Helm chart parameters
Controller for the Botkube Slack app which helps you monitor your Kubernetes cluster, debug deployments and run specific checks on resources in the cluster.
Homepage: https://botkube.io
Maintainers​
| Name | |
|---|---|
| Botkube Dev Team | dev-team@botkube.io |
Source Code​
Parameters​
| Key | Type | Default | Description |
|---|---|---|---|
| image.registry | string | "ghcr.io" | Botkube container image registry. |
| image.repository | string | "kubeshop/botkube" | Botkube container image repository. |
| image.pullPolicy | string | "IfNotPresent" | Botkube container image pull policy. |
| image.tag | string | "v0.13.0" | Botkube container image tag. Default tag is appVersion from Chart.yaml. |
| podSecurityPolicy | object | {"enabled":false} | Configures Pod Security Policy to allow Botkube to run in restricted clusters. Ref doc. |
| securityContext | object | Runs as a Non-Privileged user. | Configures security context to manage user Privileges in Pod. Ref doc. |
| containerSecurityContext | object | {"allowPrivilegeEscalation":false,"privileged":false,"readOnlyRootFilesystem":true} | Configures container security context. Ref doc. |
| kubeconfig.enabled | bool | false | If true, enables overriding the Kubernetes auth. |
| kubeconfig.base64Config | string | "" | A base64 encoded kubeconfig that will be stored in a Secret, mounted to the Pod, and specified in the KUBECONFIG environment variable. |
| kubeconfig.existingSecret | string | "" | A Secret containing a kubeconfig to use. |
| sources | object | See the values.yaml file for full object. | Map of sources. Source contains configuration for Kubernetes events and sending recommendations. The property name under sources object is an alias for a given configuration. You can define multiple sources configuration with different names. Key name is used as a binding reference. |
| sources.k8s-events.kubernetes | object | {"namespaces":{"include":[".*"]},"recommendations":{"ingress":{"backendServiceValid":true,"tlsSecretValid":true},"pod":{"labelsSet":true,"noLatestImageTag":true}},"resources":[{"events":["create","delete","error"],"name":"v1/pods"},{"events":["create","delete","error"],"name":"v1/services"},{"events":["create","update","delete","error"],"name":"apps/v1/deployments","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.availableReplicas"],"includeDiff":true}},{"events":["create","update","delete","error"],"name":"apps/v1/statefulsets","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.readyReplicas"],"includeDiff":true}},{"events":["create","delete","error"],"name":"networking.k8s.io/v1/ingresses"},{"events":["create","delete","error"],"name":"v1/nodes"},{"events":["create","delete","error"],"name":"v1/namespaces"},{"events":["create","delete","error"],"name":"v1/persistentvolumes"},{"events":["create","delete","error"],"name":"v1/persistentvolumeclaims"},{"events":["create","delete","error"],"name":"v1/configmaps"},{"events":["create","update","delete","error"],"name":"apps/v1/daemonsets","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.numberReady"],"includeDiff":true}},{"events":["create","update","delete","error"],"name":"batch/v1/jobs","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.conditions[*].type"],"includeDiff":true}},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/roles"},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/rolebindings"},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/clusterrolebindings"},{"events":["create","delete","error"],"name":"rbac.authorization.k8s.io/v1/clusterroles"}]} | Describes Kubernetes source configuration. |
| sources.k8s-events.kubernetes.recommendations | object | {"ingress":{"backendServiceValid":true,"tlsSecretValid":true},"pod":{"labelsSet":true,"noLatestImageTag":true}} | Describes configuration for various recommendation insights. |
| sources.k8s-events.kubernetes.recommendations.pod | object | {"labelsSet":true,"noLatestImageTag":true} | Recommendations for Pod Kubernetes resource. |
| sources.k8s-events.kubernetes.recommendations.pod.noLatestImageTag | bool | true | If true, notifies about Pod containers that use latest tag for images. |
| sources.k8s-events.kubernetes.recommendations.pod.labelsSet | bool | true | If true, notifies about Pod resources created without labels. |
| sources.k8s-events.kubernetes.recommendations.ingress | object | {"backendServiceValid":true,"tlsSecretValid":true} | Recommendations for Ingress Kubernetes resource. |
| sources.k8s-events.kubernetes.recommendations.ingress.backendServiceValid | bool | true | If true, notifies about Ingress resources with invalid backend service reference. |
| sources.k8s-events.kubernetes.recommendations.ingress.tlsSecretValid | bool | true | If true, notifies about Ingress resources with invalid TLS secret reference. |
| sources.k8s-events.kubernetes.namespaces | object | {"include":[".*"]} | Describes namespaces for every Kubernetes resources you want to watch or exclude. These namespaces are applied to every resource specified in the resources list. However, every specified resource can override this by using its own namespaces object. |
| sources.k8s-events.kubernetes.resources | list | Watch all built-in K8s kinds. | Describes the Kubernetes resources you want to watch. |
| executors | object | See the values.yaml file for full object. | Map of executors. Executor contains configuration for running kubectl commands. The property name under executors is an alias for a given configuration. You can define multiple executor configurations with different names. Key name is used as a binding reference. |
| executors.kubectl-read-only.kubectl.namespaces.include | list | [".*"] | List of allowed Kubernetes Namespaces for command execution. It can also contain a regex expressions: - ".*" - to specify all Namespaces. |
| executors.kubectl-read-only.kubectl.namespaces.exclude | list | [] | List of ignored Kubernetes Namespace. It can also contain a regex expressions: - "test-.*" - to specify all Namespaces. |
| executors.kubectl-read-only.kubectl.enabled | bool | false | If true, enables kubectl commands execution. |
| executors.kubectl-read-only.kubectl.commands.verbs | list | ["api-resources","api-versions","cluster-info","describe","diff","explain","get","logs","top","auth"] | Configures which kubectl methods are allowed. |
| executors.kubectl-read-only.kubectl.commands.resources | list | ["deployments","pods","namespaces","daemonsets","statefulsets","storageclasses","nodes","configmaps"] | Configures which K8s resource are allowed. |
| executors.kubectl-read-only.kubectl.defaultNamespace | string | "default" | Configures the default Namespace for executing Botkube kubectl commands. If not set, uses the 'default'. |
| executors.kubectl-read-only.kubectl.restrictAccess | bool | false | If true, enables commands execution from configured channel only. |
| existingCommunicationsSecretName | string | "" | Configures existing Secret with communication settings. It MUST be in the botkube Namespace. |
| communications | object | See the values.yaml file for full object. | Map of communication groups. Communication group contains settings for multiple communication platforms. The property name under communications object is an alias for a given configuration group. You can define multiple communication groups with different names. |
| communications.default-group.slack.enabled | bool | false | If true, enables Slack bot. |
| communications.default-group.slack.channels | object | {"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-events"]},"name":"SLACK_CHANNEL"}} | Map of configured channels. The property name under channels object is an alias for a given configuration. |
| communications.default-group.slack.channels.default.name | string | "SLACK_CHANNEL" | Slack channel name without '#' prefix where you have added Botkube and want to receive notifications in. |
| communications.default-group.slack.channels.default.bindings.executors | list | ["kubectl-read-only"] | Executors configuration for a given channel. |
| communications.default-group.slack.channels.default.bindings.sources | list | ["k8s-events"] | Notification sources configuration for a given channel. |
| communications.default-group.slack.token | string | "SLACK_API_TOKEN" | Slack token. |
| communications.default-group.slack.notification.type | string | "short" | Configures notification type that are sent. Possible values: short, long. |
| communications.default-group.mattermost.enabled | bool | false | If true, enables Mattermost bot. |
| communications.default-group.mattermost.botName | string | "Botkube" | User in Mattermost which belongs the specified Personal Access token. |
| communications.default-group.mattermost.url | string | "MATTERMOST_SERVER_URL" | The URL (including http/https schema) where Mattermost is running. e.g https://example.com:9243 |
| communications.default-group.mattermost.token | string | "MATTERMOST_TOKEN" | Personal Access token generated by Botkube user. |
| communications.default-group.mattermost.team | string | "MATTERMOST_TEAM" | The Mattermost Team name where Botkube is added. |
| communications.default-group.mattermost.channels | object | {"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-events"]},"name":"MATTERMOST_CHANNEL"}} | Map of configured channels. The property name under channels object is an alias for a given configuration. |
| communications.default-group.mattermost.channels.default.name | string | "MATTERMOST_CHANNEL" | The Mattermost channel name for receiving Botkube alerts. The Botkube user needs to be added to it. |
| communications.default-group.mattermost.channels.default.bindings.executors | list | ["kubectl-read-only"] | Executors configuration for a given channel. |
| communications.default-group.mattermost.channels.default.bindings.sources | list | ["k8s-events"] | Notification sources configuration for a given channel. |
| communications.default-group.mattermost.notification.type | string | "short" | Configures notification type that are sent. Possible values: short, long. |
| communications.default-group.teams.enabled | bool | false | If true, enables MS Teams bot. |
| communications.default-group.teams.botName | string | "Botkube" | The Bot name set while registering Bot to MS Teams. |
| communications.default-group.teams.appID | string | "APPLICATION_ID" | The Botkube application ID generated while registering Bot to MS Teams. |
| communications.default-group.teams.appPassword | string | "APPLICATION_PASSWORD" | The Botkube application password generated while registering Bot to MS Teams. |
| communications.default-group.teams.bindings.executors | list | ["kubectl-read-only"] | Executor bindings apply to all MS Teams channels where Botkube has access to. |
| communications.default-group.teams.bindings.sources | list | ["k8s-events"] | Source bindings apply to all channels which have notification turned on with @Botkube notifier start command. |
| communications.default-group.teams.messagePath | string | "/bots/teams" | The path in endpoint URL provided while registering Botkube to MS Teams. |
| communications.default-group.teams.notification.type | string | "short" | Configures notification type that are sent. Possible values: short, long. |
| communications.default-group.teams.port | int | 3978 | The Service port for bot endpoint on Botkube container. |
| communications.default-group.discord.enabled | bool | false | If true, enables Discord bot. |
| communications.default-group.discord.token | string | "DISCORD_TOKEN" | Botkube Bot Token. |
| communications.default-group.discord.botID | string | "DISCORD_BOT_ID" | Botkube Application Client ID. |
| communications.default-group.discord.channels | object | {"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-events"]},"id":"DISCORD_CHANNEL_ID"}} | Map of configured channels. The property name under channels object is an alias for a given configuration. |
| communications.default-group.discord.channels.default.id | string | "DISCORD_CHANNEL_ID" | Discord channel ID for receiving Botkube alerts. The Botkube user needs to be added to it. |
| communications.default-group.discord.channels.default.bindings.executors | list | ["kubectl-read-only"] | Executors configuration for a given channel. |
| communications.default-group.discord.channels.default.bindings.sources | list | ["k8s-events"] | Notification sources configuration for a given channel. |
| communications.default-group.discord.notification.type | string | "short" | Configures notification type that are sent. Possible values: short, long. |
| communications.default-group.elasticsearch.enabled | bool | false | If true, enables Elasticsearch. |
| communications.default-group.elasticsearch.awsSigning.enabled | bool | false | If true, enables awsSigning using IAM for Elasticsearch hosted on AWS. Make sure AWS environment variables are set. Ref doc. |
| communications.default-group.elasticsearch.awsSigning.awsRegion | string | "us-east-1" | AWS region where Elasticsearch is deployed. |
| communications.default-group.elasticsearch.awsSigning.roleArn | string | "" | AWS IAM Role arn to assume for credentials, use this only if you don't want to use the EC2 instance role or not running on AWS instance. |
| communications.default-group.elasticsearch.server | string | "ELASTICSEARCH_ADDRESS" | The server URL, e.g https://example.com:9243 |
| communications.default-group.elasticsearch.username | string | "ELASTICSEARCH_USERNAME" | Basic Auth username. |
| communications.default-group.elasticsearch.password | string | "ELASTICSEARCH_PASSWORD" | Basic Auth password. |
| communications.default-group.elasticsearch.skipTLSVerify | bool | false | If true, skips the verification of TLS certificate of the Elastic nodes. It's useful for clusters with self-signed certificates. |
| communications.default-group.elasticsearch.indices | object | {"default":{"bindings":{"sources":["k8s-events"]},"name":"botkube","replicas":0,"shards":1,"type":"botkube-event"}} | Map of configured indices. The indices property name is an alias for a given configuration. |
| communications.default-group.elasticsearch.indices.default.name | string | "botkube" | Configures Elasticsearch index settings. |
| communications.default-group.elasticsearch.indices.default.bindings.sources | list | ["k8s-events"] | Notification sources configuration for a given index. |
| communications.default-group.webhook.enabled | bool | false | If true, enables Webhook. |
| communications.default-group.webhook.url | string | "WEBHOOK_URL" | The Webhook URL, e.g.: https://example.com:80 |
| communications.default-group.webhook.bindings.sources | list | ["k8s-events"] | Notification sources configuration for the webhook. |
| settings.clusterName | string | "not-configured" | Cluster name to differentiate incoming messages. |
| settings.configWatcher | bool | true | If true, restarts the Botkube Pod on config changes. |
| settings.upgradeNotifier | bool | true | If true, notifies about new Botkube releases. |
| settings.log.level | string | "info" | Sets one of the log levels. Allowed values: info, warn, debug, error, fatal, panic. |
| settings.log.disableColors | bool | false | If true, disable ANSI colors in logging. |
| ssl.enabled | bool | false | If true, specify cert path in config.ssl.cert property or K8s Secret in config.ssl.existingSecretName. |
| ssl.existingSecretName | string | "" | Using existing SSL Secret. It MUST be in botkube Namespace. |
| ssl.cert | string | "" | SSL Certificate file e.g certs/my-cert.crt. |
| service | object | {"name":"metrics","port":2112,"targetPort":2112} | Configures Service settings for ServiceMonitor CR. |
| ingress | object | {"annotations":{"kubernetes.io/ingress.class":"nginx"},"create":false,"host":"HOST","tls":{"enabled":false,"secretName":""}} | Configures Ingress settings that exposes MS Teams endpoint. Ref doc. |
| serviceMonitor | object | {"enabled":false,"interval":"10s","labels":{},"path":"/metrics","port":"metrics"} | Configures ServiceMonitor settings. Ref doc. |
| deployment.annotations | object | {} | Extra annotations to pass to the Botkube Deployment. |
| extraAnnotations | object | {} | Extra annotations to pass to the Botkube Pod. |
| extraLabels | object | {} | Extra labels to pass to the Botkube Pod. |
| priorityClassName | string | "" | Priority class name for the Botkube Pod. |
| nameOverride | string | "" | Fully override "botkube.name" template. |
| fullnameOverride | string | "" | Fully override "botkube.fullname" template. |
| resources | object | {} | The Botkube Pod resource request and limits. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. Ref docs |
| extraEnv | list | [] | Extra environment variables to pass to the Botkube container. Ref docs. |
| extraVolumes | list | [] | Extra volumes to pass to the Botkube container. Mount it later with extraVolumeMounts. Ref docs. |
| extraVolumeMounts | list | [] | Extra volume mounts to pass to the Botkube container. Ref docs. |
| nodeSelector | object | {} | Node labels for Botkube Pod assignment. Ref doc. |
| tolerations | list | [] | Tolerations for Botkube Pod assignment. Ref doc. |
| affinity | object | {} | Affinity for Botkube Pod assignment. Ref doc. |
| rbac | object | {"create":true,"rules":[{"apiGroups":["*"],"resources":["*"],"verbs":["get","watch","list"]}]} | Role Based Access for Botkube Pod. Ref doc. |
| serviceAccount.create | bool | true | If true, a ServiceAccount is automatically created. |
| serviceAccount.name | string | "" | The name of the service account to use. If not set, a name is generated using the fullname template. |
| serviceAccount.annotations | object | {} | Extra annotations for the ServiceAccount. |
| extraObjects | list | [] | Extra Kubernetes resources to create. Helm templating is allowed as it is evaluated before creating the resources. |
| analytics.disable | bool | false | If true, sending anonymous analytics is disabled. To learn what date we collect, see Privacy Policy. |
| e2eTest.image.registry | string | "ghcr.io" | Test runner image registry. |
| e2eTest.image.repository | string | "kubeshop/botkube-test" | Test runner image repository. |
| e2eTest.image.pullPolicy | string | "IfNotPresent" | Test runner image pull policy. |
| e2eTest.image.tag | string | "v0.13.0" | Test runner image tag. Default tag is appVersion from Chart.yaml. |
| e2eTest.deployment | object | {"waitTimeout":"3m"} | Configures Botkube Deployment related data. |
| e2eTest.slack.botName | string | "botkube" | Name of the Botkube bot to interact with during the e2e tests. |
| e2eTest.slack.testerName | string | "botkube_tester" | Name of the Botkube Tester bot that sends messages during the e2e tests. |
| e2eTest.slack.testerAppToken | string | "" | Slack tester application token that interacts with Botkube bot. |
| e2eTest.slack.additionalContextMessage | string | "" | Additional message that is sent by Tester. You can pass e.g. pull request number or source link where these tests are run from. |
| e2eTest.slack.messageWaitTimeout | string | "1m" | Message wait timeout. It defines how long we wait to ensure that notification were not sent when disabled. |
AWS IRSA on EKS support​
AWS has introduced IAM Role for Service Accounts in order to provide fine grained access. This is useful if you are looking to run Botkube inside an EKS cluster. For more details visit https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html.
Annotate the Botkube Service Account as shown in the example below and add the necessary Trust Relationship to the corresponding Botkube role to get this working.
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: "<role_arn_to_assume>"