Serve DMs to BotKube in Slack

[jayzandme]

Overview

Allow for direct messaging kubectl queries to BotKube with Slack

Acceptance Criteria

When I direct message a botkube app in slack associated to a specific cluster with a kubectl query, it should return a response.

Reason

This would simplify the slack workspace and allow us to reduce the number of slack channels

[mszostok]

Hi @jayzandme

It's a great idea, but for the security reason we cannot implement it now.

What you proposed, requires a user impersonation. With the next release, we will add support only for 2 RBAC options:

• static user - all calls are run with a given user perms
• channel name based mapping - if channel is named team-a we look for the SA called team-a

so when you talk to the Botkube app directly, we will need to use your own email address to select a proper SA, which is not there yet.

Once we will enable such option, we will be able to implement direct messages 👍

It's definitely, a valid feature but we cannot tell you when exactly it will be implemented.

[blakeromano]

Wouldn't we want to be able to let K8s Platform teams decide the method?

For example if we do DMing with read only we can use static creds but if they try and do an update command then they get required to use their own credentials?

We currently only let teams via kubectl have access to their own namespace but BotKube allows teams to go look at anyone's namespace and we are fine with that read-only privilege expansion with BK.

[mszostok]

@blakeromano

For now we have only the channel mapping:

channels:
  'default':
    # -- Slack channel name without '#' prefix where you have added Botkube and want to receive notifications in.
    name: 'SLACK_CHANNEL'
    bindings:
      # -- Executors configuration for a given channel.
      executors:
        - k8s-default-tools
      # -- Notification sources configuration for a given channel.
      sources:
        - k8s-err-events
        - k8s-recommendation-events

we will need to have dedicated binding, sth like:

directMessage:
  bindings:
    # -- Executors configuration for a given channel.
    executors:
      - k8s-default-tools
    # -- Notification sources configuration for a given channel.
    sources:
      - k8s-err-events
      - k8s-recommendation-events

that's also an option, but it will be sth new to implement and handle 👍

---

BTW @blakeromano @jayzandme is that creating a channel an issue here? Or more the UX when talking to a bot? So that on the channel, you need to always type the @Botkube .. prefix where in direct message not?

What if on your channel you will be able to enable an option type directly the command that you want to run: kubectl get po and Botkube will know that it can handle it and will respond?

Would that simplify your workflow too?

or it's all about the history that you want to keep between you and bot?

[blakeromano]

I think from a UX perspective teams should be able to use slack to get read-only access to Kubernetes clusters. Everyone being in the same channel and having commands overlapping if people are writing commands at the same time is annoying. Similarly to how a terminal is your own personal thing I'd hope the DMs with BK would allow and would allow you to keep context versus let's day A I do something then four days later I wanna look at the same thing again and then I gotta scroll through a bunch of other people's commands.

[mszostok]

Thanks @blakeromano for the valuable feedback. All of that makes sens, and we will try to address that as soon, at least for Slack 👍