Fork me on GitHub

Teleport

teleport-plugin-slack Chart Reference

Improve

The teleport-plugin-slack Helm chart is used to configure the Slack Teleport plugin, which allows users to receive Access Requests via channels or direct messages in Slack.

You can browse the source on GitHub.

This reference details available values for the teleport-plugin-slack chart.

Warning

Backing up production instances, environments, and/or settings before making permanent modifications is encouraged as a best practice. Doing so allows you to roll back to an existing state if needed.

teleport.address

TypeDefault valueRequired?
string""Yes

This parameter contains the host/port combination of the Teleport Proxy Service (or the Auth Service if you are configuring your plugin to connect to it directly).

teleport:
  address: "teleport.example.com:3025"
--set teleport.address="teleport.example.com:3025"

teleport.identitySecretName

TypeDefault valueRequired?
string""Yes

Name of the Kubernetes secret that contains the credentials for the connection to your Teleport cluster.

The secret should be in the following format:

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: teleport-plugin-slack-identity
data:
  auth_id: ...

Check out the Access Requests with Slack guide for more information about how to acquire these credentials.

teleport:
  identitySecretName: "teleport-plugin-slack-identity"
--set teleport.identitySecretName="teleport-plugin-slack-identity"

teleport.identitySecretPath

TypeDefault valueRequired?
string"auth_id"No

The key in the Kubernetes secret specified by teleport.identitySecretName that holds the credentials for the connection to your Teleport cluster. If the secret has the path, "auth_id", you can omit this field.

teleport:
  identitySecretPath: "auth_id"
--set teleport.identitySecretPath="auth_id"

slack.token

TypeDefault valueRequired?
string""No

Slack token of the bot user to impersonate when sending Access Request messages. Ignored when slack.tokenFromSecret is set. It's only recommended for testing purposes. Please use slack.tokenFromSecret instead.

slack:
  token: "xoxb-1234"
--set slack.token="xoxb-1234"

slack.tokenFromSecret

TypeDefault valueRequired?
string""No

Secret containing the Slack token of the bot user.

slack:
  tokenFromSecret: "teleport-slack-plugin-token"
--set slack.tokenFromSecret="teleport-slack-plugin-token"

slack.tokenSecretPath

TypeDefault valueRequired?
string""No

Key where the token is located inside the secret specified by slack.tokenFromSecret.

slack:
  tokenSecretPath: "token"
--set slack.tokenSecretPath="token"

roleToRecipients

TypeDefault valueRequired?
map{}Yes

Mapping of roles to a list of channels and Slack emails. It must contain a mapping for * in case no matching roles are found.

roleToRecipients:
  dev: ["dev-access-requests", "[email protected]"]
  "*": ["access-requests"]
--set "roleToRecipients.dev[0]=dev-access-requests,roleToRecipients.dev[1][email protected],roleToRecipients.\*[0]=access-requests"

log.output

TypeDefault valueRequired?
stringstdoutNo

Logger output. Could be stdout, stderr or a file name, eg. /var/log/teleport/slack.log

log:
  output: /var/log/teleport/slack.log
--set log.output="/var/log/teleport/slack.log"

log.severity

TypeDefault valueRequired?
stringINFONo

Logger severity. Possible values are INFO, ERROR, DEBUG or WARN.

log:
  severity: DEBUG
--set log.severity="DEBUG"