botkube/deploy-all-in-one-tls.yaml

383 lines
9.9 KiB
YAML
Raw Normal View History

---
apiVersion: v1
kind: Namespace
metadata:
name: botkube
---
# Configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: botkube-configmap
namespace: botkube
labels:
app: botkube
data:
resource_config.yaml: |
## Resources you want to watch
resources:
- name: pod # Name of the resources e.g pod, deployment, ingress, etc. (Resource name must be in singular form)
namespaces:
include:
- all
ignore: # List of namespaces to be ignored (omitempty), used only with include: all
- # example : include [all], ignore [x,y,z]
events: # List of lifecycle events you want to receive, e.g create, update, delete, error OR all
- create
- delete
- error
- name: service
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: deployment
namespaces:
include:
- all
ignore:
-
events:
- create
- update
- delete
- error
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- status.availableReplicas
- name: statefulset
namespaces:
include:
- all
ignore:
-
events:
- create
- update
- delete
- error
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- status.readyReplicas
- name: ingress
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: node
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: namespace
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: persistentvolume
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: persistentvolumeclaim
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: configmap
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: daemonset
namespaces:
include:
- all
ignore:
-
events:
- create
- update
- delete
- error
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- status.numberReady
- name: job
namespaces:
include:
- all
ignore:
-
events:
- create
- update
- delete
- error
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- status.conditions[*].type
- name: role
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: rolebinding
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: clusterrole
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
- name: clusterrolebinding
namespaces:
include:
- all
ignore:
-
events:
- create
- delete
- error
# Check true if you want to receive recommendations
# about the best practices for the created resource
recommendations: true
# Setting to support multiple clusters
settings:
# Cluster name to differentiate incoming messages
clustername: not-configured
# Kubectl executor configs
kubectl:
# Set true to enable kubectl commands execution
enabled: false
commands:
# method which are allowed
verbs: ["api-resources", "api-versions", "cluster-info", "describe", "diff", "explain", "get", "logs", "top", "auth"]
# resource configuration which is allowed
resources: ["deployments", "pods" , "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes"]
# set Namespace to execute botkube kubectl commands by default
defaultNamespace: default
# Set true to enable commands execution from configured channel only
restrictAccess: false
# Set true to enable config watcher
configwatcher: true
# Set false to disable upgrade notification
upgradeNotifier: true
---
# secret
apiVersion: v1
kind: Secret
metadata:
name: botkube-communication-secret
namespace: botkube
labels:
app: botkube
type: Opaque
stringData:
comm_config.yaml: |
# Communication settings
communications:
# Settings for Slack
slack:
enabled: false
channel: 'SLACK_CHANNEL'
token: 'SLACK_API_TOKEN'
notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)
# Settings for Mattermost
mattermost:
enabled: false
url: 'MATTERMOST_SERVER_URL' # URL where Mattermost is running. e.g https://example.com:9243
token: 'MATTERMOST_TOKEN' # Personal Access token generated by BotKube user
team: 'MATTERMOST_TEAM' # Mattermost Team to configure with BotKube
channel: 'MATTERMOST_CHANNEL' # Mattermost Channel for receiving BotKube alerts
notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)
# Settings for ELS
elasticsearch:
enabled: false
awsSigning:
enabled: false # enable awsSigning using IAM for Elastisearch hosted on AWS, if true make sure AWS environment variables are set. Refer https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
awsRegion: 'us-east-1' # AWS region where Elasticsearch is deployed
roleArn: '' # AWS IAM Role arn to assume for credentials, use this only if you dont want to use the EC2 instance role or not running on AWS instance
server: 'ELASTICSEARCH_ADDRESS' # e.g https://example.com:9243
username: 'ELASTICSEARCH_USERNAME' # Basic Auth
password: 'ELASTICSEARCH_PASSWORD'
# ELS index settings
index:
name: botkube
type: botkube-event
shards: 1
replicas: 0
# Settings for Webhook
webhook:
enabled: false
url: 'WEBHOOK_URL' # e.g https://example.com:80
---
# serviceaccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: botkube-sa
namespace: botkube
labels:
app: botkube
---
# Source: botkube/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: botkube-clusterrole
labels:
app: botkube
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["get", "watch", "list"]
---
# clusterrolebinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: botkube-clusterrolebinding
labels:
app: botkube
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: botkube-clusterrole
subjects:
- kind: ServiceAccount
name: botkube-sa
namespace: botkube
---
# Certificate for Mattermost integration: https://www.botkube.io/installation/mattermost/
apiVersion: v1
kind: Secret
metadata:
name: botkube-certificate-secret
labels:
app: botkube
data:
ca-certificates.crt: ENCODED_CERTIFICATE
---
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: botkube
namespace: botkube
labels:
component: controller
app: botkube
spec:
replicas: 1
selector:
matchLabels:
component: controller
app: botkube
template:
metadata:
labels:
component: controller
app: botkube
spec:
serviceAccountName: botkube-sa
containers:
- name: botkube
2020-04-27 04:28:06 +00:00
image: "infracloudio/botkube:v0.10.0"
imagePullPolicy: Always
volumeMounts:
- name: config-volume
mountPath: "/config"
- name: certs
mountPath: "/etc/ssl/certs"
env:
- name: CONFIG_PATH
value: "/config/"
# set one of the log levels- info, warn, debug, error, fatal, panic
- name: LOG_LEVEL
value: "info"
# set BotKube release version
- name: BOTKUBE_VERSION
2020-04-27 04:28:06 +00:00
value: v0.10.0
volumes:
- name: config-volume
projected:
sources:
- configMap:
name: botkube-configmap
- secret:
name: botkube-communication-secret
- name: certs
secret:
secretName: botkube-certificate-secret
# run as non privilaged user
securityContext:
runAsUser: 101
runAsGroup: 101