The teleport-plugin-slack Helm chart is used to configure the Slack Teleport plugin, which allows users to receive Access Requests via channels or direct messages in Slack.
You can browse the source on GitHub.
This reference details available values for the teleport-plugin-slack chart.
Backing up production instances, environments, and/or settings before making permanent modifications is encouraged as a best practice. Doing so allows you to roll back to an existing state if needed.
teleport.address
| Type | Default value | Required? |
|---|---|---|
string | "" | Yes |
This parameter contains the host/port combination of the Teleport Proxy Service (or the Auth Service if you are configuring your plugin to connect to it directly).
teleport:
address: "teleport.example.com:3025"
--set teleport.address="teleport.example.com:3025"
teleport.identitySecretName
| Type | Default value | Required? |
|---|---|---|
string | "" | Yes |
Name of the Kubernetes secret that contains the credentials for the connection to your Teleport cluster.
The secret should be in the following format:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: teleport-plugin-slack-identity
data:
auth_id: ...
Check out the Access Requests with Slack guide for more information about how to acquire these credentials.
teleport:
identitySecretName: "teleport-plugin-slack-identity"
--set teleport.identitySecretName="teleport-plugin-slack-identity"
teleport.identitySecretPath
| Type | Default value | Required? |
|---|---|---|
string | "auth_id" | No |
The key in the Kubernetes secret specified by teleport.identitySecretName that holds the
credentials for the connection to your Teleport cluster. If the secret has the path,
"auth_id", you can omit this field.
teleport:
identitySecretPath: "auth_id"
--set teleport.identitySecretPath="auth_id"
slack.token
| Type | Default value | Required? |
|---|---|---|
string | "" | No |
Slack token of the bot user to impersonate when sending Access Request
messages. Ignored when slack.tokenFromSecret is set.
It's only recommended for testing purposes. Please use
slack.tokenFromSecret instead.
slack:
token: "xoxb-1234"
--set slack.token="xoxb-1234"
slack.tokenFromSecret
| Type | Default value | Required? |
|---|---|---|
string | "" | No |
Secret containing the Slack token of the bot user.
slack:
tokenFromSecret: "teleport-slack-plugin-token"
--set slack.tokenFromSecret="teleport-slack-plugin-token"
slack.tokenSecretPath
| Type | Default value | Required? |
|---|---|---|
string | "" | No |
Key where the token is located inside the secret specified by slack.tokenFromSecret.
slack:
tokenSecretPath: "token"
--set slack.tokenSecretPath="token"
roleToRecipients
| Type | Default value | Required? |
|---|---|---|
map | {} | Yes |
Mapping of roles to a list of channels and Slack emails. It must contain
a mapping for * in case no matching roles are found.
roleToRecipients:
dev: ["dev-access-requests", "[email protected]"]
"*": ["access-requests"]
--set "roleToRecipients.dev[0]=dev-access-requests,roleToRecipients.dev[1][email protected],roleToRecipients.\*[0]=access-requests"
log.output
| Type | Default value | Required? |
|---|---|---|
string | stdout | No |
Logger output. Could be stdout, stderr or a file name, eg. /var/log/teleport/slack.log
log:
output: /var/log/teleport/slack.log
--set log.output="/var/log/teleport/slack.log"
log.severity
| Type | Default value | Required? |
|---|---|---|
string | INFO | No |
Logger severity. Possible values are INFO, ERROR, DEBUG or WARN.
log:
severity: DEBUG
--set log.severity="DEBUG"