### Install Kubewatch with Go Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Download and install Kubewatch using the go package installer. This is followed by configuring notification channels, adding resources to watch, and starting the server. ```console # Download and install kubewatch $ go get -u github.com/robusta-dev/kubewatch # Configure the notification channel $ kubewatch config add slack --channel --token # Add resources to be watched $ kubewatch resource add --po --svc INFO[0000] resource svc configured INFO[0000] resource po configured # start kubewatch server $ kubewatch INFO[0000] Starting kubewatch controller pkg=kubewatch-service INFO[0000] Starting kubewatch controller pkg=kubewatch-pod INFO[0000] Processing add to service: default/kubernetes pkg=kubewatch-service INFO[0000] Processing add to service: kube-system/tiller-deploy pkg=kubewatch-service INFO[0000] Processing add to pod: kube-system/tiller-deploy-69ffbf64bc-h8zxm pkg=kubewatch-pod INFO[0000] Kubewatch controller synced and ready pkg=kubewatch-service INFO[0000] Kubewatch controller synced and ready pkg=kubewatch-pod ``` -------------------------------- ### Run Kubewatch with Docker Source: https://github.com/robusta-dev/kubewatch/blob/master/docs/ADVANCED_FILTERING.md Example command to start the Kubewatch container with advanced filtering enabled. ```bash docker run -d \ -e ADVANCED_FILTERS=true \ -e KW_CLOUDEVENT_URL=https://your-robusta-endpoint \ kubewatch:latest ``` -------------------------------- ### Add Repository and Install Kubewatch Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/README.md Adds the Robusta Helm repository and installs the Kubewatch chart. ```console $ helm repo add robusta https://robusta-charts.storage.googleapis.com && helm repo update $ helm install my-release robusta/kubewatch ``` -------------------------------- ### Start Kubewatch Server Source: https://context7.com/robusta-dev/kubewatch/llms.txt Starts the Kubewatch controller. Use default configuration from ~/.kubewatch.yaml or provide custom configurations. ```bash kubewatch ``` ```bash kubewatch -h ``` -------------------------------- ### Complete Kubewatch Configuration Example Source: https://context7.com/robusta-dev/kubewatch/llms.txt A comprehensive example of the `~/.kubewatch.yaml` file, demonstrating configuration for various notification handlers, resources to watch, and custom resources. ```yaml # Notification handlers - configure one or more handler: slack: token: "xoxb-your-slack-bot-token" channel: "#kubernetes-alerts" title: "Kubewatch Alert" slackwebhook: channel: "#kubernetes-alerts" username: "KubeWatch" emoji: ":kubernetes:" slackwebhookurl: "https://hooks.slack.com/services/T00/B00/XXX" msteams: webhookurl: "https://outlook.office.com/webhook/..." hipchat: token: "hipchat-token" room: "kubernetes" url: "https://api.hipchat.com" mattermost: room: "kubernetes-alerts" url: "https://mattermost.example.com/hooks/xxx" username: "kubewatch" flock: url: "https://api.flock.com/hooks/sendMessage/xxx" webhook: url: "https://your-endpoint.com/webhook" tlsskip: false cert: "/path/to/ca.crt" cloudevent: url: "https://robusta.example.com/cloudevent" smtp: to: "alerts@example.com" from: "kubewatch@example.com" smarthost: "smtp.example.com:587" subject: "Kubernetes Alert" hello: "kubewatch" requireTLS: true auth: username: "smtp-user" password: "smtp-password" identity: "" secret: "" # Resources to watch resource: deployment: true replicationcontroller: false replicaset: false daemonset: true statefulset: false services: true pod: true job: false node: true clusterrole: false clusterrolebinding: false serviceaccount: false persistentvolume: false namespace: false secret: false configmap: false ingress: false hpa: false event: true coreevent: false # Custom Resource Definitions to watch customresources: - group: monitoring.coreos.com version: v1 resource: prometheusrules - group: cert-manager.io version: v1 resource: certificates # Watch specific namespace only (empty = all namespaces) namespace: "" ``` -------------------------------- ### Example of Interactive Docker Run Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md An example of running the Kubewatch container interactively, showing the initial output messages upon startup. ```console $ docker run --rm -it --network host -v $HOME/.kubewatch.yaml:/root/.kubewatch.yaml -v $HOME/.kube/config:/opt/bitnami/kubewatch/.kube/config --name kubewatch-app robustadev/kubewatch ==> Writing config file... INFO[0000] Starting kubewatch controller pkg=kubewatch-service INFO[0000] Starting kubewatch controller pkg=kubewatch-pod INFO[0000] Starting kubewatch controller pkg=kubewatch-deployment INFO[0000] Starting kubewatch controller pkg=kubewatch-namespace INFO[0000] Processing add to namespace: kube-node-lease pkg=kubewatch-namespace INFO[0000] Processing add to namespace: kube-public pkg=kubewatch-namespace INFO[0000] Processing add to namespace: kube-system pkg=kubewatch-namespace INFO[0000] Processing add to namespace: default pkg=kubewatch-namespace .... ``` -------------------------------- ### Install Kubewatch with Helm CLI flags Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/README.md Use the --set argument to override default configuration values during installation. ```console $ helm install my-release bitnami/kubewatch \ --set=slack.channel="#bots",slack.token="XXXX-XXXX-XXXX" ``` -------------------------------- ### Example ConfigMap using Common Library Helpers Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md An example of a ConfigMap that utilizes helpers from the common library, such as `common.names.fullname`. ```yaml apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.names.fullname" . }} data: myvalue: "Hello World" ``` -------------------------------- ### Install Kubewatch with Helm (Custom Values File) Source: https://context7.com/robusta-dev/kubewatch/llms.txt Installs Kubewatch using Helm, referencing a custom `values.yaml` file for configuration. This allows for a more organized and extensive set of configurations. ```bash helm install kubewatch robusta/kubewatch -f values.yaml ``` -------------------------------- ### Install Kubewatch with Custom Resources via Helm Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Use the `helm install` command with the `--set` flag to configure Kubewatch, including monitoring custom resources. This command also sets RBAC creation, Slack channel and token, and specific resources to watch. ```bash helm install kubewatch robusta/kubewatch --set='rbac.create=true,slack.channel=#YOUR_CHANNEL,slack.token=xoxb-YOUR_TOKEN,resourcesToWatch.pod=true,resourcesToWatch.daemonset=true,customresources[0].group=monitoring.coreos.com,customresources[0].version=v1,customresources[0].resource=prometheusrules' ``` -------------------------------- ### Install Kubewatch with Helm (Slack Notifications) Source: https://context7.com/robusta-dev/kubewatch/llms.txt Installs Kubewatch using the Helm chart, specifically configuring it for Slack notifications. This command enables RBAC, sets the Slack channel and token, and specifies which resources to watch. ```bash helm install kubewatch robusta/kubewatch \ --set='rbac.create=true,slack.channel=#kubernetes-alerts,slack.token=xoxb-YOUR_TOKEN,resourcesToWatch.pod=true,resourcesToWatch.deployment=true' ``` -------------------------------- ### Helm Upgrade Install Command Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Upgrades or installs Kubewatch using Helm with a specified values file. ```bash helm upgrade --install kubewatch robusta/kubewatch --values=values-file.yml ``` -------------------------------- ### Helm Values File Example for Kubewatch Source: https://context7.com/robusta-dev/kubewatch/llms.txt An example `values.yaml` file for Helm deployment, covering RBAC, service accounts, image details, notification handler configurations (Slack, MS Teams, Webhook), resources to watch, custom resources, namespace, environment variables, and resource limits. ```yaml # values.yaml rabc: create: true customRoles: - apiGroups: ["monitoring.coreos.com"] resources: ["prometheusrules"] verbs: ["get", "list", "watch"] serviceAccount: create: true name: kubewatch image: repository: robustadev/kubewatch tag: v2.9.0 pullPolicy: IfNotPresent # Slack configuration slack: enabled: true channel: "#kubernetes-alerts" token: "xoxb-your-slack-token" # MS Teams configuration (alternative) msteams: enabled: false webhookurl: "" # Webhook configuration (alternative) webhook: enabled: false url: "" # Resources to watch resourcesToWatch: deployment: true replicationcontroller: false replicaset: false daemonset: true services: true pod: true job: false persistentvolume: false event: true # Custom resources to watch customresources: - group: monitoring.coreos.com version: v1 resource: prometheusrules # Watch specific namespace (empty = all namespaces) namespaceToWatch: "" # Environment variables extraEnvVars: - name: LOG_LEVEL value: "info" - name: LOG_FORMATTER value: "json" - name: LISTEN_ADDRESS value: ":2112" # Resource limits resources: limits: cpu: 200m memory: 256Mi requests: cpu: 100m memory: 128Mi ``` -------------------------------- ### Install Kubewatch with a YAML values file Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/README.md Provide a custom values.yaml file to configure the chart deployment. ```console $ helm install my-release -f values.yaml bitnami/kubewatch ``` -------------------------------- ### Install Kubewatch via Bitnami Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/README.md Deploys Kubewatch to the Kubernetes cluster using the default configuration. ```console $ helm install my-release bitnami/kubewatch ``` -------------------------------- ### Helm Installation Command Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Installs Kubewatch using Helm, enabling RBAC, specifying a Slack channel and token, and enabling Pod and DaemonSet resource watching. ```bash helm repo add robusta https://robusta-charts.storage.googleapis.com && helm repo update helm install kubewatch robusta/kubewatch --set='rbac.create=true,slack.channel=#YOUR_CHANNEL,slack.token=xoxb-YOUR_TOKEN,resourcesToWatch.pod=true,resourcesToWatch.daemonset=true' ``` -------------------------------- ### Install Kubewatch with Custom RBAC Roles via Helm Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Use the `helm install` command with the `--set` flag to configure Kubewatch, including custom RBAC roles for monitoring specific resources. This command also sets RBAC creation, Slack channel and token. ```bash helm install kubewatch robusta/kubewatch --set='rbac.create=true,slack.channel=#YOUR_CHANNEL,slack.token=xoxb-YOUR_TOKEN,customRoles[0].apiGroups={monitoring.coreos.com},customRoles[0].resources={prometheusrules},customRoles[0].verbs={get,list,watch}' ``` -------------------------------- ### Build Kubewatch Docker Image Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Creates a Docker image for Kubewatch using the Makefile. Requires Docker to be installed. ```bash $ make docker-image $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE kubewatch latest 919896d3cd90 3 minutes ago 27.9MB ``` -------------------------------- ### Install Kubewatch with Helm (MS Teams Notifications) Source: https://context7.com/robusta-dev/kubewatch/llms.txt Installs Kubewatch using Helm, configured for Microsoft Teams notifications. This command enables RBAC, enables MS Teams, provides the webhook URL, and specifies resources to monitor. ```bash helm install kubewatch robusta/kubewatch \ --set='rbac.create=true,msteams.enabled=true,msteams.webhookurl=https://outlook.office.com/webhook/...,resourcesToWatch.pod=true' ``` -------------------------------- ### Add and Remove Resources Example Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Demonstrates how to add and remove multiple resource types for watching using Kubewatch CLI. Specify resource types like --rc, --po, and --svc. ```bash # rc, po and svc will be watched $ kubewatch resource add --rc --po --svc # rc, po and svc will be stopped from being watched $ kubewatch resource remove --rc --po --svc ``` -------------------------------- ### Deploy Kubewatch with Filtering Enabled Source: https://github.com/robusta-dev/kubewatch/blob/master/docs/ADVANCED_FILTERING.md Example Kubernetes Deployment manifest showing how to enable advanced filtering via environment variables. ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: kubewatch spec: template: spec: containers: - name: kubewatch image: kubewatch:latest env: - name: ADVANCED_FILTERS value: "true" - name: KW_CLOUDEVENT_URL value: "https://your-robusta-endpoint" ``` -------------------------------- ### Get Deployment API Version Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Returns the appropriate API version for Deployment resources. ```yaml common.capabilities.deployment.apiVersion ``` -------------------------------- ### Slack ConfigMap YAML Structure Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Example YAML definition for a Kubewatch ConfigMap configured with a Slack webhook handler. ```yaml apiVersion: v1 kind: ConfigMap metadata: name: kubewatch data: .kubewatch.yaml: | namespace: "" handler: slackwebhook: enabled: true channel: username: emoji: slackwebhookurl: resource: clusterrole: false configmap: false daemonset: false deployment: true ingress: false job: false namespace: false node: false persistentvolume: false pod: true replicaset: false replicationcontroller: false secret: false serviceaccount: false services: true event: true coreevent: false ``` -------------------------------- ### Get StatefulSet API Version Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Returns the appropriate API version for StatefulSet resources. ```yaml common.capabilities.statefulset.apiVersion ``` -------------------------------- ### Add Robusta Helm Repository Source: https://context7.com/robusta-dev/kubewatch/llms.txt Adds the official Helm repository for Robusta, which hosts the Kubewatch Helm chart. This is a prerequisite for installing Kubewatch using Helm. ```bash helm repo add robusta https://robusta-charts.storage.googleapis.com helm repo update ``` -------------------------------- ### Kubewatch Helm Values File Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md A YAML configuration file for Helm to customize Kubewatch installation, including RBAC, resource watching, custom resources, and Slack integration. ```yaml rbac: create: true customRoles: - apiGroups: ["monitoring.coreos.com"] resources: ["prometheusrules"] verbs: ["get", "list", "watch"] resourcesToWatch: deployment: false replicationcontroller: false replicaset: false daemonset: false services: true pod: true job: false node: false clusterrole: true clusterrolebinding: true serviceaccount: true persistentvolume: false namespace: false secret: false configmap: false ingress: false coreevent: false event: true customresources: - group: monitoring.coreos.com version: v1 resource: prometheusrules slack: channel: '#YOUR_CHANNEL' token: 'xoxb-YOUR_TOKEN' ``` -------------------------------- ### Get Kubernetes Version Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Retrieves the target Kubernetes version. Uses the client's default if `.Values.kubeVersion` is not set. ```yaml common.capabilities.kubeVersion ``` -------------------------------- ### Debug Log Output Source: https://github.com/robusta-dev/kubewatch/blob/master/docs/ADVANCED_FILTERING.md Example log entries generated when debug logging is enabled, indicating why specific events were filtered. ```text DEBU[0001] Filtering out Event resource - type: Normal (only Warning events are sent) DEBU[0002] Filtering out Pod update event - no significant changes detected ``` -------------------------------- ### Define Init Container Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/README.md Use `initContainers` to add extra init containers to the pod. These containers run before the main application container and can be used for setup tasks. Define the container according to the Kubernetes container specification. ```yaml initContainers: - name: your-image-name image: your-image imagePullPolicy: Always ports: - name: portname containerPort: 1234 ``` -------------------------------- ### ValidateValue Usage Example Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Example of using ValidateValue for input validation. ```APIDOC ## ValidateValue Usage Example ### Description This section provides an example of how `ValidateValue` can be used for input validation, specifically demonstrating how to ensure certain values are not empty and how to retrieve them if they are. ### Console Example **Setting up validation configurations:** ```console {{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} {{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} {{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) ``` **Forcing empty values and observing alerts:** ```console $ helm install test mychart --set path.to.value00="",path.to.value01="" 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) ``` ``` -------------------------------- ### Display Sample Kubewatch Configuration Source: https://context7.com/robusta-dev/kubewatch/llms.txt Generates and shows a sample configuration file that can be used as a template for your own `~/.kubewatch.yaml`. ```bash kubewatch config sample ``` -------------------------------- ### Build Kubewatch with Go Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Builds the Kubewatch executable from source using the Go toolchain. Requires Go (v1.5+) and GOPATH to be set. ```bash $ git clone https://github.com/bitnami-labs/kubewatch.git $ cd kubewatch $ go build ``` -------------------------------- ### Kubewatch Resource Management CLI Help Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Displays help information for managing resources to be watched by Kubewatch. Changes are saved to $HOME/.kubewatch.yaml. ```bash $ kubewatch resource -h manage resources to be watched Usage: kubewatch resource [flags] kubewatch resource [command] Available Commands: add adds specific resources to be watched remove remove specific resources being watched Flags: --clusterrolebinding watch for cluster role bindings --clusterrole watch for cluster roles --cm watch for plain configmaps --deploy watch for deployments --ds watch for daemonsets -h, --help help for resource --ing watch for ingresses --job watch for jobs --node watch for Nodes --ns watch for namespaces --po watch for pods --pv watch for persistent volumes --rc watch for replication controllers --rs watch for replicasets --sa watch for service accounts --secret watch for plain secrets --svc watch for services --coreevent watch for events from the kubernetes core api. (Old events api, replaced in kubernetes 1.19) Use "kubewatch resource [command] --help" for more information about a command. ``` -------------------------------- ### Get RBAC API Version Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Returns the appropriate API version for RBAC resources. ```yaml common.capabilities.rbac.apiVersion ``` -------------------------------- ### Get Ingress API Version Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Returns the appropriate API version for Ingress resources. ```yaml common.capabilities.ingress.apiVersion ``` -------------------------------- ### Run Kubewatch with Docker Source: https://context7.com/robusta-dev/kubewatch/llms.txt Instructions for running Kubewatch locally using Docker. This includes creating a configuration file, running interactively, as a daemon, and using environment variables for configuration. ```bash # Create configuration file cat > ~/.kubewatch.yaml << 'EOF' handler: slack: token: "xoxb-your-slack-token" channel: "#kubernetes-alerts" resource: deployment: true pod: true services: true event: true namespace: "" EOF # Run interactively docker run --rm -it --network host \ -v $HOME/.kubewatch.yaml:/root/.kubewatch.yaml \ -v $HOME/.kube/config:/opt/bitnami/kubewatch/.kube/config \ --name kubewatch \ robustadev/kubewatch:v2.9.0 # Run as daemon docker run -d --network host \ -v $HOME/.kubewatch.yaml:/root/.kubewatch.yaml \ -v $HOME/.kube/config:/opt/bitnami/kubewatch/.kube/config \ --name kubewatch \ robustadev/kubewatch:v2.9.0 # Using environment variables instead of config file docker run -d --network host \ -v $HOME/.kube/config:/opt/bitnami/kubewatch/.kube/config \ -e KW_SLACK_TOKEN='xoxb-your-slack-token' \ -e KW_SLACK_CHANNEL='#kubernetes-alerts' \ -e KW_POD='true' \ -e KW_DEPLOYMENT='true' \ -e KW_SERVICE='true' \ --name kubewatch \ robustadev/kubewatch:v2.9.0 ``` -------------------------------- ### Build Kubewatch using Makefile Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Compiles the Kubewatch application using the provided Makefile. This is an alternative to using the Go build command directly. ```bash $ make build ``` -------------------------------- ### Get CronJob API Version Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Returns the appropriate API version for CronJob resources. ```yaml common.capabilities.cronjob.apiVersion ``` -------------------------------- ### CloudEvent Payload Structure Source: https://context7.com/robusta-dev/kubewatch/llms.txt Example of a CloudEvents 1.0 compliant JSON payload sent by Kubewatch. ```json { "specversion": "1.0", "type": "KUBERNETES_TOPOLOGY_CHANGE", "source": "https://github.com/aantn/kubewatch", "id": "1705312200-1", "time": "2024-01-15T10:30:00.000000Z", "datacontenttype": "application/json", "data": { "operation": "create", "kind": "Pod", "clusterUid": "TODO", "description": "A `Pod` in namespace `default` has been `Created`:\n`nginx-deployment-5d8b6bf8d-abc12`", "apiVersion": "v1", "obj": { "apiVersion": "v1", "kind": "Pod", "metadata": { "name": "nginx-deployment-5d8b6bf8d-abc12", "namespace": "default" } }, "oldObj": null } } ``` -------------------------------- ### View Current Configuration Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Displays the full contents of the local .kubewatch.yaml configuration file. ```console $ kubewatch config view Contents of .kubewatch.yaml handler: slack: token: xoxb-xxxxx-yyyy-zzz channel: kube-watch hipchat: token: "" room: "" url: "" mattermost: channel: "" url: "" username: "" flock: url: "" webhook: url: "" cloudevent: url: "" resource: deployment: false replicationcontroller: false replicaset: false daemonset: false services: false pod: true job: false node: false clusterrole: false clusterrolebinding: false serviceaccount: false persistentvolume: false namespace: false secret: false configmap: false ingress: false event: true coreevent: false namespace: "" ``` -------------------------------- ### Get Network Policy API Version Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Returns the appropriate API version for NetworkPolicy resources. ```yaml common.capabilities.networkPolicy.apiVersion ``` -------------------------------- ### ImageRoot Configuration Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Configure the Docker image for Kubewatch. ```APIDOC ## ImageRoot Configuration ### Description Configure the Docker registry, repository, tag, pull policy, and pull secrets for the Kubewatch image. ### Parameters #### Request Body - **registry** (string) - Optional - Docker registry where the image is located. Example: `docker.io` - **repository** (string) - Optional - Repository and image name. Example: `bitnami/nginx` - **tag** (string) - Optional - Image tag. Example: `1.16.1-debian-10-r63` - **pullPolicy** (string) - Optional - Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'. - **pullSecrets** (array of strings) - Optional - Optionally specify an array of imagePullSecrets (evaluated as templates). - **debug** (boolean) - Optional - Set to true if you would like to see extra information on logs. Example: `false` ### Request Example ```yaml registry: docker.io repository: bitnami/nginx tag: 1.16.1-debian-10-r63 pullPolicy: IfNotPresent debug: false ``` ``` -------------------------------- ### Kubewatch CLI Help Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Displays the help information for the Kubewatch command-line interface, including available commands and flags. ```bash kubewatch -h Kubewatch: A watcher for Kubernetes cubewatch is a Kubernetes watcher that publishes notifications to Slack/hipchat/mattermost/flock channels. It watches the cluster for resource changes and notifies them through webhooks. supported webhooks: - slack - slackwebhook - msteams - hipchat - mattermost - flock - webhook - cloudevent - smtp Usage: kubewatch [flags] kubewatch [command] Available Commands: config modify kubewatch configuration resource manage resources to be watched version print version Flags: -h, --help help for kubewatch Use "kubewatch [command] --help" for more information about a command. ``` -------------------------------- ### Kubewatch Config Command Help Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Display help information for the 'kubewatch config' command, outlining its usage and available subcommands. ```console $ kubewatch config -h config command allows admin setup his own configuration for running kubewatch Usage: kubewatch config [flags] kubewatch config [command] Available Commands: add add webhook config to .kubewatch.yaml test test handler config present in .kubewatch.yaml view view .kubewatch.yaml Flags: -h, --help help for config Use "kubewatch config [command] --help" for more information about a command. ``` -------------------------------- ### Get CRD API Version Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Returns the appropriate API version for Custom Resource Definition (CRD) resources. ```yaml common.capabilities.crd.apiVersion ``` -------------------------------- ### Kubewatch Environment Variables Source: https://context7.com/robusta-dev/kubewatch/llms.txt Complete reference for configuring Kubewatch handlers, resource watching, logging, and metrics via environment variables. ```bash # Handler Configuration export KW_SLACK_TOKEN='xoxb-your-slack-token' export KW_SLACK_CHANNEL='#kubernetes-alerts' export KW_SLACK_TITLE='Kubewatch Alert' export KW_SLACK_WEBHOOK_URL='https://hooks.slack.com/services/...' export KW_MSTEAMS_WEBHOOKURL='https://outlook.office.com/webhook/...' export KW_WEBHOOK_URL='https://your-endpoint.com/webhook' export KW_WEBHOOK_CERT='/path/to/ca.crt' export KW_CLOUDEVENT_URL='https://robusta.example.com/cloudevent' export KW_FLOCK_URL='https://api.flock.com/hooks/sendMessage/xxx' # Resource Watching export KW_POD='true' export KW_DEPLOYMENT='true' export KW_DAEMONSET='true' export KW_REPLICASET='true' export KW_REPLICATION_CONTROLLER='true' export KW_SERVICE='true' export KW_JOB='true' export KW_PERSISTENT_VOLUME='true' export KW_SECRET='true' export KW_CONFIGMAP='true' export KW_INGRESS='true' export KW_NODE='true' export KW_NAMESPACE='true' export KW_SERVICE_ACCOUNT='true' export KW_CLUSTER_ROLE='true' export KW_CLUSTER_ROLE_BINDING='true' # Logging Configuration export LOG_LEVEL='debug' # trace, debug, info, warning, error export LOG_FORMATTER='json' # json or text (default) # Metrics Configuration export LISTEN_ADDRESS=':2112' # Prometheus metrics endpoint # Advanced Filtering (CloudEvent handler only) export ADVANCED_FILTERS='true' # Enable event filtering # Configuration Directory export KW_CONFIG='/etc/kubewatch' # Custom config directory # Profiling (development) export ENABLE_PPROF='True' # Enable pprof on localhost:6060 ``` -------------------------------- ### Format Go code with gofmt Source: https://github.com/robusta-dev/kubewatch/blob/master/docs/CONTRIBUTION.md Use this command to unify code style across the project by automatically formatting Go source files. ```bash gofmt -s -w . ``` -------------------------------- ### Kubewatch Resource Add Command Help Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Shows help for adding specific resources to be watched by Kubewatch. This command lists available resource types that can be added. ```bash $ kubewatch resource add -h adds specific resources to be watched Usage: kubewatch resource add [flags] Flags: -h, --help help for add Global Flags: --clusterrole watch for cluster roles --clusterrolebinding watch for cluster role bindings --cm watch for plain configmaps --deploy watch for deployments --ds watch for daemonsets --ing watch for ingresses --job watch for jobs --node watch for Nodes --ns watch for namespaces --po watch for pods --pv watch for persistent volumes --rc watch for replication controllers --rs watch for replicasets --sa watch for service accounts --secret watch for plain secrets --svc watch for services --coreevent watch for events from the kubernetes core api. (Old events api, replaced in kubernetes 1.19) ``` -------------------------------- ### Verify Kubewatch Deployment Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/templates/NOTES.txt Run this command to monitor the deployment status of Kubewatch. Replace {{ .Release.Namespace }} with your actual namespace. ```bash kubectl get deploy -w --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} ``` -------------------------------- ### Get Pod Security Policy API Version Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Returns the appropriate API version for Pod Security Policy resources. ```yaml common.capabilities.policy.apiVersion ``` -------------------------------- ### View Current Kubewatch Configuration Source: https://context7.com/robusta-dev/kubewatch/llms.txt Use this command to display the current configuration settings for Kubewatch. The configuration is typically loaded from `~/.kubewatch.yaml`. ```bash kubewatch config view ``` -------------------------------- ### Helm Library Chart Helpers Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Overview of available template helpers for affinities, capabilities, and error validation within the Bitnami Common Library. ```APIDOC ## Helm Library Chart Helpers ### Description This library provides reusable template helpers for Helm charts, categorized into Affinities, Capabilities, and Error validation. ### Affinities - **common.affinities.node.soft**: Return a soft nodeAffinity definition. Input: `dict "key" "FOO" "values" (list "BAR" "BAZ")` - **common.affinities.node.hard**: Return a hard nodeAffinity definition. Input: `dict "key" "FOO" "values" (list "BAR" "BAZ")` - **common.affinities.pod.soft**: Return a soft podAffinity/podAntiAffinity definition. Input: `dict "component" "FOO" "context" $` - **common.affinities.pod.hard**: Return a hard podAffinity/podAntiAffinity definition. Input: `dict "component" "FOO" "context" $` ### Capabilities - **common.capabilities.kubeVersion**: Return the target Kubernetes version. - **common.capabilities.cronjob.apiVersion**: Return the appropriate apiVersion for cronjob. - **common.capabilities.deployment.apiVersion**: Return the appropriate apiVersion for deployment. - **common.capabilities.statefulset.apiVersion**: Return the appropriate apiVersion for statefulset. - **common.capabilities.ingress.apiVersion**: Return the appropriate apiVersion for ingress. - **common.capabilities.rbac.apiVersion**: Return the appropriate apiVersion for RBAC resources. - **common.capabilities.crd.apiVersion**: Return the appropriate apiVersion for CRDs. - **common.capabilities.policy.apiVersion**: Return the appropriate apiVersion for podsecuritypolicy. - **common.capabilities.networkPolicy.apiVersion**: Return the appropriate apiVersion for networkpolicy. - **common.capabilities.supportsHelmVersion**: Returns true if the used Helm version is 3.3+. ### Errors - **common.errors.upgrade.passwords.empty**: Ensures required passwords are provided during chart upgrades. Input: `dict "validationErrors" (list $validationError00 $validationError01) "context" $` ``` -------------------------------- ### Apply Slack ConfigMap via Bash Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Uses sed to inject environment variables into a YAML template and applies it to the cluster via kubectl. ```console $ cat kubewatch-configmap-slackwebhook.yaml | sed "s||""$SlackChannel""|g;s||""$SlackUsesrName""|g;s||""$SlackEmoji""|g;s||""$WebhookUrl""|g" | kubectl create -f - ``` -------------------------------- ### Implement ExistingSecret in Helm templates Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Demonstrates how to reference existing secrets within deployment templates and values files. ```yaml # templates/secret.yaml --- apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" . }} labels: app: {{ include "common.names.fullname" . }} type: Opaque data: password: {{ .Values.password | b64enc | quote }} # templates/dpl.yaml --- ... env: - name: PASSWORD valueFrom: secretKeyRef: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} ... # values.yaml --- name: mySecret keyMapping: password: myPasswordKey ``` -------------------------------- ### Test Handler Configuration Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Commands to view help for the test utility and execute a test message to verify handler settings. ```console $ kubewatch config test -h Tests handler configs present in .kubewatch.yaml by sending test messages Usage: kubewatch config test [flags] Flags: -h, --help help for test ``` ```console $ kubewatch config test Testing Handler configs from .kubewatch.yaml 2019/06/03 12:29:23 Message successfully sent to channel ABCD at 1559545162.000100 ``` -------------------------------- ### Configure Slack Webhook via CLI Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Adds Slack webhook details to the Kubewatch configuration using the command line interface. ```console $ kubewatch config add slackwebhookurl --username --emoji --channel --slackwebhookurl ``` -------------------------------- ### Kubernetes Deployment and Verification Commands Source: https://context7.com/robusta-dev/kubewatch/llms.txt Commands to deploy the Kubewatch ConfigMap to Kubernetes and verify its deployment by checking pods and logs. ```bash # Deploy to Kubernetes kubectl apply -f kubewatch-configmap.yaml # Verify deployment kubectl get pods -l app=kubewatch kubectl logs -l app=kubewatch -f ``` -------------------------------- ### Configure Resources to Watch Source: https://context7.com/robusta-dev/kubewatch/llms.txt Manages which Kubernetes resources Kubewatch monitors. Use flags to add or remove specific resource types. ```bash # Add resources to watch kubewatch resource add --po --svc --deploy # INFO[0000] resource po configured # INFO[0000] resource svc configured # INFO[0000] resource deploy configured ``` ```bash # Remove resources from watch list kubewatch resource remove --po --svc ``` -------------------------------- ### Configure Slack Webhook via Environment Variables Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Sets Slack notification parameters using environment variables as an alternative to the CLI configuration. ```console $ export KW_SLACK_CHANNEL=slack_channel $ export KW_SLACK_USERNAME=slack_username $ export KW_SLACK_EMOJI=slack_emoji $ export KW_SLACK_WEBHOOK_URL=slack_webhook_url ``` -------------------------------- ### Persistence Configuration Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Configure persistent storage for Kubewatch data. ```APIDOC ## Persistence Configuration ### Description Configure whether to enable persistence, specify the storage class, access mode, size, and path for persistent volume storage. ### Parameters #### Request Body - **enabled** (boolean) - Optional - Whether to enable persistence. Example: `true` - **storageClass** (string) - Optional - Ghost data Persistent Volume Storage Class. If set to "-", storageClassName: "" which disables dynamic provisioning. Example: `"-"` - **accessMode** (string) - Optional - Access mode for the Persistent Volume Storage. Example: `ReadWriteOnce` - **size** (string) - Optional - Size of the Persistent Volume Storage. Example: `8Gi` - **path** (string) - Optional - Path to be persisted. Example: `/bitnami` ### Request Example ```yaml enabled: true storageClass: "-" accessMode: ReadWriteOnce size: 8Gi path: /bitnami ``` ``` -------------------------------- ### Run Kubewatch Container Interactively with Docker Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Run the Kubewatch container interactively using Docker. Ensure the config file is located at $HOME/.kubewatch.yaml and the kubeconfig is mounted. ```console docker run --rm -it --network host -v $HOME/.kubewatch.yaml:/root/.kubewatch.yaml -v $HOME/.kube/config:/opt/bitnami/kubewatch/.kube/config --name robustadev/kubewatch ``` -------------------------------- ### Set Slack Token and Channel via Environment Variables Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Alternatively, set the Slack API token and channel name using environment variables KW_SLACK_TOKEN and KW_SLACK_CHANNEL. ```console $ export KW_SLACK_TOKEN='XXXXXXXXXXXXXXXX' $ export KW_SLACK_CHANNEL='#channel_name' ``` -------------------------------- ### Run Filter Tests Source: https://github.com/robusta-dev/kubewatch/blob/master/docs/ADVANCED_FILTERING.md Execute the unit tests for the filtering logic located in the pkg/filter package. ```bash cd pkg/filter go test -v ``` -------------------------------- ### Storage Helpers Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Helper for retrieving the appropriate storage class. ```APIDOC ## common.storage.class ### Description Return the proper Storage Class. ### Parameters - **persistence** (dict) - Required - Path to persistence configuration - **global** (object) - Required - Global context ``` -------------------------------- ### Create Kubewatch ConfigMap Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Use this command to create the Kubewatch configuration map in your Kubernetes cluster. ```bash $ kubectl create -f kubewatch-configmap.yaml ``` -------------------------------- ### Configure ImageRoot settings Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Defines the structure for image registry, repository, tag, and pull policies. ```yaml registry: type: string description: Docker registry where the image is located example: docker.io repository: type: string description: Repository and image name example: bitnami/nginx tag: type: string description: image tag example: 1.16.1-debian-10-r63 pullPolicy: type: string description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' pullSecrets: type: array items: type: string description: Optionally specify an array of imagePullSecrets (evaluated as templates). debug: type: boolean description: Set to true if you would like to see extra information on logs example: false ## An instance would be: # registry: docker.io # repository: bitnami/nginx # tag: 1.16.1-debian-10-r63 # pullPolicy: IfNotPresent # debug: false ``` -------------------------------- ### Create Kubewatch Pod Source: https://github.com/robusta-dev/kubewatch/blob/master/README.md Use this command to create the Kubewatch pod directly in your Kubernetes cluster. ```bash $ kubectl create -f kubewatch.yaml ``` -------------------------------- ### Ingress Helper Functions Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Functions for generating Ingress configurations and checking feature support. ```APIDOC ## Ingress Helper Functions ### `common.ingress.backend` #### Description Generate a proper Ingress backend entry depending on the API version. #### Expected Input `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences. ### `common.ingress.supportsPathType` #### Description Prints "true" if the pathType field is supported. #### Expected Input `.` Chart context ### `common.ingress.supportsIngressClassname` #### Description Prints "true" if the ingressClassname field is supported. #### Expected Input `.` Chart context ### `common.ingress.certManagerRequest` #### Description Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations. #### Expected Input `dict "annotations" .Values.path.to.the.ingress.annotations` ``` -------------------------------- ### Prometheus Metrics Configuration Source: https://context7.com/robusta-dev/kubewatch/llms.txt Commands and configuration for scraping Kubewatch metrics. ```bash # Scrape metrics curl http://localhost:2112/metrics # Example output: # HELP kubewatch_events_total The total number of Kubernetes events observed by Kubewatch, labeled by resource and event type # TYPE kubewatch_events_total counter # kubewatch_events_total{resourceType="Pod",eventType="create"} 42 # kubewatch_events_total{resourceType="Pod",eventType="update"} 156 # kubewatch_events_total{resourceType="Pod",eventType="delete"} 38 # kubewatch_events_total{resourceType="Deployment",eventType="create"} 12 # kubewatch_events_total{resourceType="Deployment",eventType="update"} 89 ``` ```yaml # Prometheus scrape configuration scrape_configs: - job_name: 'kubewatch' static_configs: - targets: ['kubewatch:2112'] metrics_path: /metrics ``` -------------------------------- ### Configure Persistence settings Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md Defines storage class, access modes, and volume paths for persistent data. ```yaml enabled: type: boolean description: Whether enable persistence. example: true storageClass: type: string description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. example: "-" accessMode: type: string description: Access mode for the Persistent Volume Storage. example: ReadWriteOnce size: type: string description: Size the Persistent Volume Storage. example: 8Gi path: type: string description: Path to be persisted. example: /bitnami ## An instance would be: # enabled: true # storageClass: "-" # accessMode: ReadWriteOnce # size: 8Gi # path: /bitnami ``` -------------------------------- ### Utility Helpers Source: https://github.com/robusta-dev/kubewatch/blob/master/helm/kubewatch/charts/common/README.md General utility functions for environment variables, secret values, and value retrieval. ```APIDOC ## common.utils.fieldToEnvVar ### Description Build environment variable name given a field. ### Parameters - **field** (string) - Required - Field name ## common.utils.secret.getvalue ### Description Print instructions to get a secret value. ### Parameters - **secret** (string) - Required - Secret name - **field** (string) - Required - Secret value field - **context** (object) - Required - Chart context ## common.utils.getValueFromKey ### Description Gets a value from .Values object given its key path. ### Parameters - **key** (string) - Required - Key path - **context** (object) - Required - Chart context ## common.utils.getKeyFromList ### Description Returns first .Values key with a defined value or first of the list if all non-defined. ### Parameters - **keys** (list) - Required - List of keys - **context** (object) - Required - Chart context ```