Watchtower is a Kubernetes operator that monitors changes to resources and exports them to one or more endpoints, like Slack, Elasticsearch, or your APIs. It filters objects based on user-specified criteria, prepares a template, and sends the request to the appropriate endpoint.
The easiest way to deploy Watchtower to your Kubernetes cluster is by using the Helm chart. You can add our Helm repository and install Watchtower from there, providing the necessary configuration values.
Example:
helm repo add nccloud https://nccloud.github.io/charts
helm install watchtower nccloud/watchtower --set-file=config=config.yaml # You can check examples section to prepare configuration.
Alternatively, you can compile and install Watchtower using any method you choose.
Watchtower's configuration is stored in the config.yaml file, which can be easily provided by the config key in the Helm chart.
You can find some examples in the Examples section or check the
Tap,
Sink and
Flow for all the fields.
Watchtower is based on the controller-runtime which helps you to build a Kubernetes operator. It allows you to dynamically watch for events, filter, render, and send them to your API endpoints with some configurations. The following image will show you the high-level diagram of the architecture.
You can easily run Watchtower with a few steps without any 3rd party dependencies:
- Create a Kubernetes Cluster or change context for the existing one.
kind create cluster- (Optionally) Create a hook from
https://webhook.sitefor testing purposes. - Edit config.yaml according to your wish.
- Run the application;
go run cmd/manager/main.goThis configuration allows you to send available replicas of the deployments in your cluster to a Slack channel via webhook.
# config.yaml
taps:
- name: MyDeployments
kind: Deployment
apiVersion: apps/v1
sinks:
- name: MySlackWebhook
method: POST
urlTemplate: "YOUR_SLACK_WEBHOOK_URL"
bodyTemplate: "{\"text\":\"Name: {{ .metadata.name }}\nAvailableReplicas: {{ .status.availableReplicas }}\"}"
flows:
- tap: MyDeployments
sink: MySlackWebhookThis configuration allows you to send service account tokens in the default namespace to your API endpoints.
# config.yaml
taps:
- name: ServiceAccountTokens
kind: Secret
apiVersion: v1
filter:
name: "^.*$-token-.*$"
namespace: "default"
object:
key: ".type"
operator: "=="
value: "kubernetes.io/service-account-token"
sinks:
- name: MyAPIEndpoint
method: PATCH
urlTemplate: "YOUR_API_ENDPOINT"
bodyTemplate: "{\"ca.crt\":\"{{ index .data \"ca.crt\" }}\",\"token\":\"{{ index .data \"token\" }}\"}"
header:
Content-Type: application/json
flows:
- tap: ServiceAccountTokens
sink: MyAPIEndpointWe use SemVer for versioning. To see the available versions, check the tags on this repository.
For more information about the functionality provided by this library, refer to the GoDoc documentation.
We welcome contributions, issues, and feature requests!
If you have any issues or suggestions, please feel free to check the issues page or create a new issue if you don't see one that matches your problem.
Also, please refer to our contribution guidelines for details.
All functionalities are in beta and is subject to change. The code is provided as-is with no warranties.
Apache 2.0 License
Made with ♥ by Namecheap Cloud Team
