KubeWise is a notifications bot for Helm 3. It notifies your team chat whenever a Helm chart is installed,
upgraded, rolled back or uninstalled in your Kubernetes cluster.
Supported Applications
📣 Get notified when your chosen chat app is supported.
Getting Started
In general, the getting started process has two steps:
- Create a bot in your team chat application.
- Install KubeWise, passing it an API token for the bot.
Sensitive tokens are stored securely in Kubernetes secrets. No data is ever sent to an external API (other
than your chosen team chat app obviously).
Slack
How it looks
Step 1: Create the bot
- Create a Slack Bot using Slack's admin controls.
- Save it and grab the API token.
- Invite the Bot into your channel by typing
/invite @kubewise
in your Slack channel.
- Install KubeWise in your Kubernetes cluster. See below.
Step 2: Install KubeWise
kubectl create namespace kubewise
helm repo add roadie https://charts.roadie.io
helm install kubewise roadie/kubewise --namespace kubewise --set handler=slack --set slack.token="<api-token>" --set slack.channel="#<channel>"
That's it! From now on, Helm operations will result in a message in your chosen Slack channel.
Google Hangouts Chat
How it looks
Step 1: Create the bot
- Open Hangouts Chat in your browser.
- Go to the room to which you want to add a bot.
- From the dropdown menu at the top of the page, select "Configure webhooks".
- Under Incoming Webhooks, click ADD WEBHOOK.
- Name the new webhook
KubeWise
and set the Avatar URL to https://raw.githubusercontent.com/RoadieHQ/kubewise/master/assets/kubewise-mark-blue-512x512.png
.
- Click SAVE.
- Copy the URL listed next to your new webhook in the Webhook Url column. You will need this later.
- Click outside the dialog box to close.
Step 2: Install KubeWise
kubectl create namespace kubewise
helm repo add roadie https://charts.roadie.io
helm install kubewise roadie/kubewise --namespace kubewise --set handler=googlechat --set googlechat.webhookUrl="<webhook-url>"
Webhooks
KubeWise can be used to send a JSON payload to an arbitrary endpoint when a Helm operation
occurs.
How it looks
{
"appName": "zookeeper",
"appVersion": "3.5.5",
"namespace": "zookeeper",
"previousAppVersion": "3.2.1",
"action": "PRE_UNINSTALL",
"appDescription": "Keep your stuff in the zoo",
"installNotes": "... truncated notes ..."
}
Step 1: Install KubeWise
kubectl create namespace kubewise
helm repo add roadie https://charts.roadie.io
helm install kubewise roadie/kubewise --namespace kubewise --set handler=webhook --set webhook.url="<webhook-url>"
The optional parameter webhook.method
is also supported. It defaults to POST
.
Basic authentication is supported via the webhook.authToken="<api-token>"
parameter. It will
add the following header to the request "Authorization":"Bearer <api-token>"
.
Using KubeWise from outside a cluster
It is easy to use KubeWise from outside your Kubernetes cluster. It will pick up your local
kubectl
configuration and use it to speak to your cluster.
First, download a binary from the Releases page.
For OS X, you most likely need the kubewise_0.7.4_Darwin_x86_64.tar.gz
release. Unzip it.
By default, Apple prevents you from running binaries which are downloaded from the internet. To
circumvent this, run the following against the downloaded binary.
xattr -d com.apple.quarantine ~/path/to/kubewise
You should now be able to run it like this:
env KW_HANDLER=slack KW_SLACK_CHANNEL="#<channel>" KW_SLACK_TOKEN="<api-token>" ~/path/to/kubewise
Multiple clusters in the same channel
It's common for teams to have multiple Kubernetes clusters running such as staging
and production
.
KubeWise supports sending the notifications from all of your clusters to one place.
In order to tell the clusters apart, it is a good idea to use the messagePrefix
feature.
helm install kubewise roadie/kubewise --namespace kubewise --set messagePrefix="\`production\` " --set handler=slack --set slack.token="<api-token>" --set slack.channel="#<channel>"
This will produce the following effect:
Different namespaces in different channels
If you run your cluster with test and staging in different namespaces of the same cluster,
you may wish to send KubeWise notifications to different places for each namespace.
The best way to accomplish this is with multiple instances of KubeWise, each locked down to
a single namespace. KubeWise is small and uses few resources.
To accomplish this configuration with Helm, set clusterRole.create=false
,
namespaceToWatch="production"
and set (for example) slack.channel="#production-cluster"
.
Make sure you install KubeWise into the namespaceToWatch
by passing the --namespace
flag
to Helm.
Repeat this process for as many namespaces as you wish, installing KubeWise in each one
individually.
Full configuration list
Parameter |
Environment Variable Equivalent |
Default |
Description |
handler |
KW_HANDLER |
slack |
The service to send the notifications to. Options are slack , webhook and googlechat . |
slack.channel |
KW_SLACK_CHANNEL |
#general |
The Slack channel to send notification to when using the Slack handler. |
slack.token |
KW_SLACK_TOKEN |
|
The Slack API token to use. Must be provided by user. |
webhook.method |
KW_WEBHOOK_METHOD |
POST |
The webhook HTTP method to use. |
webhook.url |
KW_WEBHOOK_URL |
|
The webhook URL to send the request to. |
webhook.authToken |
KW_WEBHOOK_AUTH_TOKEN |
|
An optional Bearer auth header to send with the request. |
googlechat.webhookUrl |
KW_GOOGLECHAT_WEBHOOK_URL |
|
The Google Hangouts Chat URL to use. Must be provided by user. |
namespaceToWatch |
KW_NAMESPACE |
"" |
The cluster namespace to watch for Helm operations in. Leave blank to watch all namespaces. |
messagePrefix |
KW_MESSAGE_PREFIX |
|
A prefix for every notification sent. Often used to identify the cluster (production, staging etc). |
chartValuesDiff.enabled |
KW_CHART_VALUES_DIFF_ENABLED |
false |
When true , KubeWise will log a diff of the chart values when a package is upgraded or rolled back. This is useful for visualizing changes between package versions. Be extremely careful with this feature as it can leak sensitive chart values. |
image.repository |
|
roadiehq/kubewise |
Image repository |
image.tag |
|
<VERSION> |
Image tag |
replicaCount |
|
1 |
Number of KubeWise pods to deploy. More than 1 is not desirable |
image.pullPolicy |
|
IfNotPresent |
Image pull policy |
imagePullSecrets |
|
[] |
Image pull secrets |
nameOverride |
|
"" |
Name override |
fullnameOverride |
|
"" |
Full name override |
rbac.create |
|
true |
Set to false if you would prefer to bring your own RBAC settings. |
clusterRole.create |
|
true |
Set to false to use non-cluster role bindings. Can be used in conjunction with namespaceToWatch to ensure that KubeWise only reports on changes in a single namespace. |