Configure Red Hat Advanced Cluster Security for Kubernetes (RHACS) to send alerts to a standard email provider.

You can use email as a notification method by forwarding alerts from RHACS to a standard email provider. To forward alerts from the RHACS platform to an email address, you can use either the Default Recipients or Deployment Annotations parameter.

You can use default recipients to send email to a standard and centralized team. To send email to a specific team who manages the deployment, use Deployment Annotations. To manage an audience by namespace, use Namespace Annotations.

You can define an audience to notify about policy violations that are associated with a deployment or namespace using annotation keys. If the deployment has an annotation, the annotation’s value overrides the default value. If the namespace has an annotation, the namespace’s value overrides the default value.

  • If a deployment has an annotation key and a defined audience, an email is sent to the audience who is defined by the key.

  • If a deployment does not have an annotation key, the namespace is checked for an annotation key and an email is sent to the defined audience.

  • If no annotation keys exist, an email is sent to the default recipient that is defined in the integration.

Configuring the email plugin on Red Hat Advanced Cluster Security for Kubernetes platform

You can create a new integration in the Red Hat Advanced Cluster Security for Kubernetes platform by using the email notifier.

To use an annotation to dynamically determine an email recipient:

  1. Add an annotation similar to the following example in your deployment YAML file, where email is the Annotation key that you specify in your email integration.

      email: <email_address>
  2. Use the annotation key email in the Annotation key for recipient field when you configure RHACS.

An annotation can be on the deployment or the namespace.

If you have configured the deployment or namespace with annotation, the RHACS platform sends the alert to the email specified in the annotation. Otherwise, it sends the alert to the default recipient.

  1. Navigate to Platform ConfigurationIntegrations.

  2. Under the Notifier Integrations section, select Email.

  3. Select the New Integration icon.

  4. In the Integration Name field, enter a name for your email integration.

  5. For Email Server, enter the address of your email server. The email server address is the fully qualified domain name and the port number. An example is smtp.example.com:465.

  6. Enter a username and password of a service account that is used for authentication.

  7. Optional: Specify the name of the sender, if it is different from the default value.

  8. Specify the email address that will receive the notifications in the Default Recipient box, or enter an annotation key for Annotation key for recipient.

  9. Optional: Turn on the Disable TLS certificate validation (insecure) toggle to send email without TLS. You should not disable TLS unless you are using StartTLS.

    Use TLS for email notifications. Without TLS, all email is sent unencrypted.

  10. Optional: To use StartTLS, select either Login or Plain for the Use STARTTLS (Requires TLS To Be Disabled) drop-down menu.

    With StartTLS, credentials are passed in plain text to the email server before the session encryption is established.

    • StartTLS with the login parameter sends authentication credentials in a base64 encoded string.

    • StartTLS with the plain parameter sends authentication credentials to your mail relay in plain text.

Configuring policy notifications

Enable alert notifications for system policies.

  1. On the RHACS portal, navigate to Platform ConfigurationSystem policies.

  2. Select the check boxes for one or more policies that you want to send alerts for.

  3. Select ActionsEnable Notification.

  4. In the Enable Notifications dialog box, select the check box for the Email notifier.

    If you have not configured any other integrations, you will see No notifiers configured!.

  5. Click Enable.

  • Red Hat Advanced Cluster Security for Kubernetes sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.

  • Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you will not receive a notification unless a violation generates a new alert.

  • Red Hat Advanced Cluster Security for Kubernetes creates a new alert for the following scenarios:

    • A policy violation occurs for the first time in a deployment.

    • A runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for a policy in that deployment.