--- apiVersion: v1 kind: Namespace metadata: name: botkube --- # Configmap apiVersion: v1 kind: ConfigMap metadata: name: botkube-configmap namespace: botkube labels: app: botkube data: resource_config.yaml: | ## Resources you want to watch resources: - name: pod # Name of the resources e.g pod, deployment, ingress, etc. (Resource name must be in singular form) namespaces: include: - all ignore: # List of namespaces to be ignored (omitempty), used only with include: all - # example : include [all], ignore [x,y,z] events: # List of lifecycle events you want to receive, e.g create, update, delete, error OR all - create - delete - error - name: service namespaces: include: - all ignore: - events: - create - delete - error - name: deployment namespaces: include: - all ignore: - events: - create - update - delete - error updateSetting: includeDiff: true fields: - spec.template.spec.containers[*].image - status.availableReplicas - name: statefulset namespaces: include: - all ignore: - events: - create - update - delete - error updateSetting: includeDiff: true fields: - spec.template.spec.containers[*].image - status.readyReplicas - name: ingress namespaces: include: - all ignore: - events: - create - delete - error - name: node namespaces: include: - all ignore: - events: - create - delete - error - name: namespace namespaces: include: - all ignore: - events: - create - delete - error - name: persistentvolume namespaces: include: - all ignore: - events: - create - delete - error - name: persistentvolumeclaim namespaces: include: - all ignore: - events: - create - delete - error - name: configmap namespaces: include: - all ignore: - events: - create - delete - error - name: daemonset namespaces: include: - all ignore: - events: - create - update - delete - error updateSetting: includeDiff: true fields: - spec.template.spec.containers[*].image - status.numberReady - name: job namespaces: include: - all ignore: - events: - create - update - delete - error updateSetting: includeDiff: true fields: - spec.template.spec.containers[*].image - status.conditions[*].type - name: role namespaces: include: - all ignore: - events: - create - delete - error - name: rolebinding namespaces: include: - all ignore: - events: - create - delete - error - name: clusterrole namespaces: include: - all ignore: - events: - create - delete - error - name: clusterrolebinding namespaces: include: - all ignore: - events: - create - delete - error # Check true if you want to receive recommendations # about the best practices for the created resource recommendations: true # Setting to support multiple clusters settings: # Cluster name to differentiate incoming messages clustername: not-configured # Kubectl executor configs kubectl: # Set true to enable kubectl commands execution enabled: false commands: # method which are allowed verbs: ["api-resources", "api-versions", "cluster-info", "describe", "diff", "explain", "get", "logs", "top", "auth"] # resource configuration which is allowed resources: ["deployments", "pods" , "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes"] # set Namespace to execute botkube kubectl commands by default defaultNamespace: default # Set true to enable commands execution from configured channel only restrictAccess: false # Set true to enable config watcher configwatcher: true # Set false to disable upgrade notification upgradeNotifier: true --- # secret apiVersion: v1 kind: Secret metadata: name: botkube-communication-secret namespace: botkube labels: app: botkube type: Opaque stringData: comm_config.yaml: | # Communication settings communications: # Settings for Slack slack: enabled: false channel: 'SLACK_CHANNEL' token: 'SLACK_API_TOKEN' notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified) # Settings for Mattermost mattermost: enabled: false url: 'MATTERMOST_SERVER_URL' # URL where Mattermost is running. e.g https://example.com:9243 token: 'MATTERMOST_TOKEN' # Personal Access token generated by BotKube user team: 'MATTERMOST_TEAM' # Mattermost Team to configure with BotKube channel: 'MATTERMOST_CHANNEL' # Mattermost Channel for receiving BotKube alerts notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified) # Settings for ELS elasticsearch: enable: false server: 'ELASTICSEARCH_ADDRESS' # e.g https://example.com:9243 username: 'ELASTICSEARCH_USERNAME' password: 'ELASTICSEARCH_PASSWORD' # ELS index settings index: name: botkube type: botkube-event shards: 1 replicas: 0 # Settings for Webhook webhook: enabled: false url: 'WEBHOOK_URL' # e.g https://example.com:80 --- # serviceaccount apiVersion: v1 kind: ServiceAccount metadata: name: botkube-sa namespace: botkube labels: app: botkube --- # Source: botkube/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: botkube-clusterrole labels: app: botkube rules: - apiGroups: ["*"] resources: ["*"] verbs: ["get", "watch", "list"] --- # clusterrolebinding apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: botkube-clusterrolebinding labels: app: botkube roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: botkube-clusterrole subjects: - kind: ServiceAccount name: botkube-sa namespace: botkube --- # Certificate for Mattermost integration: https://www.botkube.io/installation/mattermost/ apiVersion: v1 kind: Secret metadata: name: botkube-certificate-secret labels: app: botkube data: ca-certificates.crt: ENCODED_CERTIFICATE --- # deployment apiVersion: apps/v1 kind: Deployment metadata: name: botkube namespace: botkube labels: component: controller app: botkube spec: replicas: 1 selector: matchLabels: component: controller app: botkube template: metadata: labels: component: controller app: botkube spec: serviceAccountName: botkube-sa containers: - name: botkube image: "infracloudio/botkube:v0.10.0" imagePullPolicy: Always volumeMounts: - name: config-volume mountPath: "/config" - name: certs mountPath: "/etc/ssl/certs" env: - name: CONFIG_PATH value: "/config/" # set one of the log levels- info, warn, debug, error, fatal, panic - name: LOG_LEVEL value: "info" # set BotKube release version - name: BOTKUBE_VERSION value: v0.10.0 volumes: - name: config-volume projected: sources: - configMap: name: botkube-configmap - secret: name: botkube-communication-secret - name: certs secret: secretName: botkube-certificate-secret # run as non privilaged user securityContext: runAsUser: 101 runAsGroup: 101