Kubectl
The Botkube Kubectl executor plugin allows you to run the kubectl
command directly in the chat window of each communication platform.
By default, just the read-only kubectl
commands are supported. For enabling commands that require create, update or delete rules, you need to create specific (Cluster)Role and (Cluster)RoleBinding and reference it in the RBAC configuration. To learn more, refer to the RBAC section.
Enabling plugin​
Self-hosted Botkube installation​
The Kubectl plugin is hosted by the official Botkube plugin repository. First, make sure that the botkube
repository is defined under plugins
in the values.yaml file.
plugins:
repositories:
botkube:
url: https://github.com/kubeshop/botkube/releases/download/v1.11.0/plugins-index.yaml
To enable Kubectl executor, add `--set 'executors.k8s-default-tools.botkube/kubectl.enabled=true'
to a given Botkube install
command.
Configuration Syntax​
This plugin supports the following configuration:
# Configures the default Namespace for executing Botkube `kubectl` commands. If not set, uses the 'default'.
defaultNamespace: "default"
# Configures the interactive kubectl command builder.
interactiveBuilder:
allowed:
# Configures which K8s namespace are displayed in namespace dropdown.
# If not specified, plugin needs to have access to fetch all Namespaces, otherwise Namespace dropdown won't be visible at all.
namespaces: ["default"]
# Configures which `kubectl` methods are displayed in commands dropdown.
verbs: ["api-resources", "api-versions", "cluster-info", "describe", "explain", "get", "logs", "top"]
# Configures which K8s resource are displayed in resources dropdown.
resources: ["deployments", "pods", "namespaces"]
The default configuration for Helm chart can be found in the values.yaml file.
Merging strategy​
For all collected kubectl
executors bindings, configuration properties are overridden based on the order of the binding list for a given channel. The priority is given to the last binding specified on the list. Empty properties are omitted.
Example​
Consider such configuration in the Botkube self-hosted installation:
communications:
"default-group":
socketSlack:
channels:
"default":
name: "random"
bindings:
executors:
- kubectl-one
- kubectl-two
- kubectl-three
executors:
"kubectl-one":
kubectl:
enabled: true
config:
defaultNamespace: "default"
interactiveBuilder:
allowed:
verbs: ["api-resources", "api-versions", "cluster-info", "describe", "explain", "get", "logs", "top"]
resources: ["deployments", "pods", "namespaces"]
"kubectl-two":
kubectl:
enabled: true
config:
interactiveBuilder:
allowed:
namespaces: ["default"]
verbs: ["api-resources", "top"]
"kubectl-three":
kubectl:
enabled: false
config:
interactiveBuilder:
allowed:
namespaces: ["kube-system"]
We can see that:
- Only the
default
namespace is displayed in the interactive command builder. This is a result of mergingkubectl-one
andkubectl-two
. Thekubectl-three
binding is not taken into account as it's disabled. - Only the
api-resources
andtop
verbs are displayed in the interactive command builder as they are overridden by thekubectl-two
. - All resources defined in
kubectl-one
are displayed in the interactive command builder as other enabled bindings don't override this property.