Kubernetes: Get mail once deployment is done

1/20/2020

Is there a way to have post deployment mail in kubernetes on GCP/AWS ?

It has become harder to maintaining deployment on kubernetes once deployment team size grows. Having a post deployment mail service will ease up the process. As it'll also say who applied the deployment.

-- Shivam ashtikar
amazon-web-services
google-cloud-platform
kubernetes

5 Answers

1/20/2020

You can attach handlers to container lifecycle events. Kubernetes supports preStop and postStart events. Kubernetes sends the postStart event immediately after the container is started. Here is the snippet of the pod manifest deployment file.

 spec:
     containers:
     - name: <******>
       images:  <******>
       lifecycle:
         postStart:
            exec:
               command: [********]
-- Subramanian Manickam
Source: StackOverflow

1/20/2020

Considering GCP, one option could be create a filter to get the info about your deployment finalization at Stackdriver Logging, and with the filter you can use the CREATE METRIC option, also in Stackdriver Logging.

With the metric created, use Stackdriver Monitoring to create an alert to send e-mails. More details at official documentation.

-- manasouza
Source: StackOverflow

1/20/2020

I don’t think such feature is built-in in Kubernetes.

There is a watch mechanism though, what you could use. Run the following GET query:

https://<api-server-url>/apis/apps/v1/namespace/<namespace>/deployments?watch=true

The connection will not close and you’ll get a “notification” about each deployment. Check the status fields. Then you can send the mail or do something else.

You’ll need to pass an authorization token to gain access to the API server. If you have kubectl setup, you could run a local proxy, which then won’t need the token: kubectl proxy.

-- Dávid Molnár
Source: StackOverflow

1/21/2020

It looks like no one has mentioned "native tool" Kubernetes provides for that yet.

Please note, that there is a concept of Audit in Kubernetes.

It provides a security-relevant chronological set of records documenting the sequence of activities that have affected system by individual users, administrators or other components of the system.

Each request on each stage of its execution generates an event, which is then pre-processed according to a certain policy and processed by certain backend.

That allows cluster administrator to answer the following questions:

  • what happened?
  • when did it happen?
  • who initiated it?
  • on what did it happen?
  • where was it observed?
  • from where was it initiated?
  • to where was it going?

Administrator can specify what events should be recorded and what data they should include with the help of Audit policy/ies.

There are a few backends that persist audit events to an external storage.

  • Log backend, which writes events to a disk
  • Webhook backend, which sends events to an external API
  • Dynamic backend, which configures webhook backends through an AuditSink API object.

In case you use log backend, it is possible to collect data with tools such as a fluentd. With that data you can achieve more than just a post deployment mail in Kubernetes.

Hope that helps!

-- Nick
Source: StackOverflow

1/20/2020

You could try to watch deployment events using https://github.com/bitnami-labs/kubewatch and webhook handler.

Another thing could be implementing customized solution with kubernetes API, for instance in python: https://github.com/kubernetes-client/python then run it as a separate notification pod in your cluster

Third option is to have deployment managed in ci/cd pipeline where actual deployment execution step is "approval" type, you should see user who approved and next step in the pipeline after approving could be the email notification

Approval in circle ci: https://circleci.com/docs/2.0/workflows/#holding-a-workflow-for-a-manual-approval

-- Markownikow
Source: StackOverflow