annotations: email: <email_address>
With Red Hat Advanced Cluster Security for Kubernetes (RHACS), you can configure your existing email provider to send notifications about policy violations. If you are using Red Hat Advanced Cluster Security Cloud service (RHACS Cloud service), you can use your existing email provider or the built-in email notifier to send email notifications.
You can use the Default recipient
field to forward alerts from RHACS and the RHACS Cloud service to an email address.
Otherwise, you can use annotations to define an audience and notify them about policy violations associated with a specific deployment or namespace.
You can use email as a notification method by forwarding alerts from RHACS.
The RHACS notifier can send email to a recipient specified in the integration, or it can use annotations to determine the recipient.
If you are using RHACS Cloud service, it blocks port |
Go to Platform Configuration → Integrations.
Under the Notifier Integrations section, select Email.
Select New Integration.
In the Integration name field, enter a name for your email integration.
In the Email server field, enter the address of your email server. The email server address includes fully qualified domain name (FQDN) and the port number; for example, smtp.example.com:465
.
Optional: If you are using unauthenticated SMTP, select Enable unauthenticated SMTP. This is insecure and not recommended, but might be required for some integrations. For example, you might need to enable this option if you use an internal server for notifications that does not require authentication.
You cannot change an existing email integration that uses authentication to enable unauthenticated SMTP. You must delete the existing integration and create a new one with Enable unauthenticated SMTP selected. |
Enter the user name and password of a service account that is used for authentication.
Optional: Enter the name that you want to appear in the FROM
header of email notifications in the From field; for example, Security Alerts
.
Specify the email address that you want to appear in the SENDER
header of email notifications in the Sender field.
Specify the email address that will receive the notifications in the Default recipient field.
Optional: Enter an annotation key in Annotation key for recipient. You can use annotations to dynamically determine an email recipient. To do this:
Add an annotation similar to the following example in your namespace or deployment YAML file, where email
is the Annotation key
that you specify in your email integration. You can create an annotation for the deployment or the namespace.
annotations: email: <email_address>
Use the annotation key email
in the Annotation key for recipient field.
If you configured the deployment or namespace with an annotation, the RHACS sends the alert to the email specified in the annotation. Otherwise, it sends the alert to the default recipient.
The following rules govern how RHACS determines the recipient of an email notification:
|
Optional: Select Disable TLS certificate validation (insecure) to send email without TLS. You should not disable TLS unless you are using StartTLS.
Use TLS for email notifications. Without TLS, all email is sent unencrypted. |
Optional: To use StartTLS, select either Login or Plain from the Use STARTTLS (requires TLS to be disabled) drop-down menu.
With StartTLS, credentials are passed in plain text to the email server before the session encryption is established.
|
Enable alert notifications for system policies.
In the RHACS portal, go to Platform Configuration → Policy Management.
Select one or more policies for which you want to send alerts.
Under Bulk actions, select Enable notification.
In the Enable notification window, select the Email notifier.
If you have not configured any other integrations, the system displays a message that no notifiers are configured. |
Click Enable.
|
You can use your existing email provider or the built-in email notifier in RHACS Cloud service to send email alerts about policy violations.
To use your own email provider, you must configure the email provider as described in the section Configuring the email plugin.
To use the built-in email notifier, you must configure the RHACS Cloud service email plugin.
The RHACS Cloud service notifier sends an email to a recipient. You can specify the recipient in the integration, or RHACS Cloud service can use annotation keys to find the recipient.
|
Go to Platform Configuration → Integrations.
Under the Notifier Integrations section, select RHACS Cloud service Email.
Select New Integration.
In the Integration name field, enter a name for your email integration.
Specify the email address to which you want to send the email notifications in the Default recipient field.
Optional: Enter an annotation key in Annotation key for recipient. You can use annotations to dynamically determine an email recipient. To do this:
Add an annotation similar to the following example in your namespace or deployment YAML file, where email
is the Annotation key
that you specify in your email integration. You can create an annotation for the deployment or the namespace.
annotations: email: <email_address>
Use the annotation key email
in the Annotation key for recipient field.
If you configured the deployment or namespace with an annotation, the RHACS Cloud service sends the alert to the email specified in the annotation. Otherwise, it sends the alert to the default recipient.
The following rules govern how RHACS Cloud service determines the recipient of an email notification:
|
Enable alert notifications for system policies.
In the RHACS portal, go to Platform Configuration → Policy Management.
Select one or more policies for which you want to send alerts.
Under Bulk actions, select Enable notification.
In the Enable notification window, select the RHACS Cloud service Email notifier.
If you have not configured any other integrations, the system displays a message that no notifiers are configured. |
Click Enable.
|