监视Kubernetes事件并通过钉钉机器人通知

kube-dingtalk 简介

kube-dingtalk 是Kubernetes事件监视服务。连续失败后，通过钉钉机器人播报。

kube-dingtalk 项目地址

https://github.com/yangpeng14/kube-dingtalk

Build Docker镜像

FROM node:10-alpine

# Don't run as root user
ENV user kube-dingtalk

RUN echo "http://mirrors.aliyun.com/alpine/v3.7/main/" > /etc/apk/repositories \
    && apk update \
    && apk add python2 openssl ca-certificates make gcc g++ \
    && rm -rf /var/cache/apk/*

RUN addgroup -S $user && adduser -S -g $user $user

USER $user

WORKDIR /app
COPY package.json /app
RUN npm config set registry https://registry.npm.taobao.org && npm install --production

COPY . /app

CMD ["node", "."]

Kubernetes 部署

• 创建 kube-dingtalk RBAC

  ---
  kind: ClusterRole
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
    name: kube-dingtalk
  rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "watch", "list"]
  ---
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: kube-dingtalk
    namespace: kube-system
  ---
  apiVersion: rbac.authorization.k8s.io/v1beta1
  kind: ClusterRoleBinding
  metadata:
    name: kube-dingtalk
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: kube-dingtalk
  subjects:
    - kind: ServiceAccount
      name: kube-dingtalk
      namespace: kube-system

• 创建 Deployment yaml配置

  apiVersion: extensions/v1beta1
  kind: Deployment
  metadata:
    name: kube-dingtalk
    namespace: kube-system
  spec:
    replicas: 1
    revisionHistoryLimit: 3
    template:
      metadata:
        annotations:
          scheduler.alpha.kubernetes.io/critical-pod: ""
        name: kube-dingtalk
        labels:
          app: kube-dingtalk
      spec:
       # Uncomment serviceAccountName if you use RBAC.
        serviceAccountName: kube-dingtalk
        containers:
        - name: kube-dingtalk
          image: kube-dingtalk:v1  # Use the dockerfile build image in your project 
          env:
          - name: DINGTALK_TOKEN
            value: xxxxxxxxxxxxx
          #- name: TICK_RATE
          #  value: "60000"
          - name: FLOOD_EXPIRE
            value: "120000"
          - name: NOT_READY_MIN_TIME
            value: "120000"
          #- name: KUBE_NAMESPACES_ONLY
          #  value: kube-system
          resources:
            requests:
              memory: 30M
              cpu: 5m
        tolerations:
        - effect: NoSchedule
          key: node-role.kubernetes.io/master
        - key: CriticalAddonsOnly
          operator: Exists

• Deployment 支持的环境变量

名称	解释
TICK_RATE	多长时间更新一次(以毫秒为单位，默认为15000或15s）
FLOOD_EXPIRE	在状态恢复正常后经过了这么多毫秒后，重复通知。(默认为60000或60s)
NOT_READY_MIN_TIME	等待Pod尚未准备就绪后再通知的时间。(默认为60000或60s)
KUBE_USE_KUBECONFIG	在 ~/.kube/config中从上下文中读取Kubernetes凭据(默认关闭)
KUBE_USE_CLUSTER	从pod读取Kubernetes凭据(默认启用)
KUBE_NAMESPACES_ONLY	监视namespaces列表，这些namespaces指定为json数组或逗号分隔值(foo_namespace,bar_namespace)的字符串，不声明默认监视全部namespaces。

---本文结束感谢您的阅读。微信扫描二维码，关注我的公众号---

本文作者： Peng Yang
本文链接： https://www.yp14.cn/2019/11/10/监视Kubernetes事件并通过钉钉机器人通知/
版权声明： 本作品采用 知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议 进行许可。转载请注明出处！

赏

谢谢您的打赏

微信