我的书签
添加书签
移除书签Manage Multi-Tenant Notifications with Notification Manager
Notification Manager manages notifications in KubeSphere. It receives alerts or notifications from different senders and then sends notifications to different users.
Supported senders include:
- Prometheus Alertmanager
- Custom sender (Coming soon)
Supported receivers include:
- WeChat Work
- Slack
- Webhook (Coming soon)
Quickstart
Configure Prometheus Alertmanager to send alerts to Notification Manager
Notification Manager uses the port 19093 and API path /api/v2/alerts to receive alerts sent from Prometheus Alertmanager of KubeSphere.
To receive Alertmanager alerts, KubeSphere already added the Alertmanager webhook and route configurations like below (by editing the Secret alertmanager-main in the namespace kubesphere-monitoring-system):
Send Prometheus alerts to Notification Manager:
"receivers":- "name": "prometheus""webhook_configs":- "url": "http://notification-manager-svc.kubesphere-monitoring-system.svc:19093/api/v2/alerts""route":"routes":- "match":"alerttype": """receiver": "prometheus"
Send event alerts to Notification Manager:
"receivers":- "name": "event""webhook_configs":- "url": "http://notification-manager-svc.kubesphere-monitoring-system.svc:19093/api/v2/alerts""send_resolved": false"route":"routes":- "match":"alerttype": "event""receiver": "event""group_interval": "30s"
Send auditing alerts to Notification Manager:
"receivers":- "name": "auditing""webhook_configs":- "url": "http://notification-manager-svc.kubesphere-monitoring-system.svc:19093/api/v2/alerts""send_resolved": false"route":"routes":- "match":"alerttype": "auditing""receiver": "auditing""group_interval": "30s"
备注
The above is the default configuration. If you do not want to receive a certain type of alert, you can delete the corresponding configuration.
Configure receivers
Notification Manager now supports three types of receivers: Email, WeChat Work and Slack. Only the administrator can configure receivers.
If a tenant named test-user who wants to receive email notifications, create an email receiver as follows:
cat <<EOF | kubectl apply -f -apiVersion: v1data:password: dGVzdA==kind: Secretmetadata:labels:app: notification-managername: test-user-email-secretnamespace: kubesphere-monitoring-systemtype: Opaque---apiVersion: notification.kubesphere.io/v1alpha1kind: EmailConfigmetadata:labels:app: notification-managertype: tenantuser: test-username: test-user-confignamespace: kubesphere-monitoring-systemspec:authPassword:key: passwordname: test-user-email-secretauthUsername: abc1from: abc1@xyz.comrequireTLS: truesmartHost:host: imap.xyz.comport: "25"---apiVersion: notification.kubesphere.io/v1alpha1kind: EmailReceivermetadata:labels:app: notification-managertype: tenantuser: test-username: test-user-receivernamespace: kubesphere-monitoring-systemspec:emailConfigSelector:matchLabels:type: tenantuser: test-userto:- abc2@xyz.com- abc3@xyz.comEOF
emailConfigSelector is a selector to select EmailConfig for the email receiver. If emailConfigSelector is not set, the receiver will use the default email configuration. You can create a default email configuration as follows:
cat <<EOF | kubectl apply -f -apiVersion: v1data:password: dGVzdA==kind: Secretmetadata:labels:app: notification-managername: default-email-secretnamespace: kubesphere-monitoring-systemtype: Opaque---apiVersion: notification.kubesphere.io/v1alpha1kind: EmailConfigmetadata:labels:app: notification-managertype: defaultname: default-email-confignamespace: kubesphere-monitoring-systemspec:authPassword:key: passwordname: default-email-secretauthUsername: defaultfrom: default@xyz.comrequireTLS: truesmartHost:host: imap.xyz.comport: "25"EOF
Email receivers with the label type: tenant only receive notifications from the namespace to which the specified tenant user has access. If you want them to receive notifications from all namespaces or even without a namespace label, you can create a global email receiver with the label type: global as below:
cat <<EOF | kubectl apply -f -apiVersion: notification.kubesphere.io/v1alpha1kind: EmailReceivermetadata:labels:app: notification-managertype: globalname: global-email-receivernamespace: kubesphere-monitoring-systemspec:to:- global@xyz.comEOF
备注
The global email receiver will use the default email configuration.
WeChat Work
Notification Manager supports sending notifications to WeChat Work. If a tenant named test-user who wants to receive notifications from WeChat Work, create a WeChat receiver as follows:
cat <<EOF | kubectl apply -f -apiVersion: v1data:wechat: dGVzdA==kind: Secretmetadata:labels:app: notification-managername: test-user-wechat-secretnamespace: kubesphere-monitoring-systemtype: Opaque---apiVersion: notification.kubesphere.io/v1alpha1kind: WechatConfigmetadata:name: test-user-confignamespace: kubesphere-monitoring-systemlabels:app: notification-managertype: tenantuser: test-userspec:wechatApiUrl: https://qyapi.weixin.qq.com/cgi-bin/wechatApiSecret:key: wechatname: test-user-wehat-secretwechatApiCorpId: wwfd76b24f06513578wechatApiAgentId: "1000002"---apiVersion: notification.kubesphere.io/v1alpha1kind: WechatReceivermetadata:name: test-user-wechatnamespace: kubesphere-monitoring-systemlabels:app: notification-managertype: tenantuser: test-userspec:wechatConfigSelector:matchLabels:type: tenantuser: test-user# optional# One of toUser, toParty, toParty should be specified.toUser: user1 | user2toParty: party1 | party2toTag: tag1 | tag2EOF
信息
wechatApiCorpIdis the id of your WeChat Work.wechatApiAgentIdis the id of the app sending messages to users in your WeChat Work.wechatApiSecretis the secret of this app. You can get these two parameters in App Management of your WeChat Work.- Any user, party or tag who wants to receive notifications must be in the allowed users list of this app.
wechatConfigSelector is a selector to select WechatConfig for the WeChat receiver. If wechatConfigSelector is not set, the WeChat receiver will use the default WeChat configuration. You can create a default WeChat configuration as follows:
cat <<EOF | kubectl apply -f -apiVersion: v1data:wechat: dGVzdA==kind: Secretmetadata:labels:app: notification-managername: default-wechat-secretnamespace: kubesphere-monitoring-systemtype: Opaque---apiVersion: notification.kubesphere.io/v1alpha1kind: WechatConfigmetadata:name: default-wechat-confignamespace: kubesphere-monitoring-systemlabels:app: notification-managertype: defaultspec:wechatApiUrl: https://qyapi.weixin.qq.com/cgi-bin/wechatApiSecret:key: wechatname: default-wechat-secretwechatApiCorpId: wwfd76b24f06513578wechatApiAgentId: "1000002"EOF
WeChat receivers with the label type: tenant can only receive notifications from the namespace to which the specified tenant user has access. If you want them to receive notifications from all namespaces or even without a namespace label, you can create a global WeChat receiver with the label type: global as below:
cat <<EOF | kubectl apply -f -apiVersion: notification.kubesphere.io/v1alpha1kind: WechatReceivermetadata:name: global-wechat-wechatnamespace: kubesphere-monitoring-systemlabels:app: notification-managertype: globalspec:# optional# One of toUser, toParty, toParty should be specified.toUser: globaltoParty: globaltoTag: globalEOF
备注
The global WeChat receiver will use the default WeChat configuration.
Slack
Notification Manager supports sending notifications to Slack channels. If a tenant named test-user who wants to receive notifications from Slack, create a Slack receiver as follows:
cat <<EOF | kubectl apply -f -apiVersion: v1data:token: dGVzdA==kind: Secretmetadata:labels:app: notification-managername: test-user-slack-secretnamespace: kubesphere-monitoring-systemtype: Opaque---apiVersion: notification.kubesphere.io/v1alpha1kind: SlackConfigmetadata:name: test-user-confignamespace: kubesphere-monitoring-systemlabels:app: notification-managertype: tenantuser: test-userspec:slackTokenSecret:key: tokenname: test-user-slack-secret---apiVersion: notification.kubesphere.io/v1alpha1kind: SlackReceivermetadata:name: test-user-slacknamespace: kubesphere-monitoring-systemlabels:app: notification-managertype: tenantuser: test-userspec:slackConfigSelector:matchLabels:type: tenantuser: test-userchannel: alertEOF
信息
- The Slack token is the OAuth Access Token or Bot User OAuth Access Token when you create a Slack app.
- This app must have the scope chat:write.
- The user who creates the app or bot user must be in the channel to which you want to send notifications.
slackConfigSelector is a selector to select SlackConfig for the Slack receiver. If slackConfigSelector is not set, the Slack receiver will use the default Slack configuration. You can create a default Slack configuration as follows:
cat <<EOF | kubectl apply -f -apiVersion: v1data:token: dGVzdA==kind: Secretmetadata:labels:app: notification-managername: default-slack-secretnamespace: kubesphere-monitoring-systemtype: Opaque---apiVersion: notification.kubesphere.io/v1alpha1kind: SlackConfigmetadata:name: default-slack-confignamespace: kubesphere-monitoring-systemlabels:app: notification-managertype: defaultspec:slackTokenSecret:key: tokenname: default-slack-secretEOF
Slack receivers with the label type: tenant can only receive notifications from the namespace to which the specified tenant user has access. If you want them to receive notifications from all namespaces or even without a namespace label, you can create a global Slack receiver with the label type: global as below:
cat <<EOF | kubectl apply -f -apiVersion: notification.kubesphere.io/v1alpha1kind: SlackReceivermetadata:name: global-slack-slacknamespace: kubesphere-monitoring-systemlabels:app: notification-managertype: globalspec:channel: globalEOF
备注
The global Slack receiver will use the default Slack configuration.
