Helm chart parameters

Version: v0.12.4 AppVersion: v0.12.4

Controller for the BotKube Slack app which helps you monitor your Kubernetes cluster, debug deployments and run specific checks on resources in the cluster.

Homepage: https://botkube.io

Maintainers

NameEmail
BotKube Dev Team[email protected]

Source Code

Parameters

KeyTypeDefaultDescription
image.registrystring"ghcr.io"BotKube container image registry.
image.repositorystring"kubeshop/botkube"BotKube container image repository.
image.pullPolicystring"IfNotPresent"BotKube container image pull policy.
image.tagstring"v9.99.9-dev"BotKube container image tag. Default tag is appVersion from Chart.yaml.
podSecurityPolicyobject{"enabled":false}Configures Pod Security Policy to allow BotKube to run in restricted clusters. Ref doc.
securityContextobjectRuns as a Non-Privileged user.Configures security context to manage user Privileges in Pod. Ref doc.
containerSecurityContextobject{"allowPrivilegeEscalation":false,"privileged":false,"readOnlyRootFilesystem":true}Configures container security context. Ref doc.
kubeconfig.enabledboolfalseIf true, enables overriding the Kubernetes auth.
kubeconfig.base64Configstring""A base64 encoded kubeconfig that will be stored in a Secret, mounted to the Pod, and specified in the KUBECONFIG environment variable.
kubeconfig.existingSecretstring""A Secret containing a kubeconfig to use.
sourcesobject{"k8s-events":{"kubernetes":{"resources":[{"events":["create","delete","error"],"name":"v1/pods","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","delete","error"],"name":"v1/services","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","update","delete","error"],"name":"apps/v1/deployments","namespaces":{"ignore":[null],"include":["all"]},"updateSetting":{"fields":["spec.template.spec.containers[*].image","status.availableReplicas"],"includeDiff":true}},{"events":["create","update","delete","error"],"name":"apps/v1/statefulsets","namespaces":{"ignore":[null],"include":["all"]},"updateSetting":{"fields":["spec.template.spec.containers[*].image","status.readyReplicas"],"includeDiff":true}},{"events":["create","delete","error"],"name":"networking.k8s.io/v1/ingresses","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","delete","error"],"name":"v1/nodes","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","delete","error"],"name":"v1/namespaces","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","delete","error"],"name":"v1/persistentvolumes","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","delete","error"],"name":"v1/persistentvolumeclaims","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","delete","error"],"name":"v1/configmaps","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","update","delete","error"],"name":"apps/v1/daemonsets","namespaces":{"ignore":[null],"include":["all"]},"updateSetting":{"fields":["spec.template.spec.containers[*].image","status.numberReady"],"includeDiff":true}},{"events":["create","update","delete","error"],"name":"batch/v1/jobs","namespaces":{"ignore":[null],"include":["all"]},"updateSetting":{"fields":["spec.template.spec.containers[*].image","status.conditions[*].type"],"includeDiff":true}},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/roles","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/rolebindings","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/clusterrolebindings","namespaces":{"ignore":[null],"include":["all"]}},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/clusterroles","namespaces":{"ignore":[null],"include":["all"]}}]},"recommendations":true}}Map of enabled sources. The sources property name is an alias for a given configuration. Key name used as a binding reference.
sources.k8s-events.recommendationsbooltrueIf true, BotKube sends recommendations about the best practices for the created resource.
sources.k8s-events.kubernetes.resourceslistWatch all built-in K8s kinds.Describes the Kubernetes resources you want to watch.
executors.kubectl-read-only.kubectl.enabledboolfalseIf true, enables kubectl commands execution.
executors.kubectl-read-only.kubectl.commands.verbslist["api-resources","api-versions","cluster-info","describe","diff","explain","get","logs","top","auth"]Configures which kubectl methods are allowed.
executors.kubectl-read-only.kubectl.commands.resourceslist["deployments","pods","namespaces","daemonsets","statefulsets","storageclasses","nodes","configmaps"]Configures which K8s resource are allowed.
executors.kubectl-read-only.kubectl.defaultNamespacestring"default"Configures the default Namespace for executing BotKube kubectl commands.
executors.kubectl-read-only.kubectl.restrictAccessboolfalseIf true, enables commands execution from configured channel only.
existingCommunicationsSecretNamestring""Configures existing Secret with communication settings. It MUST be in the botkube Namespace.
communications.default-group.slack.enabledboolfalseIf true, enables Slack bot.
communications.default-group.slack.channelsobject{"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-events"]},"name":"SLACK_CHANNEL"}}Map of configured channels. The channels property name is an alias for a given configuration.
communications.default-group.slack.channels.default.namestring"SLACK_CHANNEL"Slack channel name without ‘#’ prefix where you have added BotKube and want to receive notifications in.
communications.default-group.slack.tokenstring"SLACK_API_TOKEN"Slack token.
communications.default-group.slack.notification.typestring"short"Configures notification type that are sent. Possible values: short, long.
communications.default-group.mattermost.enabledboolfalseIf true, enables Mattermost bot.
communications.default-group.mattermost.botNamestring"BotKube"User in Mattermost which belongs the specified Personal Access token.
communications.default-group.mattermost.urlstring"MATTERMOST_SERVER_URL"The URL (including http/https schema) where Mattermost is running. e.g https://example.com:9243
communications.default-group.mattermost.tokenstring"MATTERMOST_TOKEN"Personal Access token generated by BotKube user.
communications.default-group.mattermost.teamstring"MATTERMOST_TEAM"The Mattermost Team name where BotKube is added.
communications.default-group.mattermost.channelsobject{"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-events"]},"name":"MATTERMOST_CHANNEL"}}Map of configured channels. The channels property name is an alias for a given configuration.
communications.default-group.mattermost.channels.default.namestring"MATTERMOST_CHANNEL"The Mattermost channel name for receiving BotKube alerts. The BotKube user needs to be added to it.
communications.default-group.mattermost.notification.typestring"short"Configures notification type that are sent. Possible values: short, long.
communications.default-group.teams.enabledboolfalseIf true, enables MS Teams bot.
communications.default-group.teams.botNamestring"BotKube"The Bot name set while registering Bot to MS Teams.
communications.default-group.teams.appIDstring"APPLICATION_ID"The BotKube application ID generated while registering Bot to MS Teams.
communications.default-group.teams.appPasswordstring"APPLICATION_PASSWORD"The BotKube application password generated while registering Bot to MS Teams.
communications.default-group.teams.messagePathstring"/bots/teams"The path in endpoint URL provided while registering BotKube to MS Teams.
communications.default-group.teams.notification.typestring"short"Configures notification type that are sent. Possible values: short, long.
communications.default-group.teams.portint3978The Service port for bot endpoint on BotKube container.
communications.default-group.discord.enabledboolfalseIf true, enables Discord bot.
communications.default-group.discord.tokenstring"DISCORD_TOKEN"BotKube Bot Token.
communications.default-group.discord.botIDstring"DISCORD_BOT_ID"BotKube Application Client ID.
communications.default-group.discord.channelsobject{"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-events"]},"id":"DISCORD_CHANNEL_ID"}}Map of configured channels. The channels property name is an alias for a given configuration.
communications.default-group.discord.channels.default.idstring"DISCORD_CHANNEL_ID"Discord channel ID for receiving BotKube alerts. The BotKube user needs to be added to it.
communications.default-group.discord.notification.typestring"short"Configures notification type that are sent. Possible values: short, long.
communications.default-group.elasticsearch.enabledboolfalseIf true, enables Elasticsearch.
communications.default-group.elasticsearch.awsSigning.enabledboolfalseIf true, enables awsSigning using IAM for Elasticsearch hosted on AWS. Make sure AWS environment variables are set. Ref doc.
communications.default-group.elasticsearch.awsSigning.awsRegionstring"us-east-1"AWS region where Elasticsearch is deployed.
communications.default-group.elasticsearch.awsSigning.roleArnstring""AWS IAM Role arn to assume for credentials, use this only if you don’t want to use the EC2 instance role or not running on AWS instance.
communications.default-group.elasticsearch.serverstring"ELASTICSEARCH_ADDRESS"The server URL, e.g https://example.com:9243
communications.default-group.elasticsearch.usernamestring"ELASTICSEARCH_USERNAME"Basic Auth username.
communications.default-group.elasticsearch.passwordstring"ELASTICSEARCH_PASSWORD"Basic Auth password.
communications.default-group.elasticsearch.skipTLSVerifyboolfalseIf true, skips the verification of TLS certificate of the Elastic nodes. It’s useful for clusters with self-signed certificates.
communications.default-group.elasticsearch.indicesobject{"default":{"bindings":{"sources":["k8s-events"]},"name":"botkube","replicas":0,"shards":1,"type":"botkube-event"}}Map of configured indices. The indices property name is an alias for a given configuration.
communications.default-group.elasticsearch.indices.default.namestring"botkube"Configures Elasticsearch index settings.
communications.default-group.webhook.enabledboolfalseIf true, enables Webhook.
communications.default-group.webhook.urlstring"WEBHOOK_URL"The Webhook URL, e.g.: https://example.com:80
settings.clusternamestring"not-configured"Cluster name to differentiate incoming messages.
settings.configWatcherbooltrueIf true, restarts the BotKube Pod on config changes.
settings.upgradeNotifierbooltrueIf true, notifies about new BotKube releases.
settings.log.levelstring"info"Sets one of the log levels. Allowed values: info, warn, debug, error, fatal, panic.
settings.log.disableColorsboolfalseIf true, disable ANSI colors in logging.
ssl.enabledboolfalseIf true, specify cert path in config.ssl.cert property or K8s Secret in config.ssl.existingSecretName.
ssl.existingSecretNamestring""Using existing SSL Secret. It MUST be in botkube Namespace.
ssl.certstring""SSL Certificate file e.g certs/my-cert.crt.
serviceobject{"name":"metrics","port":2112,"targetPort":2112}Configures Service settings for ServiceMonitor CR.
ingressobject{"annotations":{"kubernetes.io/ingress.class":"nginx"},"create":false,"host":"HOST","tls":{"enabled":false,"secretName":""}}Configures Ingress settings that exposes MS Teams endpoint. Ref doc.
serviceMonitorobject{"enabled":false,"interval":"10s","labels":{},"path":"/metrics","port":"metrics"}Configures ServiceMonitor settings. Ref doc.
deployment.annotationsobject{}Extra annotations to pass to the BotKube Deployment.
extraAnnotationsobject{}Extra annotations to pass to the BotKube Pod.
extraLabelsobject{}Extra labels to pass to the BotKube Pod.
priorityClassNamestring""Priority class name for the BotKube Pod.
nameOverridestring""Fully override “botkube.name” template.
fullnameOverridestring""Fully override “botkube.fullname” template.
resourcesobject{}The BotKube Pod resource request and limits. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. Ref docs
extraEnvlist[]Extra environment variables to pass to the BotKube container. Ref docs.
extraVolumeslist[]Extra volumes to pass to the BotKube container. Mount it later with extraVolumeMounts. Ref docs.
extraVolumeMountslist[]Extra volume mounts to pass to the BotKube container. Ref docs.
nodeSelectorobject{}Node labels for BotKube Pod assignment. Ref doc.
tolerationslist[]Tolerations for BotKube Pod assignment. Ref doc.
affinityobject{}Affinity for BotKube Pod assignment. Ref doc.
rbacobject{"create":true,"rules":[{"apiGroups":["*"],"resources":["*"],"verbs":["get","watch","list"]}]}Role Based Access for BotKube Pod. Ref doc.
serviceAccount.createbooltrueIf true, a ServiceAccount is automatically created.
serviceAccount.namestring""The name of the service account to use. If not set, a name is generated using the fullname template.
serviceAccount.annotationsobject{}Extra annotations for the ServiceAccount.
extraObjectslist[]Extra Kubernetes resources to create. Helm templating is allowed as it is evaluated before creating the resources.
analytics.disableboolfalseIf true, sending anonymous analytics is disabled. To learn what date we collect, see Privacy Policy.
e2eTest.image.registrystring"ghcr.io"Test runner image registry.
e2eTest.image.repositorystring"kubeshop/botkube-test"Test runner image repository.
e2eTest.image.pullPolicystring"IfNotPresent"Test runner image pull policy.
e2eTest.image.tagstring"v9.99.9-dev"Test runner image tag. Default tag is appVersion from Chart.yaml.
e2eTest.deploymentobject{"waitTimeout":"3m"}Configures BotKube Deployment related data.
e2eTest.slack.botNamestring"botkube"Name of the BotKube bot to interact with during the e2e tests.
e2eTest.slack.testerAppTokenstring""Slack tester application token that interacts with BotKube bot.
e2eTest.slack.additionalContextMessagestring""Additional message that is sent by Tester. You can pass e.g. pull request number or source link where these tests are run from.
e2eTest.slack.messageWaitTimeoutstring"1m"Message wait timeout. It defines how long we wait to ensure that notification were not sent when disabled.

AWS IRSA on EKS support

AWS has introduced IAM Role for Service Accounts in order to provide fine grained access. This is useful if you are looking to run BotKube inside an EKS cluster. For more details visit https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html.

Annotate the BotKube Service Account as shown in the example below and add the necessary Trust Relationship to the corresponding BotKube role to get this working.

serviceAccount:
  annotations:
    eks.amazonaws.com/role-arn: "<role_arn_to_assume>"