Is it possible to run Botkube without ClusterRole and ClusterRoleBinding?

[efarrapo]

I can not create ClusterrRole and ClusteRoleBinding in my company cluster.

So, I am trying to run Botkube (latest version) without them using Slack. I am running Botkube in the same pod's namespace I want to monitor.

It connects to Slack (it shows the Botkube message in the channel) but It seems that Botkube does not monitor the pod. It also shows many logs errors. My yml is the following:

# Configmap
apiVersion: v1
kind: ConfigMap
metadata:
  name: botkube-configmap
  namespace: test-botkube-app-to-monitor
  labels:
    app: botkube
data:
  resource_config.yaml: |
    ## Resources you want to watch
    resources:
      - name: v1/pods             # Name of the resource. Resource name must be in group/version/resource (G/V/R) format
                                  # resource name should be plural (e.g apps/v1/deployments, v1/pods)
        namespaces:               # List of namespaces, "all" will watch all the namespaces
          include:
            - test-botkube-app-to-monitor
          ignore:                 # List of namespaces to be ignored (omitempty), used only with include: all, can contain a wildcard (*)
            -                     # example : include [all], ignore [x,y,secret-ns-*]
        events:                   # List of lifecycle events you want to receive, e.g create, update, delete, error OR all
          - error
      - name: v1/services
        namespaces:
          include:
            - test-botkube-app-to-monitor
          ignore:
            -
        events:
          - error
      - name: apps/v1/deployments
        namespaces:
          include:
            - test-botkube-app-to-monitor
          ignore:
            -
        events:
          - error
        updateSetting:
          includeDiff: true
          fields:
            - spec.template.spec.containers[*].image
            - status.availableReplicas
      - name: apps/v1/statefulsets
        namespaces:
          include:
            - test-botkube-app-to-monitor
          ignore:
            -
        events:
          - error
        updateSetting:
          includeDiff: true
          fields:
            - spec.template.spec.containers[*].image
            - status.readyReplicas
      - name: networking.k8s.io/v1beta1/ingresses
        namespaces:
          include:
            - test-botkube-app-to-monitor
          ignore:
            -
        events:
          - error
      - name: v1/configmaps
        namespaces:
          include:
            #- all
            - test-botkube-app-to-monitor
          ignore:
            -
        events:
          - error
      - name: apps/v1/daemonsets
        namespaces:
          include:
            - test-botkube-app-to-monitor
          ignore:
            -
        events:
          - error
        updateSetting:
          includeDiff: true
          fields:
            - spec.template.spec.containers[*].image
            - status.numberReady

    # Check true if you want to receive recommendations
    # about the best practices for the created resource
    recommendations: true

    # Setting to support multiple clusters
    settings:
      # Cluster name to differentiate incoming messages
      clustername: kubernetes-dev
      # Kubectl executor configs
      kubectl:
        # Set true to enable kubectl commands execution
        enabled: false
        commands:
          # method which are allowed
          verbs: ["api-resources", "api-versions", "cluster-info", "describe", "diff", "explain", "get", "logs", "top", "auth"]
          # resource configuration which is allowed
          resources: ["deployments", "pods" , "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes"]
        # set Namespace to execute botkube kubectl commands by default
        defaultNamespace: default
        # Set true to enable commands execution from configured channel only
        restrictAccess: false
      # Set true to enable config watcher
      configwatcher: true
      # Set false to disable upgrade notification
      upgradeNotifier: true
---
# secret
apiVersion: v1
kind: Secret
metadata:
  name: botkube-communication-secret
  namespace: test-botkube-app-to-monitor
  labels:
    app: botkube
type: Opaque
stringData:
  comm_config.yaml: |
    # Communication settings
    communications:
      # Settings for Slack
      slack:
        enabled: true
        channel: 'my-slack-channel'
        token: 'MY_TOKEN'
        notiftype: long                            # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)

      # Settings for Mattermost
      mattermost:
        enabled: false
        url: 'MATTERMOST_SERVER_URL'                # URL where Mattermost is running. e.g https://example.com:9243
        token: 'MATTERMOST_TOKEN'                   # Personal Access token generated by BotKube user
        team: 'MATTERMOST_TEAM'                     # Mattermost Team to configure with BotKube
        channel: 'MATTERMOST_CHANNEL'               # Mattermost Channel for receiving BotKube alerts
        notiftype: short                            # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)
      
      # Settings for Discord
      discord:
        enabled: false
        token: 'DISCORD_TOKEN'                      # BotKube Bot Token 
        botid: 'DISCORD_BOT_ID'                     # BotKube Application Client ID 
        channel: 'DISCORD_CHANNEL_ID'               # Discord Channel id for receiving BotKube alerts 
        notiftype: short                            # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)

      # Settings for ELS
      elasticsearch:
        enabled: false
        awsSigning:
          enabled: false                            # enable awsSigning using IAM for Elastisearch hosted on AWS, if true make sure AWS environment variables are set. Refer https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
          awsRegion: 'us-east-1'                    # AWS region where Elasticsearch is deployed
          roleArn: ''                               # AWS IAM Role arn to assume for credentials, use this only if you dont want to use the EC2 instance role or not running on AWS instance
        server: 'ELASTICSEARCH_ADDRESS'             # e.g https://example.com:9243
        username: 'ELASTICSEARCH_USERNAME'          # Basic Auth
        password: 'ELASTICSEARCH_PASSWORD'
        # ELS index settings
        index:
          name: botkube
          type: botkube-event
          shards: 1
          replicas: 0

      # Settings for MS Teams
      teams:
        enabled: false
        appID: 'APPLICATION_ID'
        appPassword: 'APPLICATION_PASSWORD'
        notiftype: short
        port: 3978

      # Settings for Webhook
      webhook:
        enabled: false
        url: 'WEBHOOK_URL'                          # e.g https://example.com:80
---
# serviceaccount
apiVersion: v1
kind: ServiceAccount
metadata:
  name: botkube-sa
  namespace: test-botkube-app-to-monitor
  labels:
    app: botkube
---
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: botkube
  namespace: test-botkube-app-to-monitor
  labels:
    component: controller
    app: botkube
spec:
  replicas: 1
  selector:
    matchLabels:
      component: controller
      app: botkube
  template:
    metadata:
      labels:
        component: controller
        app: botkube
    spec:
      serviceAccountName: botkube-sa
      containers:
        - name: botkube
          image: "infracloudio/botkube"
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: config-volume
              mountPath: "/config"
          env:
            - name: CONFIG_PATH
              value: "/config/"
            # set one of the log levels- info, warn, debug, error, fatal, panic
            - name: LOG_LEVEL
              value: "info"
            # set BotKube release version
            - name: BOTKUBE_VERSION
              value: v0.12.3
          resources:
            limits:
              memory: 1024Mi
              cpu: 1024m
      volumes:
        - name: config-volume
          projected:
            sources:
            - configMap:
                name: botkube-configmap
            - secret:
                name: botkube-communication-secret
      # run as non privileged user
      securityContext:
        runAsUser: 101
        runAsGroup: 101

[hassanRafi]

@efarrapo For now I think you can do this.:

DynamicKubeInformerFactory = dynamicinformer.NewDynamicSharedInformerFactory(DynamicKubeClient, time.Duration(rsyncTime)*time.Minute)

Replace the above line in botkube/pkg/utils/utils.go with the below code but you will lose the ability to monitor multiple namespaces.

var namespace string

for _, resource := range conf.Resources {
	for _, ns := range resource.Namespaces.Include {
		namespace = ns
	}
}
// Create dynamic shared informer factory
DynamicKubeInformerFactory = dynamicinformer.NewFilteredDynamicSharedInformerFactory(DynamicKubeClient, time.Duration(rsyncTime)*time.Minute, namespace, nil)

[PrasadG193]

Duplicate of: #227. Hence closing