This is a simple Slack bot running on Cloud Run with which you can interact with Cloud Run services.
- Interact with Cloud Run service on Slack.
- Get metrics of Cloud Run service.
- Describe Cloud Run service.
- Receive notification for Cloud Run audit logs on Slack.
roles/run.viewer
: To get information of Cloud Run servicesroles/monitoring.viewer
: To get metrics of Cloud Run services
PROJECT
: GCP Project ID to monitorREGION
: GCP Region to monitorSLACK_BOT_TOKEN
: Slack Bot TokenSLACK_SIGNING_SECRET
: Slack bot signing secretSLACK_APP_TOKEN
(optional): Slack oauth token (required forSLACK_APP_MODE=socket
)SLACK_APP_MODE
: Slack App Mode (http
orsocket
)SLACK_CHANNEL
(optional): Slack Channel ID to receive notification for Cloud Run audit logsTMP_DIR
(optional): Temporary directory for storing images (default:/tmp
)
PROJECT=your-project
REGION=asia-northeast1
echo -n "xoxb-xxxx" | gcloud secrets create slack-bot-token --replication-policy automatic --project "$PROJECT" --data-file=-
echo -n "your-signing-secret" | gcloud secrets create slack-signing-secret --replication-policy automatic --project "$PROJECT" --data-file=-
gcloud iam service-accounts create cloud-run-slack-bot --project $PROJECT
# allow app to access the secret
gcloud secrets add-iam-policy-binding slack-bot-token \
--member="serviceAccount:cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com" \
--role="roles/secretmanager.secretAccessor" --project ${PROJECT}
gcloud secrets add-iam-policy-binding slack-signing-secret \
--member="serviceAccount:cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com" \
--role="roles/secretmanager.secretAccessor" --project ${PROJECT}
# allow app to get information about Cloud Run services
gcloud projects add-iam-policy-binding $PROJECT \
--member=serviceAccount:cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com --role=roles/run.viewer
# allow app to get metrics of Cloud Run services
gcloud projects add-iam-policy-binding $PROJECT \
--member=serviceAccount:cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com --role=roles/monitoring.viewer
Deploy to Cloud Run
gcloud run deploy cloud-run-slack-bot \
--set-secrets "SLACK_BOT_TOKEN=slack-bot-token:latest,SLACK_SIGNING_SECRET=slack-signing-secret:latest" \
--set-env-vars "PROJECT=$PROJECT,REGION=$REGION,SLACK_APP_MODE=http,TMP_DIR=/tmp" \
--image nakamasato/cloud-run-slack-bot:0.0.2 \
--service-account cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com \
--project "$PROJECT" --region "$REGION"
- Create a new Slack App
- Add the following scopes:
- Install the app to your workspace
- Event Subscriptions
- Request URL:
https://your-cloud-run-url/slack/events
- Subscribe to bot events:
app_mention
- Request URL:
- Interactivity & Shortcuts
- Request URL:
https://your-cloud-run-url/slack/interaction
- Request URL:
- Remove preview for console.cloud.google.com