Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Serve DMs to BotKube in Slack #1024

Open
jayzandme opened this issue Mar 24, 2023 · 5 comments
Open

Serve DMs to BotKube in Slack #1024

jayzandme opened this issue Mar 24, 2023 · 5 comments
Labels
enhancement New feature or request

Comments

@jayzandme
Copy link

jayzandme commented Mar 24, 2023

Overview

Allow for direct messaging kubectl queries to BotKube with Slack

Acceptance Criteria

When I direct message a botkube app in slack associated to a specific cluster with a kubectl query, it should return a response.

Reason

This would simplify the slack workspace and allow us to reduce the number of slack channels

@jayzandme jayzandme added the enhancement New feature or request label Mar 24, 2023
@mszostok
Copy link
Collaborator

Hi @jayzandme

It's a great idea, but for the security reason we cannot implement it now.

What you proposed, requires a user impersonation. With the next release, we will add support only for 2 RBAC options:

  • static user - all calls are run with a given user perms
  • channel name based mapping - if channel is named team-a we look for the SA called team-a

so when you talk to the Botkube app directly, we will need to use your own email address to select a proper SA, which is not there yet.

Once we will enable such option, we will be able to implement direct messages 👍

It's definitely, a valid feature but we cannot tell you when exactly it will be implemented.

@blakeromano
Copy link

Wouldn't we want to be able to let K8s Platform teams decide the method?

For example if we do DMing with read only we can use static creds but if they try and do an update command then they get required to use their own credentials?

We currently only let teams via kubectl have access to their own namespace but BotKube allows teams to go look at anyone's namespace and we are fine with that read-only privilege expansion with BK.

@mszostok
Copy link
Collaborator

mszostok commented Mar 24, 2023

@blakeromano

For now we have only the channel mapping:

channels:
  'default':
    # -- Slack channel name without '#' prefix where you have added Botkube and want to receive notifications in.
    name: 'SLACK_CHANNEL'
    bindings:
      # -- Executors configuration for a given channel.
      executors:
        - k8s-default-tools
      # -- Notification sources configuration for a given channel.
      sources:
        - k8s-err-events
        - k8s-recommendation-events

we will need to have dedicated binding, sth like:

directMessage:
  bindings:
    # -- Executors configuration for a given channel.
    executors:
      - k8s-default-tools
    # -- Notification sources configuration for a given channel.
    sources:
      - k8s-err-events
      - k8s-recommendation-events

that's also an option, but it will be sth new to implement and handle 👍


BTW @blakeromano @jayzandme is that creating a channel an issue here? Or more the UX when talking to a bot? So that on the channel, you need to always type the @Botkube .. prefix where in direct message not?

What if on your channel you will be able to enable an option type directly the command that you want to run:
kubectl get po and Botkube will know that it can handle it and will respond?

Would that simplify your workflow too?

or it's all about the history that you want to keep between you and bot?

@blakeromano
Copy link

I think from a UX perspective teams should be able to use slack to get read-only access to Kubernetes clusters. Everyone being in the same channel and having commands overlapping if people are writing commands at the same time is annoying. Similarly to how a terminal is your own personal thing I'd hope the DMs with BK would allow and would allow you to keep context versus let's day A I do something then four days later I wanna look at the same thing again and then I gotta scroll through a bunch of other people's commands.

@mszostok
Copy link
Collaborator

Thanks @blakeromano for the valuable feedback. All of that makes sens, and we will try to address that as soon, at least for Slack 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants