Introduction

Slackwatch is meant to notify you of new versions of your workloads in your Kubernetes cluster.

It does this by comparing the tags of your workloads to the tags of the images in your container registry. If a new version is found, it will send a notification to a specified endpoint.

Slackwatch does not monitor the manifests of containers(currently). Which means on changes in semantic versioning of the container image, slackwatch will notify you.

Additionally, workloads using :latest cannot be watched by slackwatch.

To get Started

Follow the installation guide. Review the configuration options in the configuration guide, and set annotations on your workloads according to the workload annotations documentation.

Installation

Helm

Reference files located in the charts directory, including a full values.yaml file with all available configuration options.

Helm repo is located at https://slackspace-io.github.io/slackwatch/helm/

To install slackwatch using helm, run the following command:

helm repo add slackwatch https://slackspace-io.github.io/slackwatch/helm/
helm install slackwatch slackwatch/slackwatch-helm

Full values.yaml file with all available configuration options displayed below. It can be found in charts/slackwatch/values-full.yaml.

replicaCount: 1
namespace: slackwatch

image:
  repository: ghcr.io/slackspace-io/slackwatch  # Assuming this image is accessible as a placeholder
  pullPolicy: IfNotPresent
  tag: "latest"

service:
  annotations: {}
  labels: {}
  type: ClusterIP
  port: 80

ingress:
  enabled: false
  labels: {}
  ingressClassName: ""
  paths:
    - /
  pathType: Prefix
  extraPaths: []
  https: false
  annotations: {}
  tls: []
  hosts:
    - test.slackwatch.default # Placeholder domain

config:
  system:
    #default schedule is every 2 hours
    schedule: "0 0 */2 * * *"
    data_dir: "/app/slackwatch/data"
    #run at startup, otherwise blank page until first run. App is stateless at the moment.
    run_at_startup: false

  notifications:
    ntfy:
      url: "http://ntfy-server.default:80" # Assumes an 'ntfy-server' available in the 'default' namespace
      topic: "slackwatch-test"
      token: "slackwatch-ntfy-token"
      priority: 1
      reminder: "24h"
      # ... other notification provider settings

  gitops:
    - name: "test-repo" # Placeholder name
      repository_url: "https://github.com/your-org/test-repo.git"
      branch: "main"
      access_token_env_name: "TEST_REPO_ACCESS_TOKEN"
      commit_message: "Automated commit by slackwatch"
      commit_email: "slackwatch@yourmail.default"
      # ... other GitOps settings

# Custom environment variables for the Slackwatch application
#customEnv:
#  # Environment variables that should be populated from secrets
#  # Users can comment out or remove if not needed
#  # When using gitops or ntfy it is recommended to use secrets. Match the secretName with the appropriate configuration.
#  TEST_REPO_ACCESS_TOKEN:
#    fromSecret:
#      enabled: true
#      secretName: "TEST_REPO_ACCESS_TOKEN"
#      key: "tokensupersecret"

Kubernetes

Reference files located in the k8s directory.

Slackwatch is deployed as a deployment in the slackwatch namespace. The deployment is configured to watch all workloads in the cluster with the annotation slackwatch.enabled set to true.

The example files located here include the required service account, cluster role, and cluster role binding for slackwatch to watch all workloads in the cluster.

In addition to standard kubernetes files, the required fleet.yaml and kustomization.yaml files are included to deploy slackwatch using Rancher Fleet.

Running Locally

If running locally, slackwatch will use the kubeconfig file located at ~/.kube/config to connect to the cluster. If you are using a different kubeconfig file, you can set the KUBECONFIG environment variable to the path of your kubeconfig file.

Configuration

Configuration File [TOML]

Note: config-rs can support a variety of formats. Below is an example of a TOML configuration file. However, going forward only yaml, and helm values files will be tested.

Slackwatch supports configuration via a TOML file. The default location is ~/.slackwatch/config.toml. Here's an example:

Sections in the configuration file

• System Configuration
• Notifications Configuration
• GitOps Configuration
• Complete configuration file

System Configuration

[system]
schedule = "0 0 9-22/2 * * *"
data_dir = "/app/slackwatch/data"

schedule

default: 0 0 9-22/2 * * *

description: The schedule is a cron expression that defines when slackwatch should run. The default value is every 2 hours between 9am and 10pm.

data_dir

default: ~/.slackwatch/data

description: The data_dir is the directory where slackwatch stores its data. This includes the state of the last run, and any other data that slackwatch needs to persist.

Notifications Configuration

[notifications.ntfy]
url = "http://localhost:9090"
topic = "slackwatch"
priorty = 1
reminder = "24h"
token = "dummy"

url

value: url(None)

description: the url of your ntfy server.

topic

value: string(None)

default: slackwatch

description: Topic to publish the notification to.

priority

value: int(1)

default: 1

description: Priority of the notification.

reminder

value: string

default: 24h

description: How often to resend the notification. 24h means every 24 hours.

token

value: string(None)

default: dummy

description: This is set to only prevent failure when the token is not set. In deployed scenarios you should set an environment variable named SLACKWATCH_NOTIFICATIONS.NTFY.TOKEN with the value of the token.

GitOps Configuration

[[gitops]]
name = "fleet-slack-house"
#repository_url = "https://github.com/slackspace-io/slackwatch.git"
repository_url = "https://github.com/slackspace-io/fleet-slack-house.git"
branch = "main"
access_token_env_name = "SLACKWATCH_TOKEN"
commit_message = "Updated by slackwatch"
commit_name = "slackwatch"
commit_email = "slackwatch@slackspace.io"

[[gitops]]
name = "noauth"
repository_url = "https://github.com/slackspace-io/slackwatch.git"
branch = "main"
access_token_env_name = "your_github_access_token_for_repoA"
commit_message = "Updated by slackwatch"
commit_name = "slackwatch"
commit_email = "slackwatch@slackspace.io"

Section Description: The gitops section is an array of configurations. The name field is the key used to identify which gitops configuration to use. This should match the annotation slackwatch.repo on the deployment being watched.

name

value: string

description: The name of the gitops configuration. This should match the annotation slackwatch.repo on the deployment being watched.

repository_url

value: string

description: The URL of the git repository to sync with.

branch

value: string

description: The branch to sync with.

access_token_env_name

value: string

description: The name of the environment variable that contains the access token for the repository.

commit_message

value: string

description: The commit message to use when syncing changes.

commit_name

value: string

description: The name to use when syncing changes.

commit_email

value: string

description: The email to use when syncing changes.

[[gitops]]

Complete configuration file

[system]
schedule = "0 0 9-22/2 * * *"
data_dir = "/app/slackwatch/data"

[notifications.ntfy]
url = "http://localhost:9090"
topic = "slackwatch"
priorty = 1
reminder = "24h"
token = "dummy"


[[gitops]]
name = "fleet-slack-house"
#repository_url = "https://github.com/slackspace-io/slackwatch.git"
repository_url = "https://github.com/slackspace-io/fleet-slack-house.git"
branch = "main"
access_token_env_name = "SLACKWATCH_TOKEN"
commit_message = "Updated by slackwatch"
commit_name = "slackwatch"
commit_email = "slackwatch@slackspace.io"

[[gitops]]
name = "noauth"
repository_url = "https://github.com/slackspace-io/slackwatch.git"
branch = "main"
access_token_env_name = "your_github_access_token_for_repoA"
commit_message = "Updated by slackwatch"
commit_name = "slackwatch"
commit_email = "slackwatch@slackspace.io"

Workload Annotations

Only workloads with the annotation slackwatch.enabled set to true will be watched by slackwatch.

Additional annotations can be set to customize the behavior of slackwatch for a given workload.

Main annotations

slackwatch.enabled

description: Set to true to enable slackwatch for this workload. If this annotation is not present or set to false, slackwatch will not watch this workload.

slackwatc.include

description: A comma-seperated list of regex patterns to apply to tags. Only tags which match will be evaluated by slackwatch.

slackwatch.exclude

description: A comma-seperated list of regex patterns to apply to tags. Tags which match will be ignored by slackwatch during evaluation.

If using automated gitops commits

slackwatch.repo

description: The name of the gitops configuration to use for syncing changes. This should match the name field in the gitops configuration.

slackwatch.directory

description: The directory which your application deployment files are located, within your repo. By default it expects the name of the workload to match the directory name. Slackwatch will walk subdirectories below this directory to find deployment files containing the expected tag. This is only used when slackwatch.repo is defined.