Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define different k8s source presets, add option to set event list globally #739

Merged
merged 2 commits into from
Sep 21, 2022
Merged

Define different k8s source presets, add option to set event list globally #739

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
23c8166
Defnie different k8s source presets
mszostok Sep 20, 2022
e7333dd
Apply suggestions after review
mszostok Sep 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
230 changes: 118 additions & 112 deletions helm/botkube/README.md
View file
Open in desktop

Large diffs are not rendered by default.

15 changes: 10 additions & 5 deletions helm/botkube/e2e-test-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,23 +66,28 @@ sources:
ingress:
backendServiceValid: false
tlsSecretValid: false
events:
- create
- update
- delete
resources:
- name: v1/configmaps
events:
- create
- update
- delete

'k8s-updates':
kubernetes:
namespaces:
include:
- default
events:
- create
- update
- delete
resources:
- name: v1/configmaps
namespaces:
include:
- botkube
events:
events: # overrides top level `events` entry
- update
executors:
'kubectl-read-only':
Expand Down
162 changes: 82 additions & 80 deletions helm/botkube/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,7 @@ kubeconfig:
#
## Format: sources.<alias>
sources:
'k8s-events':

'k8s-recommendation-events':
# -- Describes Kubernetes source configuration.
kubernetes:
# -- Describes configuration for various recommendation insights.
Expand All @@ -77,10 +76,13 @@ sources:
# -- If true, notifies about Ingress resources with invalid TLS secret reference.
tlsSecretValid: true

'k8s-all-events':
# -- Describes Kubernetes source configuration.
kubernetes:
# -- Describes namespaces for every Kubernetes resources you want to watch or exclude.
# These namespaces are applied to every resource specified in the resources list.
# However, every specified resource can override this by using its own namespaces object.
namespaces:
namespaces: &k8s-events-namespaces
# Include contains a list of allowed Namespaces.
# It can also contain a regex expressions:
# `- ".*"` - to specify all Namespaces.
Expand All @@ -91,8 +93,16 @@ sources:
# `- "test-.*"` - to specif all Namespaces with `test-` prefix.
# exclude: []

# -- Describes events for every Kubernetes resources you want to watch or exclude.
# These events are applied to every resource specified in the resources list.
# However, every specified resource can override this by using its own events object.
events:
- create
- delete
- error

# -- Describes the Kubernetes resources you want to watch.
# @default -- Watch all built-in K8s kinds.
# @default -- See the `values.yaml` file for full object.
resources:
- name: v1/pods # Name of the resource. Resource name must be in group/version/resource (G/V/R) format
# resource name should be plural (e.g apps/v1/deployments, v1/pods)
Expand All @@ -101,69 +111,19 @@ sources:
# include:
# - ".*"
# exclude: []
events: # List of lifecycle events you want to receive, e.g create, update, delete, error OR all
- create
- delete
- error
- name: v1/services
events:
- create
- delete
- error
- name: apps/v1/deployments
events:
- create
- update
- delete
- error
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- status.availableReplicas
- name: apps/v1/statefulsets
events:
- create
- update
- delete
- error
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- status.readyReplicas
- name: networking.k8s.io/v1/ingresses
events:
- create
- delete
- error
- name: v1/nodes
events:
- create
- delete
- error
- name: v1/namespaces
events:
- create
- delete
- error
- name: v1/persistentvolumes
events:
- create
- delete
- error
- name: v1/persistentvolumeclaims
events:
- create
- delete
- error
- name: v1/configmaps
events:
- create
- delete
- error
- name: rbac.authorization.k8s.io/v1/roles
- name: rbac.authorization.k8s.io/v1/rolebindings
- name: rbac.authorization.k8s.io/v1/clusterrolebindings
- name: rbac.authorization.k8s.io/v1/clusterroles
- name: apps/v1/daemonsets
events:
events: # Overrides 'source'.kubernetes.events
- create
- update
- delete
Expand All @@ -174,7 +134,7 @@ sources:
- spec.template.spec.containers[*].image
- status.numberReady
- name: batch/v1/jobs
events:
events: # Overrides 'source'.kubernetes.events
- create
- update
- delete
Expand All @@ -184,26 +144,28 @@ sources:
fields:
- spec.template.spec.containers[*].image
- status.conditions[*].type
- name: rbac.authorization.k8s.io/v1/roles
events:
- create
- delete
- error
- name: rbac.authorization.k8s.io/v1/rolebindings
events:
- create
- delete
- error
- name: rbac.authorization.k8s.io/v1/clusterrolebindings
events:
- name: apps/v1/deployments
events: # Overrides 'source'.kubernetes.events
- create
- update
- delete
- error
- name: rbac.authorization.k8s.io/v1/clusterroles
events:
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- status.availableReplicas
- name: apps/v1/statefulsets
events: # Overrides 'source'.kubernetes.events
- create
- update
- delete
- error
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- status.readyReplicas
## Custom resource example
# - name: velero.io/v1/backups
# namespaces:
Expand All @@ -221,6 +183,40 @@ sources:
# fields:
# - status.phase

'k8s-err-events':
# -- Describes Kubernetes source configuration.
kubernetes:
# -- Describes namespaces for every Kubernetes resources you want to watch or exclude.
# These namespaces are applied to every resource specified in the resources list.
# However, every specified resource can override this by using its own namespaces object.
namespaces: *k8s-events-namespaces

# -- Describes events for every Kubernetes resources you want to watch or exclude.
# These events are applied to every resource specified in the resources list.
# However, every specified resource can override this by using its own events object.
events:
- error

# -- Describes the Kubernetes resources you want to watch.
# @default -- See the `values.yaml` file for full object.
resources:
- name: v1/pods
- name: v1/services
- name: networking.k8s.io/v1/ingresses
- name: v1/nodes
- name: v1/namespaces
- name: v1/persistentvolumes
- name: v1/persistentvolumeclaims
- name: v1/configmaps
- name: rbac.authorization.k8s.io/v1/roles
- name: rbac.authorization.k8s.io/v1/rolebindings
- name: rbac.authorization.k8s.io/v1/clusterrolebindings
- name: rbac.authorization.k8s.io/v1/clusterroles
- name: apps/v1/deployments
- name: apps/v1/statefulsets
- name: apps/v1/daemonsets
- name: batch/v1/jobs

# -- Filter settings for various sources.
# Currently, all filters are globally enabled or disabled.
# You can enable or disable filters with `@BotKube filters` commands.
Expand Down Expand Up @@ -302,7 +298,8 @@ communications:
- kubectl-read-only
# -- Notification sources configuration for a given channel.
sources:
- k8s-events
- k8s-err-events
- k8s-recommendation-events
# -- Slack token.
token: ''
# -- Slack bot token for your own Slack app.
Expand Down Expand Up @@ -344,7 +341,8 @@ communications:
- kubectl-read-only
# -- Notification sources configuration for a given channel.
sources:
- k8s-events
- k8s-err-events
- k8s-recommendation-events
notification:
# -- Configures notification type that are sent. Possible values: `short`, `long`.
type: short
Expand All @@ -365,7 +363,8 @@ communications:
- kubectl-read-only
# -- Source bindings apply to all channels which have notification turned on with `@BotKube notifier start` command.
sources:
- k8s-events
- k8s-err-events
- k8s-recommendation-events
# -- The path in endpoint URL provided while registering BotKube to MS Teams.
messagePath: "/bots/teams"
# -- The Service port for bot endpoint on BotKube container.
Expand Down Expand Up @@ -396,7 +395,8 @@ communications:
- kubectl-read-only
# -- Notification sources configuration for a given channel.
sources:
- k8s-events
- k8s-err-events
- k8s-recommendation-events
notification:
# -- Configures notification type that are sent. Possible values: `short`, `long`.
type: short
Expand Down Expand Up @@ -435,7 +435,8 @@ communications:
bindings:
# -- Notification sources configuration for a given index.
sources:
- k8s-events
- k8s-err-events
- k8s-recommendation-events

## Settings for Webhook.
webhook:
Expand All @@ -446,7 +447,8 @@ communications:
bindings:
# -- Notification sources configuration for the webhook.
sources:
- k8s-events
- k8s-err-events
mszostok marked this conversation as resolved.
Show resolved Hide resolved
- k8s-recommendation-events

## Global BotKube configuration.
settings:
Expand Down
25 changes: 15 additions & 10 deletions pkg/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,23 +171,28 @@ type Sources struct {

// KubernetesSource contains configuration for Kubernetes sources.
type KubernetesSource struct {
Recommendations Recommendations `yaml:"recommendations"`
Resources KubernetesResources `yaml:"resources" validate:"dive"`
Namespaces Namespaces `yaml:"namespaces"`
Recommendations Recommendations `yaml:"recommendations"`
Events KubernetesResourceEvents `yaml:"events"`
Resources []Resource `yaml:"resources" validate:"dive"`
Namespaces Namespaces `yaml:"namespaces"`
}

// KubernetesResources contains configuration for Kubernetes resources.
type KubernetesResources []Resource

// IsAllowed checks if a given resource event is allowed according to the configuration.
func (r *KubernetesResources) IsAllowed(resourceName, namespace string, eventType EventType) bool {
if r == nil || len(*r) == 0 {
func (r *KubernetesSource) IsAllowed(resourceName, namespace string, eventType EventType) bool {
if r == nil || len(r.Resources) == 0 {
return false
}

for _, resource := range *r {
isEventAllowed := func(resourceEvents KubernetesResourceEvents) bool {
if len(resourceEvents) > 0 { // if resource overrides the global events, use them
return resourceEvents.Contains(eventType)
}
return r.Events.Contains(eventType) // check global events
}

for _, resource := range r.Resources {
if resource.Name == resourceName &&
resource.Events.Contains(eventType) &&
isEventAllowed(resource.Events) &&
resource.Namespaces.IsAllowed(namespace) {
return true
}
Expand Down
19 changes: 6 additions & 13 deletions pkg/config/testdata/TestLoadConfigSuccess/config-all.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,23 +98,16 @@ sources:
ingress:
backendServiceValid: true
tlsSecretValid: false

# TODO: https://github.com/kubeshop/botkube/issues/596
events:
- create
- delete
- error
# New 'namespace' property.
# It can be overridden in the nested level.
# namespace:
# include: [ ".*" ]
namespaces:
include: [ ".*" ]
resources:
- name: v1/pods
namespaces:
include:
- ".*"
exclude:
- # example [x,y,secret-ns-*]
events:
- create
- delete
- error
- name: v1/services
namespaces:
include:
Expand Down
Loading