You are viewing documentation for KubeSphere version:v3.0.0

KubeSphere v3.0.0 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Last updated: 2021-07-23 06:55:09

Manage Multi-Tenant Notifications with Notification Manager

Notification Manager manages notifications in KubeSphere. It receives alerts or notifications from different senders and then sends notifications to different users.

Supported senders include:

  • Prometheus Alertmanager
  • Custom sender (Coming soon)

Supported receivers include:

notification-manager

Quickstart

Configure Prometheus Alertmanager to send alerts to Notification Manager

Notification Manager uses the port 19093 and API path /api/v2/alerts to receive alerts sent from Prometheus Alertmanager of KubeSphere.

To receive Alertmanager alerts, KubeSphere already added the Alertmanager webhook and route configurations like below (by editing the Secret alertmanager-main in the namespace kubesphere-monitoring-system):

Send Prometheus alerts to Notification Manager:

"receivers": - "name": "prometheus" "webhook_configs": - "url": "http://notification-manager-svc.kubesphere-monitoring-system.svc:19093/api/v2/alerts" "route": "routes": - "match": "alerttype": "" "receiver": "prometheus"

Send event alerts to Notification Manager:

"receivers": - "name": "event" "webhook_configs": - "url": "http://notification-manager-svc.kubesphere-monitoring-system.svc:19093/api/v2/alerts" "send_resolved": false "route": "routes": - "match": "alerttype": "event" "receiver": "event" "group_interval": "30s"

Send auditing alerts to Notification Manager:

"receivers": - "name": "auditing" "webhook_configs": - "url": "http://notification-manager-svc.kubesphere-monitoring-system.svc:19093/api/v2/alerts" "send_resolved": false "route": "routes": - "match": "alerttype": "auditing" "receiver": "auditing" "group_interval": "30s"

Note

The above is the default configuration. If you do not want to receive a certain type of alert, you can delete the corresponding configuration.

Configure receivers

Notification Manager now supports three types of receivers: Email, WeChat Work and Slack. Only the administrator can configure receivers.

Email

If a tenant named test-user who wants to receive email notifications, create an email receiver as follows:

cat <<EOF | kubectl apply -f - apiVersion: v1 data: password: dGVzdA== kind: Secret metadata: labels: app: notification-manager name: test-user-email-secret namespace: kubesphere-monitoring-system type: Opaque --- apiVersion: notification.kubesphere.io/v1alpha1 kind: EmailConfig metadata: labels: app: notification-manager type: tenant user: test-user name: test-user-config namespace: kubesphere-monitoring-system spec: authPassword: key: password name: test-user-email-secret authUsername: abc1 from: abc1@xyz.com requireTLS: true smartHost: host: imap.xyz.com port: "25" --- apiVersion: notification.kubesphere.io/v1alpha1 kind: EmailReceiver metadata: labels: app: notification-manager type: tenant user: test-user name: test-user-receiver namespace: kubesphere-monitoring-system spec: emailConfigSelector: matchLabels: type: tenant user: test-user to: - abc2@xyz.com - abc3@xyz.com EOF

emailConfigSelector is a selector to select EmailConfig for the email receiver. If emailConfigSelector is not set, the receiver will use the default email configuration. You can create a default email configuration as follows:

cat <<EOF | kubectl apply -f - apiVersion: v1 data: password: dGVzdA== kind: Secret metadata: labels: app: notification-manager name: default-email-secret namespace: kubesphere-monitoring-system type: Opaque --- apiVersion: notification.kubesphere.io/v1alpha1 kind: EmailConfig metadata: labels: app: notification-manager type: default name: default-email-config namespace: kubesphere-monitoring-system spec: authPassword: key: password name: default-email-secret authUsername: default from: default@xyz.com requireTLS: true smartHost: host: imap.xyz.com port: "25" EOF

Email receivers with the label type: tenant only receive notifications from the namespace to which the specified tenant user has access. If you want them to receive notifications from all namespaces or even without a namespace label, you can create a global email receiver with the label type: global as below:

cat <<EOF | kubectl apply -f - apiVersion: notification.kubesphere.io/v1alpha1 kind: EmailReceiver metadata: labels: app: notification-manager type: global name: global-email-receiver namespace: kubesphere-monitoring-system spec: to: - global@xyz.com EOF

Note

The global email receiver will use the default email configuration.

WeChat Work

Notification Manager supports sending notifications to WeChat Work. If a tenant named test-user who wants to receive notifications from WeChat Work, create a WeChat receiver as follows:

cat <<EOF | kubectl apply -f - apiVersion: v1 data: wechat: dGVzdA== kind: Secret metadata: labels: app: notification-manager name: test-user-wechat-secret namespace: kubesphere-monitoring-system type: Opaque --- apiVersion: notification.kubesphere.io/v1alpha1 kind: WechatConfig metadata: name: test-user-config namespace: kubesphere-monitoring-system labels: app: notification-manager type: tenant user: test-user spec: wechatApiUrl: https://qyapi.weixin.qq.com/cgi-bin/ wechatApiSecret: key: wechat name: test-user-wehat-secret wechatApiCorpId: wwfd76b24f06513578 wechatApiAgentId: "1000002" --- apiVersion: notification.kubesphere.io/v1alpha1 kind: WechatReceiver metadata: name: test-user-wechat namespace: kubesphere-monitoring-system labels: app: notification-manager type: tenant user: test-user spec: wechatConfigSelector: matchLabels: type: tenant user: test-user # optional # One of toUser, toParty, toParty should be specified. toUser: user1 | user2 toParty: party1 | party2 toTag: tag1 | tag2 EOF

Info

  • wechatApiCorpId is the id of your WeChat Work.
  • wechatApiAgentId is the id of the app sending messages to users in your WeChat Work.
  • wechatApiSecret is the secret of this app. You can get these two parameters in App Management of your WeChat Work.
  • Any user, party or tag who wants to receive notifications must be in the allowed users list of this app.

wechatConfigSelector is a selector to select WechatConfig for the WeChat receiver. If wechatConfigSelector is not set, the WeChat receiver will use the default WeChat configuration. You can create a default WeChat configuration as follows:

cat <<EOF | kubectl apply -f - apiVersion: v1 data: wechat: dGVzdA== kind: Secret metadata: labels: app: notification-manager name: default-wechat-secret namespace: kubesphere-monitoring-system type: Opaque --- apiVersion: notification.kubesphere.io/v1alpha1 kind: WechatConfig metadata: name: default-wechat-config namespace: kubesphere-monitoring-system labels: app: notification-manager type: default spec: wechatApiUrl: https://qyapi.weixin.qq.com/cgi-bin/ wechatApiSecret: key: wechat name: default-wechat-secret wechatApiCorpId: wwfd76b24f06513578 wechatApiAgentId: "1000002" EOF

WeChat receivers with the label type: tenant can only receive notifications from the namespace to which the specified tenant user has access. If you want them to receive notifications from all namespaces or even without a namespace label, you can create a global WeChat receiver with the label type: global as below:

cat <<EOF | kubectl apply -f - apiVersion: notification.kubesphere.io/v1alpha1 kind: WechatReceiver metadata: name: global-wechat-wechat namespace: kubesphere-monitoring-system labels: app: notification-manager type: global spec: # optional # One of toUser, toParty, toParty should be specified. toUser: global toParty: global toTag: global EOF

Note

The global WeChat receiver will use the default WeChat configuration.

Slack

Notification Manager supports sending notifications to Slack channels. If a tenant named test-user who wants to receive notifications from Slack, create a Slack receiver as follows:

cat <<EOF | kubectl apply -f - apiVersion: v1 data: token: dGVzdA== kind: Secret metadata: labels: app: notification-manager name: test-user-slack-secret namespace: kubesphere-monitoring-system type: Opaque --- apiVersion: notification.kubesphere.io/v1alpha1 kind: SlackConfig metadata: name: test-user-config namespace: kubesphere-monitoring-system labels: app: notification-manager type: tenant user: test-user spec: slackTokenSecret: key: token name: test-user-slack-secret --- apiVersion: notification.kubesphere.io/v1alpha1 kind: SlackReceiver metadata: name: test-user-slack namespace: kubesphere-monitoring-system labels: app: notification-manager type: tenant user: test-user spec: slackConfigSelector: matchLabels: type: tenant user: test-user channel: alert EOF

Info

  • The Slack token is the OAuth Access Token or Bot User OAuth Access Token when you create a Slack app.
  • This app must have the scope chat:write.
  • The user who creates the app or bot user must be in the channel to which you want to send notifications.

slackConfigSelector is a selector to select SlackConfig for the Slack receiver. If slackConfigSelector is not set, the Slack receiver will use the default Slack configuration. You can create a default Slack configuration as follows:

cat <<EOF | kubectl apply -f - apiVersion: v1 data: token: dGVzdA== kind: Secret metadata: labels: app: notification-manager name: default-slack-secret namespace: kubesphere-monitoring-system type: Opaque --- apiVersion: notification.kubesphere.io/v1alpha1 kind: SlackConfig metadata: name: default-slack-config namespace: kubesphere-monitoring-system labels: app: notification-manager type: default spec: slackTokenSecret: key: token name: default-slack-secret EOF

Slack receivers with the label type: tenant can only receive notifications from the namespace to which the specified tenant user has access. If you want them to receive notifications from all namespaces or even without a namespace label, you can create a global Slack receiver with the label type: global as below:

cat <<EOF | kubectl apply -f - apiVersion: notification.kubesphere.io/v1alpha1 kind: SlackReceiver metadata: name: global-slack-slack namespace: kubesphere-monitoring-system labels: app: notification-manager type: global spec: channel: global EOF

Note

The global Slack receiver will use the default Slack configuration.

This version is no longer maintained. You will be redirected to kubesphere.io for the latest version in 10 seconds.