Kubernetes (API Server)ΒΆ
Robusta can run automated playbooks when Kubernetes resources change. Playbooks can identify issues, track changes, or automate actions.
These triggers work even when Prometheus is not connected to Robusta. They're triggered by the Kubernetes APIServer directly.
Related Tutorials
Crashing Pod TriggersΒΆ
The following triggers are available for crashing Pods:
on_pod_crash_loop
on_pod_crash_loop fires when a Pod is crash looping. It has the following parameters:
restart_reason: Limit restart loops for this specific reason. If omitted, all restart reasons will be included.restart_count: Fire only after the specified number of restartsrate_limit: Limit firing to once every rate_limit seconds
An example playbook using report_crash_loop to show logs of crashing pods:
customPlaybooks:
- triggers:
- on_pod_crash_loop:
restart_reason: "CrashLoopBackOff"
actions:
- report_crash_loop: {}
on_pod_oom_killed
on_pod_oom_killed fires when any container in a Pod is OOMKilled. It has the following parameters:
rate_limit: Limit firing to once every rate_limit secondsexclude: A list of pod name prefixes and/or namespaces that this trigger will ignore.All pods that start with name in namespace namespace will be ignored for this trigger.
If A name is defined without a namespace than all pods with that name prefix will be ignored for this trigger.
If A namespace is defined without a name than all pods in that namespace will be ignored for this trigger.
An example playbook using pod_graph_enricher to show memory graphs of OOMKilled Pods:
customPlaybooks:
- triggers:
- on_pod_oom_killed:
rate_limit: 900
exclude:
- name: "oomkilled-pod"
namespace: "default"
actions:
- pod_graph_enricher:
resource_type: Memory
display_limits: true
on_container_oom_killed
on_container_oom_killed fires when a Container is OOMKilled. It has the following parameters:
rate_limit: Limit firing to once every rate_limit secondsexclude: A list of container name prefixes and/or namespaces that this trigger will ignore.All containers that start with name in namespace namespace will be ignored for this trigger.
If A name is defined without a namespace than all containers with that name prefix will be ignored for this trigger.
If A namespace is defined without a name than all containers in that namespace will be ignored for this trigger.
An example playbook using oomkilled_container_graph_enricher:
customPlaybooks:
- triggers:
- on_container_oom_killed:
rate_limit: 900
exclude:
- name: "oomkilled-container"
namespace: "default"
actions:
- oomkilled_container_graph_enricher:
resource_type: Memory
on_image_pull_backoff
on_image_pull_backoff fires when a Pod has ImagePullBackoff state. It has the following parameters:
rate_limit: Limit firing to once every rate_limit secondsfire_delay: Fire only if the pod is running for more than fire_delay seconds.name_prefix: Name of the pod (or a prefix of it)namespace_prefix: Namespace the pod is in (or a prefix of it)labels_selector: See Common Filters
An example playbook using the image_pull_backoff_reporter action to gather details about the issue:
customPlaybooks:
- triggers:
- on_image_pull_backoff: {}
actions:
- image_pull_backoff_reporter: {}
For triggers that fire on any Pod change, see Pod Triggers.
Job Failure TriggersΒΆ
The following triggers are available for failed Jobs:
on_job_failure
on_job_failure fires when a Job's status is updated to "failed".
Example playbook:
customPlaybooks:
- triggers:
- on_job_failure:
namespace_prefix: robusta
actions:
- create_finding:
title: "Job $name on namespace $namespace failed"
aggregation_key: "Job Failure"
- job_events_enricher: { }
For triggers that fire on any Job change, see Job Triggers.
Warning Event TriggersΒΆ
Warning events are the output of:
kubectl get events --all-namespaces --field-selector type=Warning
The following triggers track Warning Events:
on_kubernetes_warning_event_create
on_kubernetes_warning_event_create fires when a Kubernetes Warning Event is created
customPlaybooks:
- triggers:
- on_kubernetes_warning_event_create: {}
actions:
- create_finding: # (1)
title: "WarningEvent created: $name!"
aggregation_key: "warning_events_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event_create:
include: ["ImagePullBackOff"] # (2)
actions:
- create_finding: # (1)
title: "WarningEvent created: $name!"
aggregation_key: "warning_events_created"
A common action that creates a notification. See create_finding.
The Reason and Message must include this text. Matching is case-insensitive.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event_create:
exclude: ["NodeSysctlChange", "TooManyPods"] # (2)
actions:
- create_finding: # (1)
title: "WarningEvent created: $name!"
aggregation_key: "warning_events_created"
A common action that creates a notification. See create_finding.
The Reason or Message must exclude this text. Matching is case-insensitive.
on_kubernetes_warning_event_update
on_kubernetes_warning_event_update fires when a Kubernetes Warning Event is updated. This is rarely useful, as Warning Events usually aren't updated after creation.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event_update: {}
actions:
- create_finding: # (1)
title: "WarningEvent updated: $name!"
aggregation_key: "warning_events_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event_update:
include: ["ImagePullBackOff"] # (2)
actions:
- create_finding: # (1)
title: "WarningEvent updated: $name!"
aggregation_key: "warning_events_updated"
A common action that creates a notification. See create_finding.
The Reason and Message must include this text. Matching is case-insensitive.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event_update:
exclude: ["NodeSysctlChange", "TooManyPods"] # (2)
actions:
- create_finding: # (1)
title: "WarningEvent updated: $name!"
aggregation_key: "warning_events_updated"
A common action that creates a notification. See create_finding.
The Reason or Message must exclude this text. Matching is case-insensitive.
on_kubernetes_warning_event_deleted
on_kubernetes_warning_event_deleted fires when a Kubernetes Warning Event is deleted. This is rarely useful, as usually the creation of Warning Events is more interesting.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event_deleted: {}
actions:
- create_finding: # (1)
title: "WarningEvent deleted: $name!"
aggregation_key: "warning_events_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event_deleted:
include: ["ImagePullBackOff"] # (2)
actions:
- create_finding: # (1)
title: "WarningEvent deleted: $name!"
aggregation_key: "warning_events_deleted"
A common action that creates a notification. See create_finding.
The Reason and Message must include this text. Matching is case-insensitive.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event_deleted:
exclude: ["NodeSysctlChange", "TooManyPods"] # (2)
actions:
- create_finding: # (1)
title: "WarningEvent deleted: $name!"
aggregation_key: "warning_events_deleted"
A common action that creates a notification. See create_finding.
The Reason or Message must exclude this text. Matching is case-insensitive.
on_kubernetes_warning_event
on_kubernetes_warning_event fires when a Kubernetes Warning Event is modified in any way. This is rarely useful, as usually only the creation of Warning Events is interesting.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event: {}
actions:
- create_finding: # (1)
title: "WarningEvent modified: $name!"
aggregation_key: "warning_events_modified"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event:
include: ["ImagePullBackOff"] # (2)
actions:
- create_finding: # (1)
title: "WarningEvent modified: $name!"
aggregation_key: "warning_events_modified"
A common action that creates a notification. See create_finding.
The Reason and Message must include this text. Matching is case-insensitive.
customPlaybooks:
- triggers:
- on_kubernetes_warning_event:
exclude: ["NodeSysctlChange", "TooManyPods"] # (2)
actions:
- create_finding: # (1)
title: "WarningEvent modified: $name!"
aggregation_key: "warning_events_modified"
A common action that creates a notification. See create_finding.
The Reason or Message must exclude this text. Matching is case-insensitive.
Which trigger should I use?
You should almost always use the on_kubernetes_warning_event_create trigger. The other triggers are documented for completeness, but are rarely useful.
All Warning Event Triggers support optional inclusion and exclusion filters. These filters perform a text-match on each the Event's reason and message fields. Matching is case insensitive.
Low-level TriggersΒΆ
Low-level triggers fire on the raw creation, deletion, and modification of resources in your cluster. They can be noisy compared to other triggers, as they fire on even the smallest change to a resource.
Multi-Resource TriggersΒΆ
on_kubernetes_resource_operation
on_kubernetes_resource_operation fires when one of the specified resources, had one of the specified operations.
operations: List of operations. If empty, all operations are included. Options:createupdatedelete
resources: List of Kubernetes resources. If empty, all resources are included. Options:deploymentpodjobnodereplicasetstatefulsetdaemonsetingressserviceeventhorizontalpodautoscalerclusterroleclusterrolebindingnamespaceserviceaccountpersistentvolumeconfigmap
Example playbook:
customPlaybooks:
- triggers:
- on_kubernetes_resource_operation:
resources: ["deployment"]
operations: ["update"]
actions:
- create_finding:
title: "Deployment $name on namespace $namespace updated"
aggregation_key: "Deployment Update"
Single Resource TriggersΒΆ
Pod TriggersΒΆ
The following triggers are available for Pods.
on_pod_create
Fires when a Pod is created
customPlaybooks:
- triggers:
- on_pod_create: {}
actions:
- create_finding: # (1)
title: "Pod $name in namespace $namespace was created"
aggregation_key: "Pod_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_pod_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Pod $name in namespace $namespace was created"
aggregation_key: "Pod_created"
A common action that creates a notification. See create_finding.
Optional filter on Pod name.
Optional filter on Pod namespace.
Optional filter on Pod labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_pod_update
Fires when a Pod is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_pod_update: {}
actions:
- create_finding: # (1)
title: "Pod $name in namespace $namespace was updated"
aggregation_key: "Pod_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_pod_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Pod $name in namespace $namespace was updated"
aggregation_key: "Pod_updated"
A common action that creates a notification. See create_finding.
Optional filter on Pod name.
Optional filter on Pod namespace.
Optional filter on Pod labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_pod_delete
Fires when a Pod is deleted
customPlaybooks:
- triggers:
- on_pod_delete: {}
actions:
- create_finding: # (1)
title: "Pod $name in namespace $namespace was deleted"
aggregation_key: "Pod_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_pod_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Pod $name in namespace $namespace was deleted"
aggregation_key: "Pod_deleted"
A common action that creates a notification. See create_finding.
Optional filter on Pod name.
Optional filter on Pod namespace.
Optional filter on Pod labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_pod_all_changes
Fires when a Pod is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_pod_all_changes: {}
actions:
- create_finding: # (1)
title: "Pod $name in namespace $namespace was all_changes"
aggregation_key: "Pod_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_pod_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Pod $name in namespace $namespace was all_changes"
aggregation_key: "Pod_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on Pod name.
Optional filter on Pod namespace.
Optional filter on Pod labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
For triggers that fire only on Pod errors, see Crashing Pod Triggers.
ReplicaSet TriggersΒΆ
The following triggers are available for ReplicaSets.
on_replicaset_create
Fires when a ReplicaSet is created
customPlaybooks:
- triggers:
- on_replicaset_create: {}
actions:
- create_finding: # (1)
title: "ReplicaSet $name in namespace $namespace was created"
aggregation_key: "ReplicaSet_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_replicaset_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ReplicaSet $name in namespace $namespace was created"
aggregation_key: "ReplicaSet_created"
A common action that creates a notification. See create_finding.
Optional filter on ReplicaSet name.
Optional filter on ReplicaSet namespace.
Optional filter on ReplicaSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_replicaset_update
Fires when a ReplicaSet is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_replicaset_update: {}
actions:
- create_finding: # (1)
title: "ReplicaSet $name in namespace $namespace was updated"
aggregation_key: "ReplicaSet_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_replicaset_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ReplicaSet $name in namespace $namespace was updated"
aggregation_key: "ReplicaSet_updated"
A common action that creates a notification. See create_finding.
Optional filter on ReplicaSet name.
Optional filter on ReplicaSet namespace.
Optional filter on ReplicaSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_replicaset_delete
Fires when a ReplicaSet is deleted
customPlaybooks:
- triggers:
- on_replicaset_delete: {}
actions:
- create_finding: # (1)
title: "ReplicaSet $name in namespace $namespace was deleted"
aggregation_key: "ReplicaSet_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_replicaset_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ReplicaSet $name in namespace $namespace was deleted"
aggregation_key: "ReplicaSet_deleted"
A common action that creates a notification. See create_finding.
Optional filter on ReplicaSet name.
Optional filter on ReplicaSet namespace.
Optional filter on ReplicaSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_replicaset_all_changes
Fires when a ReplicaSet is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_replicaset_all_changes: {}
actions:
- create_finding: # (1)
title: "ReplicaSet $name in namespace $namespace was all_changes"
aggregation_key: "ReplicaSet_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_replicaset_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ReplicaSet $name in namespace $namespace was all_changes"
aggregation_key: "ReplicaSet_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on ReplicaSet name.
Optional filter on ReplicaSet namespace.
Optional filter on ReplicaSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
DaemonSet TriggersΒΆ
The following triggers are available for DaemonSets.
on_daemonset_create
Fires when a DaemonSet is created
customPlaybooks:
- triggers:
- on_daemonset_create: {}
actions:
- create_finding: # (1)
title: "DaemonSet $name in namespace $namespace was created"
aggregation_key: "DaemonSet_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_daemonset_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "DaemonSet $name in namespace $namespace was created"
aggregation_key: "DaemonSet_created"
A common action that creates a notification. See create_finding.
Optional filter on DaemonSet name.
Optional filter on DaemonSet namespace.
Optional filter on DaemonSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_daemonset_update
Fires when a DaemonSet is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_daemonset_update: {}
actions:
- create_finding: # (1)
title: "DaemonSet $name in namespace $namespace was updated"
aggregation_key: "DaemonSet_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_daemonset_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "DaemonSet $name in namespace $namespace was updated"
aggregation_key: "DaemonSet_updated"
A common action that creates a notification. See create_finding.
Optional filter on DaemonSet name.
Optional filter on DaemonSet namespace.
Optional filter on DaemonSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_daemonset_delete
Fires when a DaemonSet is deleted
customPlaybooks:
- triggers:
- on_daemonset_delete: {}
actions:
- create_finding: # (1)
title: "DaemonSet $name in namespace $namespace was deleted"
aggregation_key: "DaemonSet_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_daemonset_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "DaemonSet $name in namespace $namespace was deleted"
aggregation_key: "DaemonSet_deleted"
A common action that creates a notification. See create_finding.
Optional filter on DaemonSet name.
Optional filter on DaemonSet namespace.
Optional filter on DaemonSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_daemonset_all_changes
Fires when a DaemonSet is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_daemonset_all_changes: {}
actions:
- create_finding: # (1)
title: "DaemonSet $name in namespace $namespace was all_changes"
aggregation_key: "DaemonSet_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_daemonset_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "DaemonSet $name in namespace $namespace was all_changes"
aggregation_key: "DaemonSet_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on DaemonSet name.
Optional filter on DaemonSet namespace.
Optional filter on DaemonSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
Deployment TriggersΒΆ
The following triggers are available for Deployments.
on_deployment_create
Fires when a Deployment is created
customPlaybooks:
- triggers:
- on_deployment_create: {}
actions:
- create_finding: # (1)
title: "Deployment $name in namespace $namespace was created"
aggregation_key: "Deployment_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_deployment_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Deployment $name in namespace $namespace was created"
aggregation_key: "Deployment_created"
A common action that creates a notification. See create_finding.
Optional filter on Deployment name.
Optional filter on Deployment namespace.
Optional filter on Deployment labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_deployment_update
Fires when a Deployment is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_deployment_update: {}
actions:
- create_finding: # (1)
title: "Deployment $name in namespace $namespace was updated"
aggregation_key: "Deployment_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_deployment_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Deployment $name in namespace $namespace was updated"
aggregation_key: "Deployment_updated"
A common action that creates a notification. See create_finding.
Optional filter on Deployment name.
Optional filter on Deployment namespace.
Optional filter on Deployment labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_deployment_delete
Fires when a Deployment is deleted
customPlaybooks:
- triggers:
- on_deployment_delete: {}
actions:
- create_finding: # (1)
title: "Deployment $name in namespace $namespace was deleted"
aggregation_key: "Deployment_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_deployment_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Deployment $name in namespace $namespace was deleted"
aggregation_key: "Deployment_deleted"
A common action that creates a notification. See create_finding.
Optional filter on Deployment name.
Optional filter on Deployment namespace.
Optional filter on Deployment labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_deployment_all_changes
Fires when a Deployment is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_deployment_all_changes: {}
actions:
- create_finding: # (1)
title: "Deployment $name in namespace $namespace was all_changes"
aggregation_key: "Deployment_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_deployment_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Deployment $name in namespace $namespace was all_changes"
aggregation_key: "Deployment_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on Deployment name.
Optional filter on Deployment namespace.
Optional filter on Deployment labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
StatefulSet TriggersΒΆ
The following triggers are available for StatefulSets.
on_statefulset_create
Fires when a StatefulSet is created
customPlaybooks:
- triggers:
- on_statefulset_create: {}
actions:
- create_finding: # (1)
title: "StatefulSet $name in namespace $namespace was created"
aggregation_key: "StatefulSet_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_statefulset_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "StatefulSet $name in namespace $namespace was created"
aggregation_key: "StatefulSet_created"
A common action that creates a notification. See create_finding.
Optional filter on StatefulSet name.
Optional filter on StatefulSet namespace.
Optional filter on StatefulSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_statefulset_update
Fires when a StatefulSet is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_statefulset_update: {}
actions:
- create_finding: # (1)
title: "StatefulSet $name in namespace $namespace was updated"
aggregation_key: "StatefulSet_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_statefulset_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "StatefulSet $name in namespace $namespace was updated"
aggregation_key: "StatefulSet_updated"
A common action that creates a notification. See create_finding.
Optional filter on StatefulSet name.
Optional filter on StatefulSet namespace.
Optional filter on StatefulSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_statefulset_delete
Fires when a StatefulSet is deleted
customPlaybooks:
- triggers:
- on_statefulset_delete: {}
actions:
- create_finding: # (1)
title: "StatefulSet $name in namespace $namespace was deleted"
aggregation_key: "StatefulSet_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_statefulset_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "StatefulSet $name in namespace $namespace was deleted"
aggregation_key: "StatefulSet_deleted"
A common action that creates a notification. See create_finding.
Optional filter on StatefulSet name.
Optional filter on StatefulSet namespace.
Optional filter on StatefulSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_statefulset_all_changes
Fires when a StatefulSet is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_statefulset_all_changes: {}
actions:
- create_finding: # (1)
title: "StatefulSet $name in namespace $namespace was all_changes"
aggregation_key: "StatefulSet_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_statefulset_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "StatefulSet $name in namespace $namespace was all_changes"
aggregation_key: "StatefulSet_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on StatefulSet name.
Optional filter on StatefulSet namespace.
Optional filter on StatefulSet labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Service TriggersΒΆ
The following triggers are available for Services.
on_service_create
Fires when a Service is created
customPlaybooks:
- triggers:
- on_service_create: {}
actions:
- create_finding: # (1)
title: "Service $name in namespace $namespace was created"
aggregation_key: "Service_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_service_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Service $name in namespace $namespace was created"
aggregation_key: "Service_created"
A common action that creates a notification. See create_finding.
Optional filter on Service name.
Optional filter on Service namespace.
Optional filter on Service labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_service_update
Fires when a Service is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_service_update: {}
actions:
- create_finding: # (1)
title: "Service $name in namespace $namespace was updated"
aggregation_key: "Service_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_service_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Service $name in namespace $namespace was updated"
aggregation_key: "Service_updated"
A common action that creates a notification. See create_finding.
Optional filter on Service name.
Optional filter on Service namespace.
Optional filter on Service labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_service_delete
Fires when a Service is deleted
customPlaybooks:
- triggers:
- on_service_delete: {}
actions:
- create_finding: # (1)
title: "Service $name in namespace $namespace was deleted"
aggregation_key: "Service_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_service_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Service $name in namespace $namespace was deleted"
aggregation_key: "Service_deleted"
A common action that creates a notification. See create_finding.
Optional filter on Service name.
Optional filter on Service namespace.
Optional filter on Service labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_service_all_changes
Fires when a Service is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_service_all_changes: {}
actions:
- create_finding: # (1)
title: "Service $name in namespace $namespace was all_changes"
aggregation_key: "Service_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_service_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Service $name in namespace $namespace was all_changes"
aggregation_key: "Service_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on Service name.
Optional filter on Service namespace.
Optional filter on Service labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Ingress TriggersΒΆ
The following triggers are available for Ingresses.
on_ingress_create
Fires when a Ingress is created
customPlaybooks:
- triggers:
- on_ingress_create: {}
actions:
- create_finding: # (1)
title: "Ingress $name in namespace $namespace was created"
aggregation_key: "Ingress_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_ingress_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Ingress $name in namespace $namespace was created"
aggregation_key: "Ingress_created"
A common action that creates a notification. See create_finding.
Optional filter on Ingress name.
Optional filter on Ingress namespace.
Optional filter on Ingress labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_ingress_update
Fires when a Ingress is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_ingress_update: {}
actions:
- create_finding: # (1)
title: "Ingress $name in namespace $namespace was updated"
aggregation_key: "Ingress_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_ingress_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Ingress $name in namespace $namespace was updated"
aggregation_key: "Ingress_updated"
A common action that creates a notification. See create_finding.
Optional filter on Ingress name.
Optional filter on Ingress namespace.
Optional filter on Ingress labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_ingress_delete
Fires when a Ingress is deleted
customPlaybooks:
- triggers:
- on_ingress_delete: {}
actions:
- create_finding: # (1)
title: "Ingress $name in namespace $namespace was deleted"
aggregation_key: "Ingress_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_ingress_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Ingress $name in namespace $namespace was deleted"
aggregation_key: "Ingress_deleted"
A common action that creates a notification. See create_finding.
Optional filter on Ingress name.
Optional filter on Ingress namespace.
Optional filter on Ingress labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_ingress_all_changes
Fires when a Ingress is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_ingress_all_changes: {}
actions:
- create_finding: # (1)
title: "Ingress $name in namespace $namespace was all_changes"
aggregation_key: "Ingress_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_ingress_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Ingress $name in namespace $namespace was all_changes"
aggregation_key: "Ingress_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on Ingress name.
Optional filter on Ingress namespace.
Optional filter on Ingress labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Event TriggersΒΆ
The following triggers are available for Events.
on_event_create
Fires when a Event is created
customPlaybooks:
- triggers:
- on_event_create: {}
actions:
- create_finding: # (1)
title: "Event $name in namespace $namespace was created"
aggregation_key: "Event_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_event_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Event $name in namespace $namespace was created"
aggregation_key: "Event_created"
A common action that creates a notification. See create_finding.
Optional filter on Event name.
Optional filter on Event namespace.
Optional filter on Event labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_event_update
Fires when a Event is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_event_update: {}
actions:
- create_finding: # (1)
title: "Event $name in namespace $namespace was updated"
aggregation_key: "Event_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_event_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Event $name in namespace $namespace was updated"
aggregation_key: "Event_updated"
A common action that creates a notification. See create_finding.
Optional filter on Event name.
Optional filter on Event namespace.
Optional filter on Event labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_event_delete
Fires when a Event is deleted
customPlaybooks:
- triggers:
- on_event_delete: {}
actions:
- create_finding: # (1)
title: "Event $name in namespace $namespace was deleted"
aggregation_key: "Event_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_event_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Event $name in namespace $namespace was deleted"
aggregation_key: "Event_deleted"
A common action that creates a notification. See create_finding.
Optional filter on Event name.
Optional filter on Event namespace.
Optional filter on Event labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_event_all_changes
Fires when a Event is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_event_all_changes: {}
actions:
- create_finding: # (1)
title: "Event $name in namespace $namespace was all_changes"
aggregation_key: "Event_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_event_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Event $name in namespace $namespace was all_changes"
aggregation_key: "Event_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on Event name.
Optional filter on Event namespace.
Optional filter on Event labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
HorizontalPodAutoscaler TriggersΒΆ
The following triggers are available for HorizontalPodAutoscalers.
on_horizontalpodautoscaler_create
Fires when a HorizontalPodAutoscaler is created
customPlaybooks:
- triggers:
- on_horizontalpodautoscaler_create: {}
actions:
- create_finding: # (1)
title: "HorizontalPodAutoscaler $name in namespace $namespace was created"
aggregation_key: "HorizontalPodAutoscaler_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_horizontalpodautoscaler_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "HorizontalPodAutoscaler $name in namespace $namespace was created"
aggregation_key: "HorizontalPodAutoscaler_created"
A common action that creates a notification. See create_finding.
Optional filter on HorizontalPodAutoscaler name.
Optional filter on HorizontalPodAutoscaler namespace.
Optional filter on HorizontalPodAutoscaler labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_horizontalpodautoscaler_update
Fires when a HorizontalPodAutoscaler is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_horizontalpodautoscaler_update: {}
actions:
- create_finding: # (1)
title: "HorizontalPodAutoscaler $name in namespace $namespace was updated"
aggregation_key: "HorizontalPodAutoscaler_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_horizontalpodautoscaler_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "HorizontalPodAutoscaler $name in namespace $namespace was updated"
aggregation_key: "HorizontalPodAutoscaler_updated"
A common action that creates a notification. See create_finding.
Optional filter on HorizontalPodAutoscaler name.
Optional filter on HorizontalPodAutoscaler namespace.
Optional filter on HorizontalPodAutoscaler labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_horizontalpodautoscaler_delete
Fires when a HorizontalPodAutoscaler is deleted
customPlaybooks:
- triggers:
- on_horizontalpodautoscaler_delete: {}
actions:
- create_finding: # (1)
title: "HorizontalPodAutoscaler $name in namespace $namespace was deleted"
aggregation_key: "HorizontalPodAutoscaler_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_horizontalpodautoscaler_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "HorizontalPodAutoscaler $name in namespace $namespace was deleted"
aggregation_key: "HorizontalPodAutoscaler_deleted"
A common action that creates a notification. See create_finding.
Optional filter on HorizontalPodAutoscaler name.
Optional filter on HorizontalPodAutoscaler namespace.
Optional filter on HorizontalPodAutoscaler labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_horizontalpodautoscaler_all_changes
Fires when a HorizontalPodAutoscaler is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_horizontalpodautoscaler_all_changes: {}
actions:
- create_finding: # (1)
title: "HorizontalPodAutoscaler $name in namespace $namespace was all_changes"
aggregation_key: "HorizontalPodAutoscaler_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_horizontalpodautoscaler_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "HorizontalPodAutoscaler $name in namespace $namespace was all_changes"
aggregation_key: "HorizontalPodAutoscaler_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on HorizontalPodAutoscaler name.
Optional filter on HorizontalPodAutoscaler namespace.
Optional filter on HorizontalPodAutoscaler labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Node TriggersΒΆ
The following triggers are available for Nodes.
on_node_create
Fires when a Node is created
customPlaybooks:
- triggers:
- on_node_create: {}
actions:
- create_finding: # (1)
title: "Node $name in namespace $namespace was created"
aggregation_key: "Node_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_node_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Node $name in namespace $namespace was created"
aggregation_key: "Node_created"
A common action that creates a notification. See create_finding.
Optional filter on Node name.
Optional filter on Node namespace.
Optional filter on Node labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_node_update
Fires when a Node is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_node_update: {}
actions:
- create_finding: # (1)
title: "Node $name in namespace $namespace was updated"
aggregation_key: "Node_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_node_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Node $name in namespace $namespace was updated"
aggregation_key: "Node_updated"
A common action that creates a notification. See create_finding.
Optional filter on Node name.
Optional filter on Node namespace.
Optional filter on Node labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_node_delete
Fires when a Node is deleted
customPlaybooks:
- triggers:
- on_node_delete: {}
actions:
- create_finding: # (1)
title: "Node $name in namespace $namespace was deleted"
aggregation_key: "Node_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_node_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Node $name in namespace $namespace was deleted"
aggregation_key: "Node_deleted"
A common action that creates a notification. See create_finding.
Optional filter on Node name.
Optional filter on Node namespace.
Optional filter on Node labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_node_all_changes
Fires when a Node is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_node_all_changes: {}
actions:
- create_finding: # (1)
title: "Node $name in namespace $namespace was all_changes"
aggregation_key: "Node_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_node_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Node $name in namespace $namespace was all_changes"
aggregation_key: "Node_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on Node name.
Optional filter on Node namespace.
Optional filter on Node labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
ClusterRole TriggersΒΆ
The following triggers are available for ClusterRoles.
on_clusterrole_create
Fires when a ClusterRole is created
customPlaybooks:
- triggers:
- on_clusterrole_create: {}
actions:
- create_finding: # (1)
title: "ClusterRole $name in namespace $namespace was created"
aggregation_key: "ClusterRole_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_clusterrole_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ClusterRole $name in namespace $namespace was created"
aggregation_key: "ClusterRole_created"
A common action that creates a notification. See create_finding.
Optional filter on ClusterRole name.
Optional filter on ClusterRole namespace.
Optional filter on ClusterRole labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_clusterrole_update
Fires when a ClusterRole is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_clusterrole_update: {}
actions:
- create_finding: # (1)
title: "ClusterRole $name in namespace $namespace was updated"
aggregation_key: "ClusterRole_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_clusterrole_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ClusterRole $name in namespace $namespace was updated"
aggregation_key: "ClusterRole_updated"
A common action that creates a notification. See create_finding.
Optional filter on ClusterRole name.
Optional filter on ClusterRole namespace.
Optional filter on ClusterRole labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_clusterrole_delete
Fires when a ClusterRole is deleted
customPlaybooks:
- triggers:
- on_clusterrole_delete: {}
actions:
- create_finding: # (1)
title: "ClusterRole $name in namespace $namespace was deleted"
aggregation_key: "ClusterRole_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_clusterrole_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ClusterRole $name in namespace $namespace was deleted"
aggregation_key: "ClusterRole_deleted"
A common action that creates a notification. See create_finding.
Optional filter on ClusterRole name.
Optional filter on ClusterRole namespace.
Optional filter on ClusterRole labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_clusterrole_all_changes
Fires when a ClusterRole is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_clusterrole_all_changes: {}
actions:
- create_finding: # (1)
title: "ClusterRole $name in namespace $namespace was all_changes"
aggregation_key: "ClusterRole_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_clusterrole_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ClusterRole $name in namespace $namespace was all_changes"
aggregation_key: "ClusterRole_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on ClusterRole name.
Optional filter on ClusterRole namespace.
Optional filter on ClusterRole labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
ClusterRoleBinding TriggersΒΆ
The following triggers are available for ClusterRoleBindings.
on_clusterrolebinding_create
Fires when a ClusterRoleBinding is created
customPlaybooks:
- triggers:
- on_clusterrolebinding_create: {}
actions:
- create_finding: # (1)
title: "ClusterRoleBinding $name in namespace $namespace was created"
aggregation_key: "ClusterRoleBinding_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_clusterrolebinding_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ClusterRoleBinding $name in namespace $namespace was created"
aggregation_key: "ClusterRoleBinding_created"
A common action that creates a notification. See create_finding.
Optional filter on ClusterRoleBinding name.
Optional filter on ClusterRoleBinding namespace.
Optional filter on ClusterRoleBinding labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_clusterrolebinding_update
Fires when a ClusterRoleBinding is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_clusterrolebinding_update: {}
actions:
- create_finding: # (1)
title: "ClusterRoleBinding $name in namespace $namespace was updated"
aggregation_key: "ClusterRoleBinding_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_clusterrolebinding_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ClusterRoleBinding $name in namespace $namespace was updated"
aggregation_key: "ClusterRoleBinding_updated"
A common action that creates a notification. See create_finding.
Optional filter on ClusterRoleBinding name.
Optional filter on ClusterRoleBinding namespace.
Optional filter on ClusterRoleBinding labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_clusterrolebinding_delete
Fires when a ClusterRoleBinding is deleted
customPlaybooks:
- triggers:
- on_clusterrolebinding_delete: {}
actions:
- create_finding: # (1)
title: "ClusterRoleBinding $name in namespace $namespace was deleted"
aggregation_key: "ClusterRoleBinding_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_clusterrolebinding_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ClusterRoleBinding $name in namespace $namespace was deleted"
aggregation_key: "ClusterRoleBinding_deleted"
A common action that creates a notification. See create_finding.
Optional filter on ClusterRoleBinding name.
Optional filter on ClusterRoleBinding namespace.
Optional filter on ClusterRoleBinding labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_clusterrolebinding_all_changes
Fires when a ClusterRoleBinding is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_clusterrolebinding_all_changes: {}
actions:
- create_finding: # (1)
title: "ClusterRoleBinding $name in namespace $namespace was all_changes"
aggregation_key: "ClusterRoleBinding_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_clusterrolebinding_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ClusterRoleBinding $name in namespace $namespace was all_changes"
aggregation_key: "ClusterRoleBinding_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on ClusterRoleBinding name.
Optional filter on ClusterRoleBinding namespace.
Optional filter on ClusterRoleBinding labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Job TriggersΒΆ
The following triggers are available for Jobs.
on_job_create
Fires when a Job is created
customPlaybooks:
- triggers:
- on_job_create: {}
actions:
- create_finding: # (1)
title: "Job $name in namespace $namespace was created"
aggregation_key: "Job_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_job_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Job $name in namespace $namespace was created"
aggregation_key: "Job_created"
A common action that creates a notification. See create_finding.
Optional filter on Job name.
Optional filter on Job namespace.
Optional filter on Job labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_job_update
Fires when a Job is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_job_update: {}
actions:
- create_finding: # (1)
title: "Job $name in namespace $namespace was updated"
aggregation_key: "Job_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_job_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Job $name in namespace $namespace was updated"
aggregation_key: "Job_updated"
A common action that creates a notification. See create_finding.
Optional filter on Job name.
Optional filter on Job namespace.
Optional filter on Job labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_job_delete
Fires when a Job is deleted
customPlaybooks:
- triggers:
- on_job_delete: {}
actions:
- create_finding: # (1)
title: "Job $name in namespace $namespace was deleted"
aggregation_key: "Job_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_job_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Job $name in namespace $namespace was deleted"
aggregation_key: "Job_deleted"
A common action that creates a notification. See create_finding.
Optional filter on Job name.
Optional filter on Job namespace.
Optional filter on Job labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
on_job_all_changes
Fires when a Job is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_job_all_changes: {}
actions:
- create_finding: # (1)
title: "Job $name in namespace $namespace was all_changes"
aggregation_key: "Job_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_job_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Job $name in namespace $namespace was all_changes"
aggregation_key: "Job_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on Job name.
Optional filter on Job namespace.
Optional filter on Job labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Related actions:
Namespace TriggersΒΆ
The following triggers are available for Namespaces.
on_namespace_create
Fires when a Namespace is created
customPlaybooks:
- triggers:
- on_namespace_create: {}
actions:
- create_finding: # (1)
title: "Namespace $name in namespace $namespace was created"
aggregation_key: "Namespace_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_namespace_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Namespace $name in namespace $namespace was created"
aggregation_key: "Namespace_created"
A common action that creates a notification. See create_finding.
Optional filter on Namespace name.
Optional filter on Namespace namespace.
Optional filter on Namespace labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_namespace_update
Fires when a Namespace is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_namespace_update: {}
actions:
- create_finding: # (1)
title: "Namespace $name in namespace $namespace was updated"
aggregation_key: "Namespace_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_namespace_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Namespace $name in namespace $namespace was updated"
aggregation_key: "Namespace_updated"
A common action that creates a notification. See create_finding.
Optional filter on Namespace name.
Optional filter on Namespace namespace.
Optional filter on Namespace labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_namespace_delete
Fires when a Namespace is deleted
customPlaybooks:
- triggers:
- on_namespace_delete: {}
actions:
- create_finding: # (1)
title: "Namespace $name in namespace $namespace was deleted"
aggregation_key: "Namespace_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_namespace_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Namespace $name in namespace $namespace was deleted"
aggregation_key: "Namespace_deleted"
A common action that creates a notification. See create_finding.
Optional filter on Namespace name.
Optional filter on Namespace namespace.
Optional filter on Namespace labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_namespace_all_changes
Fires when a Namespace is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_namespace_all_changes: {}
actions:
- create_finding: # (1)
title: "Namespace $name in namespace $namespace was all_changes"
aggregation_key: "Namespace_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_namespace_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "Namespace $name in namespace $namespace was all_changes"
aggregation_key: "Namespace_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on Namespace name.
Optional filter on Namespace namespace.
Optional filter on Namespace labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
ServiceAccount TriggersΒΆ
The following triggers are available for ServiceAccounts.
on_serviceaccount_create
Fires when a ServiceAccount is created
customPlaybooks:
- triggers:
- on_serviceaccount_create: {}
actions:
- create_finding: # (1)
title: "ServiceAccount $name in namespace $namespace was created"
aggregation_key: "ServiceAccount_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_serviceaccount_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ServiceAccount $name in namespace $namespace was created"
aggregation_key: "ServiceAccount_created"
A common action that creates a notification. See create_finding.
Optional filter on ServiceAccount name.
Optional filter on ServiceAccount namespace.
Optional filter on ServiceAccount labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_serviceaccount_update
Fires when a ServiceAccount is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_serviceaccount_update: {}
actions:
- create_finding: # (1)
title: "ServiceAccount $name in namespace $namespace was updated"
aggregation_key: "ServiceAccount_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_serviceaccount_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ServiceAccount $name in namespace $namespace was updated"
aggregation_key: "ServiceAccount_updated"
A common action that creates a notification. See create_finding.
Optional filter on ServiceAccount name.
Optional filter on ServiceAccount namespace.
Optional filter on ServiceAccount labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_serviceaccount_delete
Fires when a ServiceAccount is deleted
customPlaybooks:
- triggers:
- on_serviceaccount_delete: {}
actions:
- create_finding: # (1)
title: "ServiceAccount $name in namespace $namespace was deleted"
aggregation_key: "ServiceAccount_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_serviceaccount_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ServiceAccount $name in namespace $namespace was deleted"
aggregation_key: "ServiceAccount_deleted"
A common action that creates a notification. See create_finding.
Optional filter on ServiceAccount name.
Optional filter on ServiceAccount namespace.
Optional filter on ServiceAccount labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_serviceaccount_all_changes
Fires when a ServiceAccount is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_serviceaccount_all_changes: {}
actions:
- create_finding: # (1)
title: "ServiceAccount $name in namespace $namespace was all_changes"
aggregation_key: "ServiceAccount_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_serviceaccount_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "ServiceAccount $name in namespace $namespace was all_changes"
aggregation_key: "ServiceAccount_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on ServiceAccount name.
Optional filter on ServiceAccount namespace.
Optional filter on ServiceAccount labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
PersistentVolume TriggersΒΆ
The following triggers are available for PersistentVolumes.
on_persistentvolume_create
Fires when a PersistentVolume is created
customPlaybooks:
- triggers:
- on_persistentvolume_create: {}
actions:
- create_finding: # (1)
title: "PersistentVolume $name in namespace $namespace was created"
aggregation_key: "PersistentVolume_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_persistentvolume_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "PersistentVolume $name in namespace $namespace was created"
aggregation_key: "PersistentVolume_created"
A common action that creates a notification. See create_finding.
Optional filter on PersistentVolume name.
Optional filter on PersistentVolume namespace.
Optional filter on PersistentVolume labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_persistentvolume_update
Fires when a PersistentVolume is updated. Creations and deletions are excluded.
customPlaybooks:
- triggers:
- on_persistentvolume_update: {}
actions:
- create_finding: # (1)
title: "PersistentVolume $name in namespace $namespace was updated"
aggregation_key: "PersistentVolume_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_persistentvolume_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "PersistentVolume $name in namespace $namespace was updated"
aggregation_key: "PersistentVolume_updated"
A common action that creates a notification. See create_finding.
Optional filter on PersistentVolume name.
Optional filter on PersistentVolume namespace.
Optional filter on PersistentVolume labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_persistentvolume_delete
Fires when a PersistentVolume is deleted
customPlaybooks:
- triggers:
- on_persistentvolume_delete: {}
actions:
- create_finding: # (1)
title: "PersistentVolume $name in namespace $namespace was deleted"
aggregation_key: "PersistentVolume_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_persistentvolume_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "PersistentVolume $name in namespace $namespace was deleted"
aggregation_key: "PersistentVolume_deleted"
A common action that creates a notification. See create_finding.
Optional filter on PersistentVolume name.
Optional filter on PersistentVolume namespace.
Optional filter on PersistentVolume labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_persistentvolume_all_changes
Fires when a PersistentVolume is created, updated, or deleted.
customPlaybooks:
- triggers:
- on_persistentvolume_all_changes: {}
actions:
- create_finding: # (1)
title: "PersistentVolume $name in namespace $namespace was all_changes"
aggregation_key: "PersistentVolume_all_changes"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_persistentvolume_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "PersistentVolume $name in namespace $namespace was all_changes"
aggregation_key: "PersistentVolume_all_changes"
A common action that creates a notification. See create_finding.
Optional filter on PersistentVolume name.
Optional filter on PersistentVolume namespace.
Optional filter on PersistentVolume labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Wildcard triggersΒΆ
Wildcard triggers fire when any supported Kubernetes resource changes. They are equivalent to a union of all other low-level triggers.
on_kubernetes_any_resource_create
Fires when any Kubernetes resource is created
customPlaybooks:
- triggers:
- on_kubernetes_any_resource_create: {}
actions:
- create_finding: # (1)
title: "resource $name in namespace $namespace was created"
aggregation_key: "resource_created"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_kubernetes_any_resource_create:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "resource $name in namespace $namespace was created"
aggregation_key: "resource_created"
A common action that creates a notification. See create_finding.
Optional filter on resource name.
Optional filter on resource namespace.
Optional filter on resource labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_kubernetes_any_resource_update
Fires when any Kubernetes resource is updated
customPlaybooks:
- triggers:
- on_kubernetes_any_resource_update: {}
actions:
- create_finding: # (1)
title: "resource $name in namespace $namespace was updated"
aggregation_key: "resource_updated"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_kubernetes_any_resource_update:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "resource $name in namespace $namespace was updated"
aggregation_key: "resource_updated"
A common action that creates a notification. See create_finding.
Optional filter on resource name.
Optional filter on resource namespace.
Optional filter on resource labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_kubernetes_any_resource_delete
Fires when any Kubernetes resource is deleted
customPlaybooks:
- triggers:
- on_kubernetes_any_resource_delete: {}
actions:
- create_finding: # (1)
title: "resource $name in namespace $namespace was deleted"
aggregation_key: "resource_deleted"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_kubernetes_any_resource_delete:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "resource $name in namespace $namespace was deleted"
aggregation_key: "resource_deleted"
A common action that creates a notification. See create_finding.
Optional filter on resource name.
Optional filter on resource namespace.
Optional filter on resource labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
on_kubernetes_any_resource_all_changes
Fires when any Kubernetes resource is created, updated, or deleted
customPlaybooks:
- triggers:
- on_kubernetes_any_resource_all_changes: {}
actions:
- create_finding: # (1)
title: "resource $name in namespace $namespace was modified"
aggregation_key: "resource_modified"
A common action that creates a notification. See create_finding.
customPlaybooks:
- triggers:
- on_kubernetes_any_resource_all_changes:
name_prefix: "my-resource" # (2)
namespace_prefix: "kube-system" # (3)
labels_selector: "label1=value1" # (4)
actions:
- create_finding: # (1)
title: "resource $name in namespace $namespace was modified"
aggregation_key: "resource_modified"
A common action that creates a notification. See create_finding.
Optional filter on resource name.
Optional filter on resource namespace.
Optional filter on resource labels. Format is
label1=value1,label2=value2. If multiple labels are provided, all must match.
Common FiltersΒΆ
Most Kubernetes triggers support the following filters:
name_prefixnamespace_prefixlabels_selector- e.g.label1=value1,label2=value2. If multiple labels is provided, all must match.
Additionally, Kubernetes triggers support a scope filtering mechanism that works almost
exactly like the scope mechanism for sinks (see Routing Alerts To Specific Sinks for more
information). The only difference is that for triggers, there is an additional option
available for the include/exclude sections, attributes, that makes it possible
to filter on any attribute inside the YAML representation of the resource. An example
of use of this functionality:
customPlaybooks:
- name: "FilteredPodCreation"
triggers:
- on_pod_create:
scope:
include:
- name:
- my-pod.*
- other
namespace: ns1
labels:
- "foo=bar, boo=xx.*"
- "foo=xx, boo=xx.*"
attributes:
- "status.phase=Pending, status.qosClass=BestEffort, metadata.resourceVersion != 123"
- "spec.restartPolicy=OnFailure"
annotations:
- "foo=bar, boo=xx.*"
- "foo=xx, boo=xx.*"
exclude:
- name:
- woof.*
Note that attributes matching only allows exact equality and inequality. The left-hand side
of each of attributes filters is a path to select appropriate node in the document. It
supports typical constructs like following nested attributes using the . operator, or
selecting n-th element of a list using the [n] operator. In fact the language used to
describe paths is much more versatile, as the implementation uses jsonpath-ng under
the hood. You can read more about it here.