annotations: email: <email_address>
Configure Red Hat Advanced Cluster Security for Kubernetes (RHACS) to send alerts to a standard email provider.
You can use email as a notification method by forwarding alerts from RHACS to a standard email provider.
To forward alerts from the RHACS platform to an email address, you can use either the Default Recipients
or deployment Annotations
parameter.
You can use default recipients to send email to a standard and centralized team. To send email to a specific team who manages the deployment, use deployment Annotations
. To manage an audience by namespace, use Namespace Annotations
.
You can define an audience to notify about policy violations that are associated with a deployment or namespace using annotation keys. If the deployment has an annotation, the annotation’s value overrides the default value. If the namespace has an annotation, the namespace’s value overrides the default value.
If a deployment has an annotation key and a defined audience, an email is sent to the audience who is defined by the key.
If a deployment does not have an annotation key, the namespace is checked for an annotation key and an email is sent to the defined audience.
If no annotation keys exist, an email is sent to the default recipient that is defined in the integration.
You can create a new integration in the Red Hat Advanced Cluster Security for Kubernetes platform by using the email notifier.
To use an annotation to dynamically determine an email recipient:
Add an annotation similar to the following example in your deployment YAML file, where email is the Annotation
key that you specify in your email integration.
annotations: email: <email_address>
Use the annotation key email
in the Annotation key for recipient field when you configure RHACS.
An annotation can be on the deployment or the namespace. |
If you have configured the deployment or namespace with annotation, the RHACS platform sends the alert to the email specified in the annotation. Otherwise, it sends the alert to the default recipient.
Navigate to Platform Configuration → Integrations.
Under the Notifier Integrations section, select Email.
Select the New Integration icon.
In the Integration Name field, enter a name for your email integration.
For Email Server, enter the address of your email server. The email server address is the fully qualified domain name and the port number. An example is smtp.example.com:465
.
Enter a username and password of a service account that is used for authentication.
Optional: Specify the name of the sender, if it is different from the default value.
Specify the email address that will receive the notifications in the Default Recipient box, or enter an annotation key for Annotation key for recipient.
Optional: Turn on the Disable TLS certificate validation (insecure) toggle to send email without TLS. You should not disable TLS unless you are using StartTLS.
Use TLS for email notifications. Without TLS, all email is sent unencrypted. |
Optional: To use StartTLS, select either Login or Plain for the Use STARTTLS (Requires TLS To Be Disabled) drop-down menu.
With StartTLS, credentials are passed in plain text to the email server before the session encryption is established.
|
Enable alert notifications for system policies.
On the RHACS portal, navigate to Platform Configuration → Policies.
Select the policy for which you want to send alerts.
Select Actions → Edit Policy.
In the Attach Notifiers section, select the check box for the Email notifier.
If you have not configured any integrations, the system displays a message that no notifiers are configured. |
Click Next until you reach Review Policy, then click Save.
|