From d09789f63152e35834c69135c52a2e7760bed737 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Sun, 13 Dec 2020 11:23:13 +0100 Subject: [PATCH] install botkube --- _apps/botkube.yaml | 23 +++++ botkube/configmap.yaml | 222 ++++++++++++++++++++++++++++++++++++++++ botkube/deployment.yaml | 49 +++++++++ botkube/rbac.yaml | 33 ++++++ botkube/secret.yaml | 19 ++++ 5 files changed, 346 insertions(+) create mode 100644 _apps/botkube.yaml create mode 100644 botkube/configmap.yaml create mode 100644 botkube/deployment.yaml create mode 100644 botkube/rbac.yaml create mode 100644 botkube/secret.yaml diff --git a/_apps/botkube.yaml b/_apps/botkube.yaml new file mode 100644 index 0000000..fc1d99f --- /dev/null +++ b/_apps/botkube.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: botkube + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: botkube + server: https://kubernetes.default.svc + project: apps + source: + path: botkube + repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git + targetRevision: HEAD + directory: + recurse: true +--- +apiVersion: v1 +kind: Namespace +metadata: + name: botkube diff --git a/botkube/configmap.yaml b/botkube/configmap.yaml new file mode 100644 index 0000000..cfe0bc4 --- /dev/null +++ b/botkube/configmap.yaml @@ -0,0 +1,222 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: botkube-configmap + namespace: botkube + labels: + app: botkube +data: + resource_config.yaml: | + ## Resources you want to watch + resources: + - name: v1/pods # Name of the resource. Resource name must be in group/version/resource (G/V/R) format + # resource name should be plural (e.g apps/v1/deployments, v1/pods) + namespaces: # List of namespaces, "all" will watch all the namespaces + include: + - all + ignore: # List of namespaces to be ignored (omitempty), used only with include: all + - # example : include [all], ignore [x,y,z] + events: # List of lifecycle events you want to receive, e.g create, update, delete, error OR all + - create + - delete + - error + - name: v1/services + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: apps/v1/deployments + namespaces: + include: + - all + ignore: + - + events: + - create + - update + - delete + - error + updateSetting: + includeDiff: true + fields: + - spec.template.spec.containers[*].image + - status.availableReplicas + - name: apps/v1/statefulsets + namespaces: + include: + - all + ignore: + - + events: + - create + - update + - delete + - error + updateSetting: + includeDiff: true + fields: + - spec.template.spec.containers[*].image + - status.readyReplicas + - name: networking.k8s.io/v1beta1/ingresses + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: v1/nodes + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: v1/namespaces + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: v1/persistentvolumes + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: v1/persistentvolumeclaims + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: v1/configmaps + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: apps/v1/daemonsets + namespaces: + include: + - all + ignore: + - + events: + - create + - update + - delete + - error + updateSetting: + includeDiff: true + fields: + - spec.template.spec.containers[*].image + - status.numberReady + - name: batch/v1/jobs + namespaces: + include: + - all + ignore: + - + events: + - create + - update + - delete + - error + updateSetting: + includeDiff: true + fields: + - spec.template.spec.containers[*].image + - status.conditions[*].type + - name: rbac.authorization.k8s.io/v1/roles + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: rbac.authorization.k8s.io/v1/rolebindings + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: rbac.authorization.k8s.io/v1/clusterrolebindings + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + - name: rbac.authorization.k8s.io/v1/clusterroles + namespaces: + include: + - all + ignore: + - + events: + - create + - delete + - error + + # Check true if you want to receive recommendations + # about the best practices for the created resource + recommendations: true + + # Setting to support multiple clusters + settings: + # Cluster name to differentiate incoming messages + clustername: knurrli + # Kubectl executor configs + kubectl: + # Set true to enable kubectl commands execution + enabled: false + commands: + # method which are allowed + verbs: ["api-resources", "api-versions", "cluster-info", "describe", "diff", "explain", "get", "logs", "top", "auth"] + # resource configuration which is allowed + resources: ["deployments", "pods" , "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes"] + # set Namespace to execute botkube kubectl commands by default + defaultNamespace: default + # Set true to enable commands execution from configured channel only + restrictAccess: false + # Set true to enable config watcher + configwatcher: true + # Set false to disable upgrade notification + upgradeNotifier: true \ No newline at end of file diff --git a/botkube/deployment.yaml b/botkube/deployment.yaml new file mode 100644 index 0000000..cd786c8 --- /dev/null +++ b/botkube/deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: botkube + namespace: botkube + labels: + component: controller + app: botkube +spec: + replicas: 1 + selector: + matchLabels: + component: controller + app: botkube + template: + metadata: + labels: + component: controller + app: botkube + spec: + serviceAccountName: botkube-sa + containers: + - name: botkube + image: "infracloudio/botkube:v0.11.0" + imagePullPolicy: Always + volumeMounts: + - name: config-volume + mountPath: "/config" + env: + - name: CONFIG_PATH + value: "/config/" + # set one of the log levels- info, warn, debug, error, fatal, panic + - name: LOG_LEVEL + value: "info" + # set BotKube release version + - name: BOTKUBE_VERSION + value: v0.11.0 + volumes: + - name: config-volume + projected: + sources: + - configMap: + name: botkube-configmap + - secret: + name: botkube-communication-secret + # run as non privilaged user + securityContext: + runAsUser: 101 + runAsGroup: 101 diff --git a/botkube/rbac.yaml b/botkube/rbac.yaml new file mode 100644 index 0000000..34a7a57 --- /dev/null +++ b/botkube/rbac.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: botkube-sa + namespace: botkube + labels: + app: botkube +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: botkube-clusterrole + labels: + app: botkube +rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: botkube-clusterrolebinding + labels: + app: botkube +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: botkube-clusterrole +subjects: +- kind: ServiceAccount + name: botkube-sa + namespace: botkube \ No newline at end of file diff --git a/botkube/secret.yaml b/botkube/secret.yaml new file mode 100644 index 0000000..24a8bc7 --- /dev/null +++ b/botkube/secret.yaml @@ -0,0 +1,19 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: botkube-communication-secret + namespace: botkube +spec: + encryptedData: + comm_config.yaml: AgA5Gh3mUqpe6nR2r9k27TQZOPlqSNY+mTU7TpK+MzmfiRDwjrsHkDfN2Bo+91Y2ISJF9EdSmbcmN4CcGZs9eP2alMyVcXOt/LmuQozSmU3Tn08ClrmNuVKfkDt+3P1TvGKlyNtOK6M7b4YwpFXrfQbhWSea3R8gYaca4V1Zcf8WC25BDPavjd9Ld/3z+eq8BpH6a3UvAoRPPPFBSemA/olF1sA2yKEFCJwBe9q2x94heH2fvB77joZn5LMqEKW2qvKNBNz1zbMue4GPvfp3/Xwd2kZcWcgjfkRi/VRgHxRZPDeJpz2j4/OZOxsl2bDeLfLy25oUMmmiWoffE/oJD3eKCZNxGVMoxaasEIxdmAYIJtVuoGgDIHIssMU2KTkGlEB3zXVny2LJlAIRueZx1uj5TxUQ0aEwQAE595UkQFgEP25dxIwWlwFkId4jihBYHTvxsqjRHOZoFvR8CbDOAzQCdxOplahf9ttGxusO8eA1fA5E1LYTwhjCOTbvI57ooFJUE8M0Nj5FJy4mWoPJJjmSrtAlLiaaXNaoaxiQvPbPhqf3CGytXZxLzA66DNG5xppS4WrLmrEQQ9WAMo1mKG0LZLWxqgmWCOJJpX89rWWt0t6kGVzqiMwzf9Xa4E0e2XLoS0Vi8gQSK/JJ6ioxfgQRjLl/w2C+JNYS9RBn3AF/o0hybycIMAxK7X3x0+Yla49KQ57ountZI71enSAVy+QWxddgA/Gz0vLzfgz47Tfy8UlWZDK/BA75Fit5GBHw/KYGAZ3LnIlFEN2wp1UEVceoQKHkUXATfHJo1geABBoUOyTpwjtvCn/fZlGQnPBCwst3kpX9oEMN0vva4MuGLi8lOFWd0nmjDsiEqG335L0SG8LmnGlwU8sDYRUOTwEfXhgGe8qy1PIYKUojTcd8F/du9qa1UQNQb3G96eBHeFJ5HfNgiqdGWJPP66ZZXb8j8+CH8vsB/MhaK6e3R8+pMxCXZ89Qu4Jh99TihDx32cbT6wXVeFwFcUjP2OgVRCT/AG/MFySH+y5P4GUdCM2NfnJATadQSYFIx+TXmGfaKC03q/WIPrZexIc4h9fZvSPcwsk4bCTLxLhME0h7/QuD3ONqEpHyTQlJqq8/JmoxkZb4C3+EbheJ1aFmmMYPeOG14RcaeoIbke1+Zl6GVIHiOC0rysyNpPaKn2aY2DBuRnyPStosQbMOFpjpmM4SD5b0MrFhnW53ta24IIotcMt2maGIdLAdRHIqmer2U/HXKkoh34Ds8xwssDd+GdIvQtah3b5uReNjQs73XcGC4w7OFsmPwomY3GsdvzlbxshA0ensXigLD1xjIMM6DS97O+GbEEazaBnEonlq700PvaqvC2ypVaMGXslBrvcRgEO5t+EJQZlD0+k/X8MDylM/hax/2cblCYAfgwPHQbUYTsCTXR9EwzoBMzwhgCUUeV8qBBTE8Tknldh3eXK37dOvdMBggiN6IzR58ZTcBFG5JcYUWePgIRePCJjbmh4Z50AEApEWm9DXR30ibuTg/O5zgSiYM1ukmTMt7kCGdjBCCJnuUisUQtUI+zvoAjr2nuUWtzCERWuFI/lDQ5tlOC+xtFHlswdQvkv2s3fVt78aFIw2ePZ1SX9GGXjRdSNS+LmIPlzjcabUxR13lM/XSME+QgZmfW4QqkE427SNaV91w50F15tOvSR1JSKKuHsy50tL8LHLz7/tJ7uKSePjYXMb5wxBvCyMBgAlhf0NWWEWJSvRgMD9RsugYL3H3k6hiN9myi59OdQo/N9Lb77CXhPv+AZBhLY+wx/wlTGhWdlNbphEitV2p1qYCOo9M2/iWXSTraJNSmJnXOq2YK3SDp9+QNZY9goFXuKKBBbxe23DZbaA9r3OvB2uAPgmJFZZSRvs0Wlg/bRYujVtWyvQ+hnmpfSeyxeDQgYGDDafM2n7j9ZdhPX5JvHQODtt92xmIY7suOJwG9KP83fwlKgPDLRP4/Q7YWhOTms8LGzQm1B160YMtK5W1Cf4DA9Fg5GdUHk2tYOuSnLZPGG4BKGrgRXj0pVWfazAJtgW9fZv3kEPEVypmgk1MPjr23HErkejMlmeWSj3q9CkBTc5iOqa93YdSHK76Qh6RHLr/fRsf/GsRNUiY4x/4hi4QoAhehjUkqFGhY3/FysZnTNxrm1Sn5g5nKuQUBdp0zABUOpw9PNpCdDAvxQfKw6nBja4KDiaAlilWu2tjbNtP+Vxq/WhICnTAoXdmQ1pmz9J/qzNo0PC16hIONUpKibBIGTeUAa2UCx8cJnHW4uRDHIm5BQMfj280xrRDhFbZZYjNY7uEuh8MPebxNb/T6yZcBeTG0VeCa3QJzuB2oX8HKeVb5ry89kC+IfiyF2y4Tcxu8Du8/wI6n/JrDnTssfjtlRvhaK0RcJURNkEPWpVBdpFs0AmxrUFGymvAwEvSlqUdGtCsAlD8BnmDka6uc+JqjDAMge5gRihkRa1KienMMSpBGWiko2s84ZBHbXFjir7m70hWe1TaVdUr5IQ+O6i111eROt3uAqaGZdNTG+hLu3T/aH2XaU4vy2CyKJNcHnndIDbcDPE3n92n4gvYzhtI1O9p14vH8ZHaKJJ9tAxJKZVtVli+XksFz+OLvbkONC+VZKErVlgNJKan81dDzQcQzI/85L7ho63j5ctlipmGMN789qA0XbQ3QpYJV2OrWKrRFQwqd5epSzzbPkjD7GjYEwH71fR+qGm3Ynit3kskQOhBc9I9k1PoTdKSy8Nz9nYv/fp4OAibIaLZwoHrqbvneGNEVFNhmwLvGrCtDOMtj6m9kB1DZi2ePtv42X+Ci+bUkARWlIM+RmK+c+x+OoMaaT10ZFhlllDyuAg425tw0dxrWJURGNwgbIqtoSjDfLgwcNh07WT/nhOPBt/86Fm0Iu6Ffo30yZW3pAEDk50aTiAKt6LzJuLbiXtHo2N6GDPHV7OqDIEoMipx6Ctf6xwZtjfz4/e/wRzDWImRo7bUcb8+XKBKg4NaRkDX0/k4txPt5jF0ywgvzBqxGmgSmQINZJWVAmaq/zUkC5JSFqAjGPjJa0m3v0v+b1rSfjk4spxfrZsFNl+zyr090JOlKpa4UU5RMJaxPCkEt+kyFre8rZ4BOsaiuLcmqqMCsKo2hItm8W0TbSjXSfkYcJ9WncGu64FgvArLYxsyiN50hgiNH3ba444zzcyOwrToLE5jRQhoiOtrgSwbS78hE6wXSVphsm5u9WaY1HbAflybQogBGaaVPljPwQ4x7MC13H4WPdq/o0B2XWSDB8f5SDlRpixppI5MlF/7A1D24KKc0Z4QNjz+TKB+9c8FVrwxI4I/fqLDJV09XCY0QtlLNP5DG37jxEIm4LwVnNpvAeUG3mhB2+/ApslyGIuMsAsQ27HbPiBybub+klyyV8mBYe29hD0GFV+/6TcbjxaMrXVa1D2GIVSPXdTgB6mviJ/TeA55jK6irPi5GNTq+/NdUIcSaYInSSmqmTzLKlF5rSdTcAzIgeaNkDI+oHCjhOKvPMiJnXDuMt9+j30dgJInfS+0lk2/SQvxDyCGYMAfhAfb1mjAi7RxB2fcPxYl4gHw6D/b2fOZrgSmzg96UKY4q5GSjYACdAvHiN5fK0ZFN7KDxlD1zsIMo0JYrVEm0p07NXKraUatZUGRK7T+dvbjfzBc3ZVPHkAMb7NkZ0V4E84AdubvccQYj62u96rdp4lvDJBMBQVOA== + template: + metadata: + creationTimestamp: null + labels: + app: botkube + name: botkube-communication-secret + namespace: botkube + type: Opaque +status: {} +