMOST_SERVER_URL'                # URL where Mattermost is running. e.g https://example.com:9243
        token: 'MATTERMOST_TOKEN'                   # Personal Access token generated by BotKube user
        team: 'MATTERMOST_TEAM'                     # Mattermost Team to configure with BotKube
        channel: 'MATTERMOST_CHANNEL'               # Mattermost Channel for receiving BotKube alerts
        notiftype: short                            # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)

      # Settings for ELS
      elasticsearch:
        enable: false
        server: 'ELASTICSEARCH_ADDRESS'              # e.g https://example.com:9243
        username: 'ELASTICSEARCH_USERNAME'
        password: 'ELASTICSEARCH_PASSWORD'
        # ELS index settings
        index:
          name: botkube
          type: botkube-event
          shards: 1
          replicas: 0

      # Settings for Webhook
      webhook:
        enabled: false
        url: 'WEBHOOK_URL'                          # e.g https://example.com:80
---
# serviceaccount
apiVersion: v1
kind: ServiceAccount
metadata:
  name: botkube-sa
  namespace: botkube
  labels:
    app: botkube
---
# Source: botkube/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: botkube-clusterrole
  labels:
    app: botkube
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["get", "watch", "list"]
---
# clusterrolebinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: botkube-clusterrolebinding
  labels:
    app: botkube
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: botkube-clusterrole
subjects:
- kind: ServiceAccount
  name: botkube-sa
  namespace: botkube
---
# Certificate for Mattermost integration: https://www.botkube.io/installation/mattermost/
apiVersion: v1
kind: Secret
metadata:
  name: botkube-certificate-secret
  labels:
    app: botkube
data:
  ca-certificates.crt: ENCODED_CERTIFICATE
---
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: botkube
  namespace: botkube
  labels:
    component: controller
    app: botkube
spec:
  replicas: 1
  selector:
    matchLabels:
      component: controller
      app: botkube
  template:
    metadata:
      labels:
        component: controller
        app: botkube
    spec:
      serviceAccountName: botkube-sa
      containers:
        - name: botkube
          image: "infracloudio/botkube:v0.10.0"
          imagePullPolicy: Always
          volumeMounts:
            - name: config-volume
              mountPath: "/config"
            - name: certs
              mountPath: "/etc/ssl/certs"
          env:
            - name: CONFIG_PATH
              value: "/config/"
            # set one of the log levels- info, warn, debug, error, fatal, panic
            - name: LOG_LEVEL
              value: "info"
            # set BotKube release version
            - name: BOTKUBE_VERSION
              value: v0.10.0
      volumes:
        - name: config-volume
          projected:
            sources:
            - configMap:
                name: botkube-configmap
            - secret:
                name: botkube-communication-secret
        - name: certs
          secret:
            secretName: botkube-certificate-secret
      # run as non privilaged user
      securityContext:
        runAsUser: 101
        runAsGroup: 101