📖 General Information

Watchtower is CRD-based Kubernetes operator that monitors changes to resources and exports them to one or more endpoints, like Slack, Elasticsearch, or your APIs. It listen the events and collect the objects, then filter them based on user-specified criteria, prepares a template, and sends the request to the provided destination.

🚀 Deployment

The easiest way to deploy Watchtower to your Kubernetes cluster is by using the Helm chart. You can add our Helm repository and install Watchtower from there.

Example:

helm repo add nccloud https://nccloud.github.io/charts
helm install watchtower nccloud/watchtower

Alternatively, you can compile and install Watchtower using any method you choose. Then, you are ready create Watcher custom resources!

⚙️ Configuration

Watchtower can be configured by creating and deleting the Watcher CRDs. Examples can be found in de Examples section. Also there are few environment variables that can be found in config.go

📐 Architecture

Watchtower is based on the controller-runtime which helps you to build a Kubernetes operator. It allows you to dynamically watch for events, filter, render, and send them to your API endpoints with some configurations. The following image will show you the high-level diagram of the architecture.

🛠 Development

You can easily run Watchtower with a few steps without any 3rd party dependencies:

1. Create a Kubernetes Cluster or change context for the existing one.

kind create cluster

2. (Optionally) Create a hook from https://webhook.site for testing purposes.
3. Install CRDs by running ./devops.sh install
4. (Optionally) Create Watcher resources by checking the examples section.
5. Run the application;

go run cmd/manager/main.go

📖 Examples

Send Deployment Statuses to Slack (Simple Configuration)

This configuration allows you to send available replicas of the deployments in your cluster to a Slack channel via webhook.

apiVersion: cloud.spaceship.com/v1alpha1
kind: Watcher
metadata:
  name: slack-deployment-sender
spec:
  source:
    apiVersion: "apps/v1"
    kind: "Deployment"
  destination:
    method: "POST"
    urlTemplate: "YOUR_SLACK_WEBHOOK_URL"
    bodyTemplate: |
      { "text": "{{ .metadata.name }}" }

Send Service Account Tokens to your API (Full Configuration)

This configuration allows you to send service account tokens in the default namespace to your API endpoints.

apiVersion: cloud.spaceship.com/v1alpha1
kind: Watcher
metadata:
  name: service-account-token-sender
spec:
    source:
      apiVersion: "v1"
      kind: "Secret"
      concurrency: 10
    filter:
      event:
        create:
          creationTimeout: "96h"
      #  update:
      #    generationChanged: true
      object:
        name: "^.*$-token-.*$"
        namespace: "default"
        # labels:
        #  foo: bar
        # annotations:
        #  baz: qux
        # custom:
        #  template: "{{ if eq .Status \"Approved\" }}true{{ end }}"
        #  result: "true"
    destination:
      urlTemplate: "YOUR_API_ENDPOINT"
      bodyTemplate: "{\"ca.crt\":\"{{ index .data \"ca.crt\" }}\",\"token\":\"{{ index .data \"token\" }}\"}"
      method: "PATCH"
      headers:
        Content-Type:
          - "application/json"

🏷️ Versioning

We use SemVer for versioning. To see the available versions, check the tags on this repository.

⭐️ Documentation

For more information about the functionality provided by this library, refer to the GoDoc Documentation and CRD Documentation.

🤝 Contribution

We welcome contributions, issues, and feature requests!
If you have any issues or suggestions, please feel free to check the issues page or create a new issue if you don't see one that matches your problem.
Also, please refer to our contribution guidelines for details.

📝 License

All functionalities are in beta and is subject to change. The code is provided as-is with no warranties.
Apache 2.0 License



Made with ♥ by Namecheap Cloud Team