
The teleport-plugin-slack
Helm chart is used to configure the Slack Teleport plugin, which allows users to receive Access Requests via channels or direct messages in Slack.
You can browse the source on GitHub.
This reference details available values for the teleport-plugin-slack
chart.
Backing up production instances, environments, and/or settings before making permanent modifications is encouraged as a best practice. Doing so allows you to roll back to an existing state if needed.
teleport.address
Type | Default value | Required? |
---|---|---|
string | "" | Yes |
This parameter contains the host/port combination of the Teleport Proxy Service (or the Auth Service if you are configuring your plugin to connect to it directly).
teleport:
address: "teleport.example.com:3025"
--set teleport.address="teleport.example.com:3025"
teleport.identitySecretName
Type | Default value | Required? |
---|---|---|
string | "" | Yes |
Name of the Kubernetes secret that contains the credentials for the connection to your Teleport cluster.
The secret should be in the following format:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: teleport-plugin-slack-identity
data:
auth_id: ...
Check out the Access Requests with Slack guide for more information about how to acquire these credentials.
teleport:
identitySecretName: "teleport-plugin-slack-identity"
--set teleport.identitySecretName="teleport-plugin-slack-identity"
teleport.identitySecretPath
Type | Default value | Required? |
---|---|---|
string | "auth_id" | No |
The key in the Kubernetes secret specified by teleport.identitySecretName
that holds the
credentials for the connection to your Teleport cluster. If the secret has the path,
"auth_id"
, you can omit this field.
teleport:
identitySecretPath: "auth_id"
--set teleport.identitySecretPath="auth_id"
slack.token
Type | Default value | Required? |
---|---|---|
string | "" | No |
Slack token of the bot user to impersonate when sending Access Request
messages. Ignored when slack.tokenFromSecret
is set.
It's only recommended for testing purposes. Please use
slack.tokenFromSecret
instead.
slack:
token: "xoxb-1234"
--set slack.token="xoxb-1234"
slack.tokenFromSecret
Type | Default value | Required? |
---|---|---|
string | "" | No |
Secret containing the Slack token of the bot user.
slack:
tokenFromSecret: "teleport-slack-plugin-token"
--set slack.tokenFromSecret="teleport-slack-plugin-token"
slack.tokenSecretPath
Type | Default value | Required? |
---|---|---|
string | "" | No |
Key where the token is located inside the secret specified by slack.tokenFromSecret
.
slack:
tokenSecretPath: "token"
--set slack.tokenSecretPath="token"
roleToRecipients
Type | Default value | Required? |
---|---|---|
map | {} | Yes |
Mapping of roles to a list of channels and Slack emails. It must contain
a mapping for *
in case no matching roles are found.
roleToRecipients:
dev: ["dev-access-requests", "[email protected]"]
"*": ["access-requests"]
--set "roleToRecipients.dev[0]=dev-access-requests,roleToRecipients.dev[1][email protected],roleToRecipients.\*[0]=access-requests"
log.output
Type | Default value | Required? |
---|---|---|
string | stdout | No |
Logger output. Could be stdout
, stderr
or a file name, eg. /var/log/teleport/slack.log
log:
output: /var/log/teleport/slack.log
--set log.output="/var/log/teleport/slack.log"
log.severity
Type | Default value | Required? |
---|---|---|
string | INFO | No |
Logger severity. Possible values are INFO
, ERROR
, DEBUG
or WARN
.
log:
severity: DEBUG
--set log.severity="DEBUG"