--- apiVersion: v1 kind: Namespace metadata: name: botkube --- # Configmap apiVersion: v1 kind: ConfigMap metadata: name: botkube-configmap namespace: botkube labels: app: botkube data: resource_config.yaml: | ## Resources you want to watch resources: - name: v1/pods # Name of the resource. Resource name must be in group/version/resource (G/V/R) format # resource name should be plural (e.g apps/v1/deployments, v1/pods) namespaces: # List of namespaces, "all" will watch all the namespaces include: - all ignore: # List of namespaces to be ignored (omitempty), used only with include: all, can contain a wildcard (*) - # example : include [all], ignore [x,y,secret-ns-*] events: # List of lifecycle events you want to receive, e.g create, update, delete, error OR all - create - delete - error - name: v1/services namespaces: include: - all ignore: - events: - create - delete - error - name: apps/v1/deployments namespaces: include: - all ignore: - events: - create - update - delete - error updateSetting: includeDiff: true fields: - spec.template.spec.containers[*].image - status.availableReplicas - name: apps/v1/statefulsets namespaces: include: - all ignore: - events: - create - update - delete - error updateSetting: includeDiff: true fields: - spec.template.spec.containers[*].image - status.readyReplicas - name: networking.k8s.io/v1beta1/ingresses namespaces: include: - all ignore: - events: - create - delete - error - name: v1/nodes namespaces: include: - all ignore: - events: - create - delete - error - name: v1/namespaces namespaces: include: - all ignore: - events: - create - delete - error - name: v1/persistentvolumes namespaces: include: - all ignore: - events: - create - delete - error - name: v1/persistentvolumeclaims namespaces: include: - all ignore: - events: - create - delete - error - name: v1/configmaps namespaces: include: - all ignore: - events: - create - delete - error - name: apps/v1/daemonsets namespaces: include: - all ignore: - events: - create - update - delete - error updateSetting: includeDiff: true fields: - spec.template.spec.containers[*].image - status.numberReady - name: batch/v1/jobs namespaces: include: - all ignore: - events: - create - update - delete - error updateSetting: includeDiff: true fields: - spec.template.spec.containers[*].image - status.conditions[*].type - name: rbac.authorization.k8s.io/v1/roles namespaces: include: - all ignore: - events: - create - delete - error - name: rbac.authorization.k8s.io/v1/rolebindings namespaces: include: - all ignore: - events: - create - delete - error - name: rbac.authorization.k8s.io/v1/clusterrolebindings namespaces: include: - all ignore: - events: - create - delete - error - name: rbac.authorization.k8s.io/v1/clusterroles namespaces: include: - all ignore: - events: - create - delete - error # Check true if you want to receive recommendations # about the best practices for the created resource recommendations: true # Setting to support multiple clusters settings: # Cluster name to differentiate incoming messages clustername: not-configured # Kubectl executor configs kubectl: # Set true to enable kubectl commands execution enabled: false commands: # method which are allowed verbs: ["api-resources", "api-versions", "cluster-info", "describe", "diff", "explain", "get", "logs", "top", "auth"] # resource configuration which is allowed resources: ["deployments", "pods" , "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes"] # set Namespace to execute botkube kubectl commands by default defaultNamespace: default # Set true to enable commands execution from configured channel only restrictAccess: false # Set true to enable config watcher configwatcher: true # Set false to disable upgrade notification upgradeNotifier: true --- # secret apiVersion: v1 kind: Secret metadata: name: botkube-communication-secret namespace: botkube labels: app: botkube type: Opaque stringData: comm_config.yaml: | # Communication settings communications: # Settings for Slack slack: enabled: false channel: 'SLACK_CHANNEL' token: 'SLACK_API_TOKEN' notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified) # Settings for Mattermost mattermost: enabled: false url: 'MATTERMOST_SERVER_URL' # URL where Mattermost is running. e.g https://example.com:9243 token: 'MATTERMOST_TOKEN' # Personal Access token generated by BotKube user team: 'MATTERMOST_TEAM' # Mattermost Team to configure with BotKube channel: 'MATTERMOST_CHANNEL' # Mattermost Channel for receiving BotKube alerts notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified) # Settings for Discord discord: enabled: false token: 'DISCORD_TOKEN' # BotKube Bot Token botid: 'DISCORD_BOT_ID' # BotKube Application Client ID channel: 'DISCORD_CHANNEL_ID' # Discord Channel id for receiving BotKube alerts notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified) # Settings for ELS elasticsearch: enabled: false awsSigning: enabled: false # enable awsSigning using IAM for Elastisearch hosted on AWS, if true make sure AWS environment variables are set. Refer https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html awsRegion: 'us-east-1' # AWS region where Elasticsearch is deployed roleArn: '' # AWS IAM Role arn to assume for credentials, use this only if you dont want to use the EC2 instance role or not running on AWS instance server: 'ELASTICSEARCH_ADDRESS' # e.g https://example.com:9243 username: 'ELASTICSEARCH_USERNAME' # Basic Auth password: 'ELASTICSEARCH_PASSWORD' # ELS index settings index: name: botkube type: botkube-event shards: 1 replicas: 0 # Settings for MS Teams teams: enabled: false appID: 'APPLICATION_ID' appPassword: 'APPLICATION_PASSWORD' notiftype: short port: 3978 # Settings for Webhook webhook: enabled: false url: 'WEBHOOK_URL' # e.g https://example.com:80 --- # serviceaccount apiVersion: v1 kind: ServiceAccount metadata: name: botkube-sa namespace: botkube labels: app: botkube --- # Source: botkube/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: botkube-clusterrole labels: app: botkube rules: - apiGroups: ["*"] resources: ["*"] verbs: ["get", "watch", "list"] --- # clusterrolebinding apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: botkube-clusterrolebinding labels: app: botkube roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: botkube-clusterrole subjects: - kind: ServiceAccount name: botkube-sa namespace: botkube --- # deployment apiVersion: apps/v1 kind: Deployment metadata: name: botkube namespace: botkube labels: component: controller app: botkube spec: replicas: 1 selector: matchLabels: component: controller app: botkube template: metadata: labels: component: controller app: botkube spec: serviceAccountName: botkube-sa containers: - name: botkube image: "infracloudio/botkube:v0.12.0" imagePullPolicy: Always volumeMounts: - name: config-volume mountPath: "/config" env: - name: CONFIG_PATH value: "/config/" # set one of the log levels- info, warn, debug, error, fatal, panic - name: LOG_LEVEL value: "info" # set BotKube release version - name: BOTKUBE_VERSION value: v0.12.0 volumes: - name: config-volume projected: sources: - configMap: name: botkube-configmap - secret: name: botkube-communication-secret # run as non privileged user securityContext: runAsUser: 101 runAsGroup: 101 --- ## Uncomment following resources for Teams support #apiVersion: v1 #kind: Service #metadata: # name: botkube # labels: # app: botkube #spec: # type: ClusterIP # ports: # - name: "teams" # port: 3978 # selector: # app: botkube #--- ## Source: botkube/templates/ingress.yaml #apiVersion: extensions/v1beta1 #kind: Ingress #metadata: # name: botkube # labels: # app: botkube # annotations: # kubernetes.io/ingress.class: nginx #spec: # tls: # - hosts: # - HOST # secretName: TLS_SECRET_NAME # rules: # - http: # paths: # - path: URLPATH # backend: # serviceName: botkube # servicePort: 3978 # host: HOST