mirror of
https://github.com/valitydev/botkube.git
synced 2024-11-06 08:25:19 +00:00
438 lines
12 KiB
YAML
438 lines
12 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: botkube
|
|
---
|
|
# Configmap
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: botkube-configmap
|
|
namespace: botkube
|
|
labels:
|
|
app: botkube
|
|
data:
|
|
resource_config.yaml: |
|
|
## Resources you want to watch
|
|
resources:
|
|
- name: v1/pods # Name of the resource. Resource name must be in group/version/resource (G/V/R) format
|
|
# resource name should be plural (e.g apps/v1/deployments, v1/pods)
|
|
namespaces: # List of namespaces, "all" will watch all the namespaces
|
|
include:
|
|
- all
|
|
ignore: # List of namespaces to be ignored (omitempty), used only with include: all, can contain a wildcard (*)
|
|
- # example : include [all], ignore [x,y,secret-ns-*]
|
|
events: # List of lifecycle events you want to receive, e.g create, update, delete, error OR all
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: v1/services
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: apps/v1/deployments
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- update
|
|
- delete
|
|
- error
|
|
updateSetting:
|
|
includeDiff: true
|
|
fields:
|
|
- spec.template.spec.containers[*].image
|
|
- status.availableReplicas
|
|
- name: apps/v1/statefulsets
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- update
|
|
- delete
|
|
- error
|
|
updateSetting:
|
|
includeDiff: true
|
|
fields:
|
|
- spec.template.spec.containers[*].image
|
|
- status.readyReplicas
|
|
- name: networking.k8s.io/v1beta1/ingresses
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: v1/nodes
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: v1/namespaces
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: v1/persistentvolumes
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: v1/persistentvolumeclaims
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: v1/configmaps
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: apps/v1/daemonsets
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- update
|
|
- delete
|
|
- error
|
|
updateSetting:
|
|
includeDiff: true
|
|
fields:
|
|
- spec.template.spec.containers[*].image
|
|
- status.numberReady
|
|
- name: batch/v1/jobs
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- update
|
|
- delete
|
|
- error
|
|
updateSetting:
|
|
includeDiff: true
|
|
fields:
|
|
- spec.template.spec.containers[*].image
|
|
- status.conditions[*].type
|
|
- name: rbac.authorization.k8s.io/v1/roles
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: rbac.authorization.k8s.io/v1/rolebindings
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: rbac.authorization.k8s.io/v1/clusterrolebindings
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
- name: rbac.authorization.k8s.io/v1/clusterroles
|
|
namespaces:
|
|
include:
|
|
- all
|
|
ignore:
|
|
-
|
|
events:
|
|
- create
|
|
- delete
|
|
- error
|
|
|
|
# Check true if you want to receive recommendations
|
|
# about the best practices for the created resource
|
|
recommendations: true
|
|
|
|
# Setting to support multiple clusters
|
|
settings:
|
|
# Cluster name to differentiate incoming messages
|
|
clustername: not-configured
|
|
# Kubectl executor configs
|
|
kubectl:
|
|
# Set true to enable kubectl commands execution
|
|
enabled: false
|
|
commands:
|
|
# method which are allowed
|
|
verbs: ["api-resources", "api-versions", "cluster-info", "describe", "diff", "explain", "get", "logs", "top", "auth"]
|
|
# resource configuration which is allowed
|
|
resources: ["deployments", "pods" , "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes"]
|
|
# set Namespace to execute botkube kubectl commands by default
|
|
defaultNamespace: default
|
|
# Set true to enable commands execution from configured channel only
|
|
restrictAccess: false
|
|
# Set true to enable config watcher
|
|
configwatcher: true
|
|
# Set false to disable upgrade notification
|
|
upgradeNotifier: true
|
|
---
|
|
# secret
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: botkube-communication-secret
|
|
namespace: botkube
|
|
labels:
|
|
app: botkube
|
|
type: Opaque
|
|
stringData:
|
|
comm_config.yaml: |
|
|
# Communication settings
|
|
communications:
|
|
# Settings for Slack
|
|
slack:
|
|
enabled: false
|
|
channel: 'SLACK_CHANNEL'
|
|
token: 'SLACK_API_TOKEN'
|
|
notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)
|
|
|
|
# Settings for Mattermost
|
|
mattermost:
|
|
enabled: false
|
|
url: 'MATTERMOST_SERVER_URL' # URL where Mattermost is running. e.g https://example.com:9243
|
|
token: 'MATTERMOST_TOKEN' # Personal Access token generated by BotKube user
|
|
team: 'MATTERMOST_TEAM' # Mattermost Team to configure with BotKube
|
|
channel: 'MATTERMOST_CHANNEL' # Mattermost Channel for receiving BotKube alerts
|
|
notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)
|
|
|
|
# Settings for Discord
|
|
discord:
|
|
enabled: false
|
|
token: 'DISCORD_TOKEN' # BotKube Bot Token
|
|
botid: 'DISCORD_BOT_ID' # BotKube Application Client ID
|
|
channel: 'DISCORD_CHANNEL_ID' # Discord Channel id for receiving BotKube alerts
|
|
notiftype: short # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)
|
|
|
|
# Settings for ELS
|
|
elasticsearch:
|
|
enabled: false
|
|
awsSigning:
|
|
enabled: false # enable awsSigning using IAM for Elastisearch hosted on AWS, if true make sure AWS environment variables are set. Refer https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
|
|
awsRegion: 'us-east-1' # AWS region where Elasticsearch is deployed
|
|
roleArn: '' # AWS IAM Role arn to assume for credentials, use this only if you dont want to use the EC2 instance role or not running on AWS instance
|
|
server: 'ELASTICSEARCH_ADDRESS' # e.g https://example.com:9243
|
|
username: 'ELASTICSEARCH_USERNAME' # Basic Auth
|
|
password: 'ELASTICSEARCH_PASSWORD'
|
|
# ELS index settings
|
|
index:
|
|
name: botkube
|
|
type: botkube-event
|
|
shards: 1
|
|
replicas: 0
|
|
|
|
# Settings for MS Teams
|
|
teams:
|
|
enabled: false
|
|
appID: 'APPLICATION_ID'
|
|
appPassword: 'APPLICATION_PASSWORD'
|
|
notiftype: short
|
|
port: 3978
|
|
|
|
# Settings for Webhook
|
|
webhook:
|
|
enabled: false
|
|
url: 'WEBHOOK_URL' # e.g https://example.com:80
|
|
---
|
|
# serviceaccount
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: botkube-sa
|
|
namespace: botkube
|
|
labels:
|
|
app: botkube
|
|
---
|
|
# Source: botkube/templates/clusterrole.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: botkube-clusterrole
|
|
labels:
|
|
app: botkube
|
|
rules:
|
|
- apiGroups: ["*"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
---
|
|
# clusterrolebinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: botkube-clusterrolebinding
|
|
labels:
|
|
app: botkube
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: botkube-clusterrole
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: botkube-sa
|
|
namespace: botkube
|
|
---
|
|
# Certificate for Mattermost integration: https://www.botkube.io/installation/mattermost/
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: botkube-certificate-secret
|
|
labels:
|
|
app: botkube
|
|
data:
|
|
ca-certificates.crt: ENCODED_CERTIFICATE
|
|
---
|
|
# deployment
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: botkube
|
|
namespace: botkube
|
|
labels:
|
|
component: controller
|
|
app: botkube
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
component: controller
|
|
app: botkube
|
|
template:
|
|
metadata:
|
|
labels:
|
|
component: controller
|
|
app: botkube
|
|
spec:
|
|
serviceAccountName: botkube-sa
|
|
containers:
|
|
- name: botkube
|
|
image: "infracloudio/botkube:v0.12.1"
|
|
imagePullPolicy: IfNotPresent
|
|
volumeMounts:
|
|
- name: config-volume
|
|
mountPath: "/config"
|
|
- name: certs
|
|
mountPath: "/etc/ssl/certs"
|
|
env:
|
|
- name: CONFIG_PATH
|
|
value: "/config/"
|
|
# set one of the log levels- info, warn, debug, error, fatal, panic
|
|
- name: LOG_LEVEL
|
|
value: "info"
|
|
# set BotKube release version
|
|
- name: BOTKUBE_VERSION
|
|
value: v0.12.1
|
|
volumes:
|
|
- name: config-volume
|
|
projected:
|
|
sources:
|
|
- configMap:
|
|
name: botkube-configmap
|
|
- secret:
|
|
name: botkube-communication-secret
|
|
- name: certs
|
|
secret:
|
|
secretName: botkube-certificate-secret
|
|
# run as non privileged user
|
|
securityContext:
|
|
runAsUser: 101
|
|
runAsGroup: 101
|
|
---
|
|
## Uncomment following resources for Teams support
|
|
#apiVersion: v1
|
|
#kind: Service
|
|
#metadata:
|
|
# name: botkube
|
|
# labels:
|
|
# app: botkube
|
|
#spec:
|
|
# type: ClusterIP
|
|
# ports:
|
|
# - name: "teams"
|
|
# port: 3978
|
|
# selector:
|
|
# app: botkube
|
|
#---
|
|
## Source: botkube/templates/ingress.yaml
|
|
#apiVersion: extensions/v1beta1
|
|
#kind: Ingress
|
|
#metadata:
|
|
# name: botkube
|
|
# labels:
|
|
# app: botkube
|
|
# annotations:
|
|
# kubernetes.io/ingress.class: nginx
|
|
#spec:
|
|
# tls:
|
|
# - hosts:
|
|
# - HOST
|
|
# secretName: TLS_SECRET_NAME
|
|
# rules:
|
|
# - http:
|
|
# paths:
|
|
# - path: URLPATH
|
|
# backend:
|
|
# serviceName: botkube
|
|
# servicePort: 3978
|
|
# host: HOST
|