Helm chart parameters
Controller for the Botkube Slack app which helps you monitor your Kubernetes cluster, debug deployments and run specific checks on resources in the cluster.
Homepage: https://botkube.io
Maintainers​
| Name | |
|---|---|
| Botkube Dev Team | dev-team@botkube.io |
Source Code​
Parameters​
| Key | Type | Default | Description |
|---|---|---|---|
| image.registry | string | "ghcr.io" | Botkube container image registry. |
| image.repository | string | "kubeshop/botkube" | Botkube container image repository. |
| image.pullPolicy | string | "IfNotPresent" | Botkube container image pull policy. |
| image.tag | string | "v0.15.0" | Botkube container image tag. Default tag is appVersion from Chart.yaml. |
| podSecurityPolicy | object | {"enabled":false} | Configures Pod Security Policy to allow Botkube to run in restricted clusters. Ref doc. |
| securityContext | object | Runs as a Non-Privileged user. | Configures security context to manage user Privileges in Pod. Ref doc. |
| containerSecurityContext | object | {"allowPrivilegeEscalation":false,"privileged":false,"readOnlyRootFilesystem":true} | Configures container security context. Ref doc. |
| kubeconfig.enabled | bool | false | If true, enables overriding the Kubernetes auth. |
| kubeconfig.base64Config | string | "" | A base64 encoded kubeconfig that will be stored in a Secret, mounted to the Pod, and specified in the KUBECONFIG environment variable. |
| kubeconfig.existingSecret | string | "" | A Secret containing a kubeconfig to use. |
| sources | object | See the values.yaml file for full object. | Map of sources. Source contains configuration for Kubernetes events and sending recommendations. The property name under sources object is an alias for a given configuration. You can define multiple sources configuration with different names. Key name is used as a binding reference. |
| sources.k8s-recommendation-events.kubernetes | object | {"recommendations":{"ingress":{"backendServiceValid":true,"tlsSecretValid":true},"pod":{"labelsSet":true,"noLatestImageTag":true}}} | Describes Kubernetes source configuration. |
| sources.k8s-recommendation-events.kubernetes.recommendations | object | {"ingress":{"backendServiceValid":true,"tlsSecretValid":true},"pod":{"labelsSet":true,"noLatestImageTag":true}} | Describes configuration for various recommendation insights. |
| sources.k8s-recommendation-events.kubernetes.recommendations.pod | object | {"labelsSet":true,"noLatestImageTag":true} | Recommendations for Pod Kubernetes resource. |
| sources.k8s-recommendation-events.kubernetes.recommendations.pod.noLatestImageTag | bool | true | If true, notifies about Pod containers that use latest tag for images. |
| sources.k8s-recommendation-events.kubernetes.recommendations.pod.labelsSet | bool | true | If true, notifies about Pod resources created without labels. |
| sources.k8s-recommendation-events.kubernetes.recommendations.ingress | object | {"backendServiceValid":true,"tlsSecretValid":true} | Recommendations for Ingress Kubernetes resource. |
| sources.k8s-recommendation-events.kubernetes.recommendations.ingress.backendServiceValid | bool | true | If true, notifies about Ingress resources with invalid backend service reference. |
| sources.k8s-recommendation-events.kubernetes.recommendations.ingress.tlsSecretValid | bool | true | If true, notifies about Ingress resources with invalid TLS secret reference. |
| sources.k8s-all-events.kubernetes | object | {"events":["create","delete","error"],"namespaces":{"include":[".*"]},"resources":[{"name":"v1/pods"},{"name":"v1/services"},{"name":"networking.k8s.io/v1/ingresses"},{"name":"v1/nodes"},{"name":"v1/namespaces"},{"name":"v1/persistentvolumes"},{"name":"v1/persistentvolumeclaims"},{"name":"v1/configmaps"},{"name":"rbac.authorization.k8s.io/v1/roles"},{"name":"rbac.authorization.k8s.io/v1/rolebindings"},{"name":"rbac.authorization.k8s.io/v1/clusterrolebindings"},{"name":"rbac.authorization.k8s.io/v1/clusterroles"},{"events":["create","update","delete","error"],"name":"apps/v1/daemonsets","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.numberReady"],"includeDiff":true}},{"events":["create","update","delete","error"],"name":"batch/v1/jobs","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.conditions[*].type"],"includeDiff":true}},{"events":["create","update","delete","error"],"name":"apps/v1/deployments","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.availableReplicas"],"includeDiff":true}},{"events":["create","update","delete","error"],"name":"apps/v1/statefulsets","updateSetting":{"fields":["spec.template.spec.containers[*].image","status.readyReplicas"],"includeDiff":true}}]} | Describes Kubernetes source configuration. |
| sources.k8s-all-events.kubernetes.namespaces | object | {"include":[".*"]} | Describes namespaces for every Kubernetes resources you want to watch or exclude. These namespaces are applied to every resource specified in the resources list. However, every specified resource can override this by using its own namespaces object. |
| sources.k8s-all-events.kubernetes.events | list | ["create","delete","error"] | Describes events for every Kubernetes resources you want to watch or exclude. These events are applied to every resource specified in the resources list. However, every specified resource can override this by using its own events object. |
| sources.k8s-all-events.kubernetes.resources | list | See the values.yaml file for full object. | Describes the Kubernetes resources you want to watch. |
| sources.k8s-err-events.kubernetes | object | {"events":["error"],"namespaces":{"include":[".*"]},"resources":[{"name":"v1/pods"},{"name":"v1/services"},{"name":"networking.k8s.io/v1/ingresses"},{"name":"v1/nodes"},{"name":"v1/namespaces"},{"name":"v1/persistentvolumes"},{"name":"v1/persistentvolumeclaims"},{"name":"v1/configmaps"},{"name":"rbac.authorization.k8s.io/v1/roles"},{"name":"rbac.authorization.k8s.io/v1/rolebindings"},{"name":"rbac.authorization.k8s.io/v1/clusterrolebindings"},{"name":"rbac.authorization.k8s.io/v1/clusterroles"},{"name":"apps/v1/deployments"},{"name":"apps/v1/statefulsets"},{"name":"apps/v1/daemonsets"},{"name":"batch/v1/jobs"}]} | Describes Kubernetes source configuration. |
| sources.k8s-err-events.kubernetes.namespaces | object | {"include":[".*"]} | Describes namespaces for every Kubernetes resources you want to watch or exclude. These namespaces are applied to every resource specified in the resources list. However, every specified resource can override this by using its own namespaces object. |
| sources.k8s-err-events.kubernetes.events | list | ["error"] | Describes events for every Kubernetes resources you want to watch or exclude. These events are applied to every resource specified in the resources list. However, every specified resource can override this by using its own events object. |
| sources.k8s-err-events.kubernetes.resources | list | See the values.yaml file for full object. | Describes the Kubernetes resources you want to watch. |
| filters | object | See the values.yaml file for full object. | Filter settings for various sources. Currently, all filters are globally enabled or disabled. You can enable or disable filters with @Botkube filters commands. |
| filters.kubernetes.objectAnnotationChecker | bool | true | If true, enables support for botkube.io/disable and botkube.io/channel resource annotations. |
| filters.kubernetes.nodeEventsChecker | bool | true | If true, filters out Node-related events that are not important. |
| executors | object | See the values.yaml file for full object. | Map of executors. Executor contains configuration for running kubectl commands. The property name under executors is an alias for a given configuration. You can define multiple executor configurations with different names. Key name is used as a binding reference. |
| executors.kubectl-read-only.kubectl.namespaces.include | list | [".*"] | List of allowed Kubernetes Namespaces for command execution. It can also contain a regex expressions: - ".*" - to specify all Namespaces. |
| executors.kubectl-read-only.kubectl.namespaces.exclude | list | [] | List of ignored Kubernetes Namespace. It can also contain a regex expressions: - "test-.*" - to specify all Namespaces. |
| executors.kubectl-read-only.kubectl.enabled | bool | false | If true, enables kubectl commands execution. |
| executors.kubectl-read-only.kubectl.commands.verbs | list | ["api-resources","api-versions","cluster-info","describe","explain","get","logs","top"] | Configures which kubectl methods are allowed. |
| executors.kubectl-read-only.kubectl.commands.resources | list | ["deployments","pods","namespaces","daemonsets","statefulsets","storageclasses","nodes","configmaps","services","ingresses"] | Configures which K8s resource are allowed. |
| executors.kubectl-read-only.kubectl.defaultNamespace | string | "default" | Configures the default Namespace for executing Botkube kubectl commands. If not set, uses the 'default'. |
| executors.kubectl-read-only.kubectl.restrictAccess | bool | false | If true, enables commands execution from configured channel only. |
| existingCommunicationsSecretName | string | "" | Configures existing Secret with communication settings. It MUST be in the botkube Namespace. To reload Botkube once it changes, add label botkube.io/config-watch: "true". |
| communications | object | See the values.yaml file for full object. | Map of communication groups. Communication group contains settings for multiple communication platforms. The property name under communications object is an alias for a given configuration group. You can define multiple communication groups with different names. |
| communications.default-group.slack.enabled | bool | false | If true, enables Slack bot. |
| communications.default-group.slack.channels | object | {"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-err-events","k8s-recommendation-events"]},"name":"SLACK_CHANNEL","notification":{"disabled":false}}} | Map of configured channels. The property name under channels object is an alias for a given configuration. |
| communications.default-group.slack.channels.default.name | string | "SLACK_CHANNEL" | Slack channel name without '#' prefix where you have added Botkube and want to receive notifications in. |
| communications.default-group.slack.channels.default.notification.disabled | bool | false | If true, the notifications are not sent to the channel. They can be enabled with @Botkube command anytime. |
| communications.default-group.slack.channels.default.bindings.executors | list | ["kubectl-read-only"] | Executors configuration for a given channel. |
| communications.default-group.slack.channels.default.bindings.sources | list | ["k8s-err-events","k8s-recommendation-events"] | Notification sources configuration for a given channel. |
| communications.default-group.slack.token | string | "" | Slack token. |
| communications.default-group.slack.notification.type | string | "short" | Configures notification type that are sent. Possible values: short, long. |
| communications.default-group.socketSlack.enabled | bool | false | If true, enables Slack bot. |
| communications.default-group.socketSlack.channels | object | {"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-err-events","k8s-recommendation-events"]},"name":"SLACK_CHANNEL"}} | Map of configured channels. The property name under channels object is an alias for a given configuration. |
| communications.default-group.socketSlack.channels.default.name | string | "SLACK_CHANNEL" | Slack channel name without '#' prefix where you have added Botkube and want to receive notifications in. |
| communications.default-group.socketSlack.channels.default.bindings.executors | list | ["kubectl-read-only"] | Executors configuration for a given channel. |
| communications.default-group.socketSlack.channels.default.bindings.sources | list | ["k8s-err-events","k8s-recommendation-events"] | Notification sources configuration for a given channel. |
| communications.default-group.socketSlack.botToken | string | "" | Slack bot token for your own Slack app. Ref doc. |
| communications.default-group.socketSlack.appToken | string | "" | Slack app-level token for your own Slack app. Ref doc. |
| communications.default-group.socketSlack.notification.type | string | "short" | Configures notification type that are sent. Possible values: short, long. |
| communications.default-group.mattermost.enabled | bool | false | If true, enables Mattermost bot. |
| communications.default-group.mattermost.botName | string | "Botkube" | User in Mattermost which belongs the specified Personal Access token. |
| communications.default-group.mattermost.url | string | "MATTERMOST_SERVER_URL" | The URL (including http/https schema) where Mattermost is running. e.g https://example.com:9243 |
| communications.default-group.mattermost.token | string | "MATTERMOST_TOKEN" | Personal Access token generated by Botkube user. |
| communications.default-group.mattermost.team | string | "MATTERMOST_TEAM" | The Mattermost Team name where Botkube is added. |
| communications.default-group.mattermost.channels | object | {"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-err-events","k8s-recommendation-events"]},"name":"MATTERMOST_CHANNEL","notification":{"disabled":false}}} | Map of configured channels. The property name under channels object is an alias for a given configuration. |
| communications.default-group.mattermost.channels.default.name | string | "MATTERMOST_CHANNEL" | The Mattermost channel name for receiving Botkube alerts. The Botkube user needs to be added to it. |
| communications.default-group.mattermost.channels.default.notification.disabled | bool | false | If true, the notifications are not sent to the channel. They can be enabled with @Botkube command anytime. |
| communications.default-group.mattermost.channels.default.bindings.executors | list | ["kubectl-read-only"] | Executors configuration for a given channel. |
| communications.default-group.mattermost.channels.default.bindings.sources | list | ["k8s-err-events","k8s-recommendation-events"] | Notification sources configuration for a given channel. |
| communications.default-group.mattermost.notification.type | string | "short" | Configures notification type that are sent. Possible values: short, long. |
| communications.default-group.teams.enabled | bool | false | If true, enables MS Teams bot. |
| communications.default-group.teams.botName | string | "Botkube" | The Bot name set while registering Bot to MS Teams. |
| communications.default-group.teams.appID | string | "APPLICATION_ID" | The Botkube application ID generated while registering Bot to MS Teams. |
| communications.default-group.teams.appPassword | string | "APPLICATION_PASSWORD" | The Botkube application password generated while registering Bot to MS Teams. |
| communications.default-group.teams.bindings.executors | list | ["kubectl-read-only"] | Executor bindings apply to all MS Teams channels where Botkube has access to. |
| communications.default-group.teams.bindings.sources | list | ["k8s-err-events","k8s-recommendation-events"] | Source bindings apply to all channels which have notification turned on with @Botkube notifier start command. |
| communications.default-group.teams.messagePath | string | "/bots/teams" | The path in endpoint URL provided while registering Botkube to MS Teams. |
| communications.default-group.teams.port | int | 3978 | The Service port for bot endpoint on Botkube container. |
| communications.default-group.discord.enabled | bool | false | If true, enables Discord bot. |
| communications.default-group.discord.token | string | "DISCORD_TOKEN" | Botkube Bot Token. |
| communications.default-group.discord.botID | string | "DISCORD_BOT_ID" | Botkube Application Client ID. |
| communications.default-group.discord.channels | object | {"default":{"bindings":{"executors":["kubectl-read-only"],"sources":["k8s-err-events","k8s-recommendation-events"]},"id":"DISCORD_CHANNEL_ID","notification":{"disabled":false}}} | Map of configured channels. The property name under channels object is an alias for a given configuration. |
| communications.default-group.discord.channels.default.id | string | "DISCORD_CHANNEL_ID" | Discord channel ID for receiving Botkube alerts. The Botkube user needs to be added to it. |
| communications.default-group.discord.channels.default.notification.disabled | bool | false | If true, the notifications are not sent to the channel. They can be enabled with @Botkube command anytime. |
| communications.default-group.discord.channels.default.bindings.executors | list | ["kubectl-read-only"] | Executors configuration for a given channel. |
| communications.default-group.discord.channels.default.bindings.sources | list | ["k8s-err-events","k8s-recommendation-events"] | Notification sources configuration for a given channel. |
| communications.default-group.discord.notification.type | string | "short" | Configures notification type that are sent. Possible values: short, long. |
| communications.default-group.elasticsearch.enabled | bool | false | If true, enables Elasticsearch. |
| communications.default-group.elasticsearch.awsSigning.enabled | bool | false | If true, enables awsSigning using IAM for Elasticsearch hosted on AWS. Make sure AWS environment variables are set. Ref doc. |
| communications.default-group.elasticsearch.awsSigning.awsRegion | string | "us-east-1" | AWS region where Elasticsearch is deployed. |
| communications.default-group.elasticsearch.awsSigning.roleArn | string | "" | AWS IAM Role arn to assume for credentials, use this only if you don't want to use the EC2 instance role or not running on AWS instance. |
| communications.default-group.elasticsearch.server | string | "ELASTICSEARCH_ADDRESS" | The server URL, e.g https://example.com:9243 |
| communications.default-group.elasticsearch.username | string | "ELASTICSEARCH_USERNAME" | Basic Auth username. |
| communications.default-group.elasticsearch.password | string | "ELASTICSEARCH_PASSWORD" | Basic Auth password. |
| communications.default-group.elasticsearch.skipTLSVerify | bool | false | If true, skips the verification of TLS certificate of the Elastic nodes. It's useful for clusters with self-signed certificates. |
| communications.default-group.elasticsearch.indices | object | {"default":{"bindings":{"sources":["k8s-err-events","k8s-recommendation-events"]},"name":"botkube","replicas":0,"shards":1,"type":"botkube-event"}} | Map of configured indices. The indices property name is an alias for a given configuration. |
| communications.default-group.elasticsearch.indices.default.name | string | "botkube" | Configures Elasticsearch index settings. |
| communications.default-group.elasticsearch.indices.default.bindings.sources | list | ["k8s-err-events","k8s-recommendation-events"] | Notification sources configuration for a given index. |
| communications.default-group.webhook.enabled | bool | false | If true, enables Webhook. |
| communications.default-group.webhook.url | string | "WEBHOOK_URL" | The Webhook URL, e.g.: https://example.com:80 |
| communications.default-group.webhook.bindings.sources | list | ["k8s-err-events","k8s-recommendation-events"] | Notification sources configuration for the webhook. |
| settings.clusterName | string | "not-configured" | Cluster name to differentiate incoming messages. |
| settings.lifecycleServer | object | {"enabled":true,"port":2113} | Server configuration which exposes functionality related to the app lifecycle. |
| settings.upgradeNotifier | bool | true | If true, notifies about new Botkube releases. |
| settings.log.level | string | "info" | Sets one of the log levels. Allowed values: info, warn, debug, error, fatal, panic. |
| settings.log.disableColors | bool | false | If true, disable ANSI colors in logging. |
| settings.systemConfigMap | object | {"name":"botkube-system"} | Botkube's system ConfigMap where internal data is stored. |
| settings.persistentConfig | object | {"runtime":{"configMap":{"annotations":{},"name":"botkube-runtime-config"},"fileName":"_runtime_state.yaml"},"startup":{"configMap":{"annotations":{},"name":"botkube-startup-config"},"fileName":"_startup_state.yaml"}} | Persistent config contains ConfigMap where persisted configuration is stored. The persistent configuration is evaluated from both chart upgrade and Botkube commands used in runtime. |
| ssl.enabled | bool | false | If true, specify cert path in config.ssl.cert property or K8s Secret in config.ssl.existingSecretName. |
| ssl.existingSecretName | string | "" | Using existing SSL Secret. It MUST be in botkube Namespace. |
| ssl.cert | string | "" | SSL Certificate file e.g certs/my-cert.crt. |
| service | object | {"name":"metrics","port":2112,"targetPort":2112} | Configures Service settings for ServiceMonitor CR. |
| ingress | object | {"annotations":{"kubernetes.io/ingress.class":"nginx"},"create":false,"host":"HOST","tls":{"enabled":false,"secretName":""}} | Configures Ingress settings that exposes MS Teams endpoint. Ref doc. |
| serviceMonitor | object | {"enabled":false,"interval":"10s","labels":{},"path":"/metrics","port":"metrics"} | Configures ServiceMonitor settings. Ref doc. |
| deployment.annotations | object | {} | Extra annotations to pass to the Botkube Deployment. |
| extraAnnotations | object | {} | Extra annotations to pass to the Botkube Pod. |
| extraLabels | object | {} | Extra labels to pass to the Botkube Pod. |
| priorityClassName | string | "" | Priority class name for the Botkube Pod. |
| nameOverride | string | "" | Fully override "botkube.name" template. |
| fullnameOverride | string | "" | Fully override "botkube.fullname" template. |
| resources | object | {} | The Botkube Pod resource request and limits. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. Ref docs |
| extraEnv | list | [] | Extra environment variables to pass to the Botkube container. Ref docs. |
| extraVolumes | list | [] | Extra volumes to pass to the Botkube container. Mount it later with extraVolumeMounts. Ref docs. |
| extraVolumeMounts | list | [] | Extra volume mounts to pass to the Botkube container. Ref docs. |
| nodeSelector | object | {} | Node labels for Botkube Pod assignment. Ref doc. |
| tolerations | list | [] | Tolerations for Botkube Pod assignment. Ref doc. |
| affinity | object | {} | Affinity for Botkube Pod assignment. Ref doc. |
| rbac | object | {"create":true,"rules":[{"apiGroups":["*"],"resources":["*"],"verbs":["get","watch","list"]}]} | Role Based Access for Botkube Pod. Ref doc. |
| serviceAccount.create | bool | true | If true, a ServiceAccount is automatically created. |
| serviceAccount.name | string | "" | The name of the service account to use. If not set, a name is generated using the fullname template. |
| serviceAccount.annotations | object | {} | Extra annotations for the ServiceAccount. |
| extraObjects | list | [] | Extra Kubernetes resources to create. Helm templating is allowed as it is evaluated before creating the resources. |
| analytics.disable | bool | false | If true, sending anonymous analytics is disabled. To learn what date we collect, see Privacy Policy. |
| configWatcher.enabled | bool | true | If true, restarts the Botkube Pod on config changes. |
| configWatcher.tmpDir | string | "/tmp/watched-cfg/" | Directory, where watched configuration resources are stored. |
| configWatcher.initialSyncTimeout | int | 0 | Timeout for the initial Config Watcher sync. If set to 0, waiting for Config Watcher sync will be skipped. In a result, configuration changes may not reload Botkube app during the first few seconds after Botkube startup. |
| configWatcher.image.registry | string | "ghcr.io" | Config watcher image registry. |
| configWatcher.image.repository | string | "kubeshop/k8s-sidecar" | Config watcher image repository. |
| configWatcher.image.tag | string | "ignore-initial-events" | Config watcher image tag. |
| configWatcher.image.pullPolicy | string | "IfNotPresent" | Config watcher image pull policy. |
AWS IRSA on EKS support​
AWS has introduced IAM Role for Service Accounts in order to provide fine-grained access. This is useful if you are looking to run Botkube inside an EKS cluster. For more details visit https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html.
Annotate the Botkube Service Account as shown in the example below and add the necessary Trust Relationship to the corresponding Botkube role to get this working.
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: "{role_arn_to_assume}"