Skip to main content
Version: 0.13

Helm chart parameters

Version: v0.13.0 AppVersion: v0.13.0

Controller for the BotKube Slack app which helps you monitor your Kubernetes cluster, debug deployments and run specific checks on resources in the cluster.

Homepage: https://botkube.io

Maintainers

NameEmail
BotKube Dev Team[email protected]

Source Code

Parameters

KeyTypeDefaultDescription
image.registrystring"ghcr.io"BotKube container image registry.
image.repositorystring"kubeshop/botkube"BotKube container image repository.
image.pullPolicystring"IfNotPresent"BotKube container image pull policy.
image.tagstring"v0.13.0"BotKube container image tag. Default tag is appVersion from Chart.yaml.
podSecurityPolicyobject{"enabled":false}Configures Pod Security Policy to allow BotKube to run in restricted clusters. Ref doc.
securityContextobjectRuns as a Non-Privileged user.Configures security context to manage user Privileges in Pod. Ref doc.
containerSecurityContextobject{"allowPrivilegeEscalation":false,"privileged":false,"readOnlyRootFilesystem":true}Configures container security context. Ref doc.
kubeconfig.enabledboolfalseIf true, enables overriding the Kubernetes auth.
kubeconfig.base64Configstring""A base64 encoded kubeconfig that will be stored in a Secret, mounted to the Pod, and specified in the KUBECONFIG environment variable.
kubeconfig.existingSecretstring""A Secret containing a kubeconfig to use.
sourcesobjectSee the values.yaml file for full object.Map of sources. Source contains configuration for Kubernetes events and sending recommendations. The property name under sources object is an alias for a given configuration. You can define multiple sources configuration with different names. Key name is used as a binding reference.
sources.k8s-events.kubernetesobject{"namespaces":{"include":[".*"]},"recommendations":{"ingress":{"backendServiceValid":true,"tlsSecretValid":true},"pod":{"labelsSet":true,"noLatestImageTag":true}},"resources":[{"events":["create","delete","error"],"name":"v1/pods"},{"events":["create","delete","error"],"name":"v1/services"},{"events":["create","update","delete","error"],"name":"apps/v1/deployments","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.availableReplicas"],"includeDiff":true}},{"events":["create","update","delete","error"],"name":"apps/v1/statefulsets","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.readyReplicas"],"includeDiff":true}},{"events":["create","delete","error"],"name":"networking.k8s.io/v1/ingresses"},{"events":["create","delete","error"],"name":"v1/nodes"},{"events":["create","delete","error"],"name":"v1/namespaces"},{"events":["create","delete","error"],"name":"v1/persistentvolumes"},{"events":["create","delete","error"],"name":"v1/persistentvolumeclaims"},{"events":["create","delete","error"],"name":"v1/configmaps"},{"events":["create","update","delete","error"],"name":"apps/v1/daemonsets","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.numberReady"],"includeDiff":true}},{"events":["create","update","delete","error"],"name":"batch/v1/jobs","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.conditions[*].type"],"includeDiff":true}},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/roles"},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/rolebindings"},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/clusterrolebindings"},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/clusterroles"}]}Describes Kubernetes source configuration.
sources.k8s-events.kubernetes.recommendationsobject{"ingress":{"backendServiceValid":true,"tlsSecretValid":true},"pod":{"labelsSet":true,"noLatestImageTag":true}}Describes configuration for various recommendation insights.
sources.k8s-events.kubernetes.recommendations.podobject{"labelsSet":true,"noLatestImageTag":true}Recommendations for Pod Kubernetes resource.
sources.k8s-events.kubernetes.recommendations.pod.noLatestImageTagbooltrueIf true, notifies about Pod containers that use latest tag for images.
sources.k8s-events.kubernetes.recommendations.pod.labelsSetbooltrueIf true, notifies about Pod resources created without labels.
sources.k8s-events.kubernetes.recommendations.ingressobject{"backendServiceValid":true,"tlsSecretValid":true}Recommendations for Ingress Kubernetes resource.
sources.k8s-events.kubernetes.recommendations.ingress.backendServiceValidbooltrueIf true, notifies about Ingress resources with invalid backend service reference.
sources.k8s-events.kubernetes.recommendations.ingress.tlsSecretValidbooltrueIf true, notifies about Ingress resources with invalid TLS secret reference.
sources.k8s-events.kubernetes.namespacesobject{"include":[".*"]}Describes namespaces for every Kubernetes resources you want to watch or exclude. These namespaces are applied to every resource specified in the resources list. However, every specified resource can override this by using its own namespaces object.
sources.k8s-events.kubernetes.resourceslistWatch all built-in K8s kinds.Describes the Kubernetes resources you want to watch.
executorsobjectSee the values.yaml file for full object.Map of executors. Executor contains configuration for running kubectl commands. The property name under executors is an alias for a given configuration. You can define multiple executor configurations with different names. Key name is used as a binding reference.
executors.kubectl-read-only.kubectl.namespaces.includelist[".*"]List of allowed Kubernetes Namespaces for command execution. It can also contain a regex expressions: - ".*" - to specify all Namespaces.
executors.kubectl-read-only.kubectl.namespaces.excludelist[]List of ignored Kubernetes Namespace. It can also contain a regex expressions: - "test-.*" - to specify all Namespaces.
executors.kubectl-read-only.kubectl.enabledboolfalseIf true, enables kubectl commands execution.
executors.kubectl-read-only.kubectl.commands.verbslist["api-resources","api-versions","cluster-info","describe","diff","explain","get","logs","top","auth"]Configures which kubectl methods are allowed.
executors.kubectl-read-only.kubectl.commands.resourceslist["deployments","pods","namespaces","daemonsets","statefulsets","storageclasses","nodes","configmaps"]Configures which K8s resource are allowed.
executors.kubectl-read-only.kubectl.defaultNamespacestring"default"Configures the default Namespace for executing BotKube kubectl commands. If not set, uses the 'default'.
executors.kubectl-read-only.kubectl.restrictAccessboolfalseIf true, enables commands execution from configured channel only.
existingCommunicationsSecretNamestring""Configures existing Secret with communication settings. It MUST be in the botkube Namespace.
communicationsobjectSee the values.yaml file for full object.Map of communication groups. Communication group contains settings for multiple communication platforms. The property name under communications object is an alias for a given configuration group. You can define multiple communication groups with different names.
communications.default-group.slack.enabledboolfalseIf true, enables Slack bot.
communications.default-group.slack.channelsobject{"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-events"]},"name":"SLACK_CHANNEL"}}Map of configured channels. The property name under channels object is an alias for a given configuration.
communications.default-group.slack.channels.default.namestring"SLACK_CHANNEL"Slack channel name without '#' prefix where you have added BotKube and want to receive notifications in.
communications.default-group.slack.channels.default.bindings.executorslist["kubectl-read-only"]Executors configuration for a given channel.
communications.default-group.slack.channels.default.bindings.sourceslist["k8s-events"]Notification sources configuration for a given channel.
communications.default-group.slack.tokenstring"SLACK_API_TOKEN"Slack token.
communications.default-group.slack.notification.typestring"short"Configures notification type that are sent. Possible values: short, long.
communications.default-group.mattermost.enabledboolfalseIf true, enables Mattermost bot.
communications.default-group.mattermost.botNamestring"BotKube"User in Mattermost which belongs the specified Personal Access token.
communications.default-group.mattermost.urlstring"MATTERMOST_SERVER_URL"The URL (including http/https schema) where Mattermost is running. e.g https://example.com:9243
communications.default-group.mattermost.tokenstring"MATTERMOST_TOKEN"Personal Access token generated by BotKube user.
communications.default-group.mattermost.teamstring"MATTERMOST_TEAM"The Mattermost Team name where BotKube is added.
communications.default-group.mattermost.channelsobject{"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-events"]},"name":"MATTERMOST_CHANNEL"}}Map of configured channels. The property name under channels object is an alias for a given configuration.
communications.default-group.mattermost.channels.default.namestring"MATTERMOST_CHANNEL"The Mattermost channel name for receiving BotKube alerts. The BotKube user needs to be added to it.
communications.default-group.mattermost.channels.default.bindings.executorslist["kubectl-read-only"]Executors configuration for a given channel.
communications.default-group.mattermost.channels.default.bindings.sourceslist["k8s-events"]Notification sources configuration for a given channel.
communications.default-group.mattermost.notification.typestring"short"Configures notification type that are sent. Possible values: short, long.
communications.default-group.teams.enabledboolfalseIf true, enables MS Teams bot.
communications.default-group.teams.botNamestring"BotKube"The Bot name set while registering Bot to MS Teams.
communications.default-group.teams.appIDstring"APPLICATION_ID"The BotKube application ID generated while registering Bot to MS Teams.
communications.default-group.teams.appPasswordstring"APPLICATION_PASSWORD"The BotKube application password generated while registering Bot to MS Teams.
communications.default-group.teams.bindings.executorslist["kubectl-read-only"]Executor bindings apply to all MS Teams channels where BotKube has access to.
communications.default-group.teams.bindings.sourceslist["k8s-events"]Source bindings apply to all channels which have notification turned on with @BotKube notifier start command.
communications.default-group.teams.messagePathstring"/bots/teams"The path in endpoint URL provided while registering BotKube to MS Teams.
communications.default-group.teams.notification.typestring"short"Configures notification type that are sent. Possible values: short, long.
communications.default-group.teams.portint3978The Service port for bot endpoint on BotKube container.
communications.default-group.discord.enabledboolfalseIf true, enables Discord bot.
communications.default-group.discord.tokenstring"DISCORD_TOKEN"BotKube Bot Token.
communications.default-group.discord.botIDstring"DISCORD_BOT_ID"BotKube Application Client ID.
communications.default-group.discord.channelsobject{"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-events"]},"id":"DISCORD_CHANNEL_ID"}}Map of configured channels. The property name under channels object is an alias for a given configuration.
communications.default-group.discord.channels.default.idstring"DISCORD_CHANNEL_ID"Discord channel ID for receiving BotKube alerts. The BotKube user needs to be added to it.
communications.default-group.discord.channels.default.bindings.executorslist["kubectl-read-only"]Executors configuration for a given channel.
communications.default-group.discord.channels.default.bindings.sourceslist["k8s-events"]Notification sources configuration for a given channel.
communications.default-group.discord.notification.typestring"short"Configures notification type that are sent. Possible values: short, long.
communications.default-group.elasticsearch.enabledboolfalseIf true, enables Elasticsearch.
communications.default-group.elasticsearch.awsSigning.enabledboolfalseIf true, enables awsSigning using IAM for Elasticsearch hosted on AWS. Make sure AWS environment variables are set. Ref doc.
communications.default-group.elasticsearch.awsSigning.awsRegionstring"us-east-1"AWS region where Elasticsearch is deployed.
communications.default-group.elasticsearch.awsSigning.roleArnstring""AWS IAM Role arn to assume for credentials, use this only if you don't want to use the EC2 instance role or not running on AWS instance.
communications.default-group.elasticsearch.serverstring"ELASTICSEARCH_ADDRESS"The server URL, e.g https://example.com:9243
communications.default-group.elasticsearch.usernamestring"ELASTICSEARCH_USERNAME"Basic Auth username.
communications.default-group.elasticsearch.passwordstring"ELASTICSEARCH_PASSWORD"Basic Auth password.
communications.default-group.elasticsearch.skipTLSVerifyboolfalseIf true, skips the verification of TLS certificate of the Elastic nodes. It's useful for clusters with self-signed certificates.
communications.default-group.elasticsearch.indicesobject{"default":{"bindings":{"sources":["k8s-events"]},"name":"botkube","replicas":0,"shards":1,"type":"botkube-event"}}Map of configured indices. The indices property name is an alias for a given configuration.
communications.default-group.elasticsearch.indices.default.namestring"botkube"Configures Elasticsearch index settings.
communications.default-group.elasticsearch.indices.default.bindings.sourceslist["k8s-events"]Notification sources configuration for a given index.
communications.default-group.webhook.enabledboolfalseIf true, enables Webhook.
communications.default-group.webhook.urlstring"WEBHOOK_URL"The Webhook URL, e.g.: https://example.com:80
communications.default-group.webhook.bindings.sourceslist["k8s-events"]Notification sources configuration for the webhook.
settings.clusterNamestring"not-configured"Cluster name to differentiate incoming messages.
settings.configWatcherbooltrueIf true, restarts the BotKube Pod on config changes.
settings.upgradeNotifierbooltrueIf true, notifies about new BotKube releases.
settings.log.levelstring"info"Sets one of the log levels. Allowed values: info, warn, debug, error, fatal, panic.
settings.log.disableColorsboolfalseIf true, disable ANSI colors in logging.
ssl.enabledboolfalseIf true, specify cert path in config.ssl.cert property or K8s Secret in config.ssl.existingSecretName.
ssl.existingSecretNamestring""Using existing SSL Secret. It MUST be in botkube Namespace.
ssl.certstring""SSL Certificate file e.g certs/my-cert.crt.
serviceobject{"name":"metrics","port":2112,"targetPort":2112}Configures Service settings for ServiceMonitor CR.
ingressobject{"annotations":{"kubernetes.io/ingress.class":"nginx"},"create":false,"host":"HOST","tls":{"enabled":false,"secretName":""}}Configures Ingress settings that exposes MS Teams endpoint. Ref doc.
serviceMonitorobject{"enabled":false,"interval":"10s","labels":{},"path":"/metrics","port":"metrics"}Configures ServiceMonitor settings. Ref doc.
deployment.annotationsobject{}Extra annotations to pass to the BotKube Deployment.
extraAnnotationsobject{}Extra annotations to pass to the BotKube Pod.
extraLabelsobject{}Extra labels to pass to the BotKube Pod.
priorityClassNamestring""Priority class name for the BotKube Pod.
nameOverridestring""Fully override "botkube.name" template.
fullnameOverridestring""Fully override "botkube.fullname" template.
resourcesobject{}The BotKube Pod resource request and limits. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. Ref docs
extraEnvlist[]Extra environment variables to pass to the BotKube container. Ref docs.
extraVolumeslist[]Extra volumes to pass to the BotKube container. Mount it later with extraVolumeMounts. Ref docs.
extraVolumeMountslist[]Extra volume mounts to pass to the BotKube container. Ref docs.
nodeSelectorobject{}Node labels for BotKube Pod assignment. Ref doc.
tolerationslist[]Tolerations for BotKube Pod assignment. Ref doc.
affinityobject{}Affinity for BotKube Pod assignment. Ref doc.
rbacobject{"create":true,"rules":[{"apiGroups":["*"],"resources":["*"],"verbs":["get","watch","list"]}]}Role Based Access for BotKube Pod. Ref doc.
serviceAccount.createbooltrueIf true, a ServiceAccount is automatically created.
serviceAccount.namestring""The name of the service account to use. If not set, a name is generated using the fullname template.
serviceAccount.annotationsobject{}Extra annotations for the ServiceAccount.
extraObjectslist[]Extra Kubernetes resources to create. Helm templating is allowed as it is evaluated before creating the resources.
analytics.disableboolfalseIf true, sending anonymous analytics is disabled. To learn what date we collect, see Privacy Policy.
e2eTest.image.registrystring"ghcr.io"Test runner image registry.
e2eTest.image.repositorystring"kubeshop/botkube-test"Test runner image repository.
e2eTest.image.pullPolicystring"IfNotPresent"Test runner image pull policy.
e2eTest.image.tagstring"v0.13.0"Test runner image tag. Default tag is appVersion from Chart.yaml.
e2eTest.deploymentobject{"waitTimeout":"3m"}Configures BotKube Deployment related data.
e2eTest.slack.botNamestring"botkube"Name of the BotKube bot to interact with during the e2e tests.
e2eTest.slack.testerNamestring"botkube_tester"Name of the BotKube Tester bot that sends messages during the e2e tests.
e2eTest.slack.testerAppTokenstring""Slack tester application token that interacts with BotKube bot.
e2eTest.slack.additionalContextMessagestring""Additional message that is sent by Tester. You can pass e.g. pull request number or source link where these tests are run from.
e2eTest.slack.messageWaitTimeoutstring"1m"Message wait timeout. It defines how long we wait to ensure that notification were not sent when disabled.

AWS IRSA on EKS support

AWS has introduced IAM Role for Service Accounts in order to provide fine grained access. This is useful if you are looking to run BotKube inside an EKS cluster. For more details visit https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html.

Annotate the BotKube Service Account as shown in the example below and add the necessary Trust Relationship to the corresponding BotKube role to get this working.

serviceAccount:
annotations:
eks.amazonaws.com/role-arn: "<role_arn_to_assume>"