Skip to main content
Version: v1.0.0-rc.1 (pre-release)

ObservabilityAlertsNotificationChannel

An ObservabilityAlertsNotificationChannel defines a destination for alert notifications. These resources are environment-bound, meaning each channel is associated with a specific OpenChoreo environment.

Default Notification Channel

In each environment, one ObservabilityAlertsNotificationChannel can be marked as the default. The first notification channel created in an environment is automatically marked as the default channel. If an ObservabilityAlertRule is created without explicitly specifying actions.notifications.channels, it will automatically use the default channel for that environment.

Currently, email and webhook notifications are supported.

API Version​

openchoreo.dev/v1alpha1

Resource Definition​

Metadata​

ObservabilityAlertsNotificationChannel resources are namespace-scoped.

apiVersion: openchoreo.dev/v1alpha1
kind: ObservabilityAlertsNotificationChannel
metadata:
  name: <channel-name>
  namespace: <org-namespace>

Spec Fields​

FieldTypeRequiredDescription
environmentstringYesName of the OpenChoreo environment this channel belongs to (Immutable)
isEnvDefaultbooleanNoIf true, this is the default channel for the environment. Default channels are used by alert rules that don't specify a channel. Defaults to false. First channel created in an environment will be marked as the default
typeNotificationChannelTypeYesThe type of notification channel (email or webhook)
emailConfigEmailConfigRequired if type is emailEmail configuration
webhookConfigWebhookConfigRequired if type is webhookWebhook configuration

NotificationChannelType​

ValueDescription
emailEmail notification channel
webhookHTTP webhook notification channel

EmailConfig​

FieldTypeRequiredDescription
fromstringYesThe sender email address
tostring[]YesList of recipient email addresses (minimum 1)
smtpSMTPConfigYesSMTP server configuration
templateEmailTemplateYesEmail subject and body templates using CEL expressions

WebhookConfig​

FieldTypeRequiredDescription
urlstringYesThe webhook endpoint URL where alerts will be sent (must be a valid URI)
headersmap[string]WebhookHeaderValueNoOptional HTTP headers to include in the webhook request. Each header value can be provided inline or via a secret reference.
payloadTemplatestringNoOptional JSON payload template using CEL expressions. If not provided, the raw alertDetails object will be sent as JSON. CEL expressions use ${...} syntax and have access to alert fields: ${alertName}, ${alertDescription}, ${alertSeverity}, ${alertValue}, etc. Example for Slack: {"text": "Alert: ${alertName}", "blocks": [...]}

WebhookHeaderValue​

Defines a header value that can be provided inline or via a secret reference.

Mutually Exclusive Fields

Exactly one of value or valueFrom must be set (not both, not neither).

FieldTypeRequiredDescription
valuestringNoInline header value (mutually exclusive with valueFrom)
valueFromSecretValueFromNoReference to a secret containing the header value (mutually exclusive with value)

SMTPConfig​

FieldTypeRequiredDescription
hoststringYesSMTP server hostname
portintegerYesSMTP server port
authSMTPAuthYesSMTP authentication credentials
tlsSMTPTLSConfigYesTLS configuration for SMTP

SMTPAuth​

FieldTypeRequiredDescription
usernameSecretValueFromYesUsername for SMTP authentication (inline or secret ref)
passwordSecretValueFromYesPassword for SMTP authentication (inline or secret ref)

SMTPTLSConfig​

FieldTypeRequiredDescription
insecureSkipVerifybooleanNoIf true, skips TLS certificate verification (not recommended for production)

EmailTemplate​

Defines the email template using CEL expressions.

FieldTypeRequiredDescription
subjectstringYesCEL expression for the email subject (e.g., "[${alert.severity}] - ${alert.name} Triggered")
bodystringYesCEL expression for the email body

SecretValueFrom​

Defines how to obtain a secret value.

FieldTypeRequiredDescription
secretKeyRefSecretKeyRefNoReference to a key in a Kubernetes secret

SecretKeyRef​

FieldTypeRequiredDescription
namestringYesName of the secret
namespacestringYesNamespace of the secret
keystringYesKey within the secret

Examples​

Email Notification Channel​

apiVersion: openchoreo.dev/v1alpha1
kind: ObservabilityAlertsNotificationChannel
metadata:
  name: prod-email-notifications
  namespace: my-org
spec:
  environment: production
  isEnvDefault: true
  type: email
  emailConfig:
    from: "alerts@example.com"
    to:
      - "admin@example.com"
      - "devops@example.com"
    smtp:
      host: "smtp.example.com"
      port: 587
      auth:
        username:
          secretKeyRef:
            name: smtp-credentials
            key: username
        password:
          secretKeyRef:
            name: smtp-credentials
            key: password
      tls:
        insecureSkipVerify: false
    template:
      subject: "[OpenChoreo] ${alert.severity}: ${alert.name}"
      body: "Alert ${alert.name} triggered at ${alert.startsAt}.\n\nDescription: ${alert.description}"

Webhook Notification Channel​

apiVersion: openchoreo.dev/v1alpha1
kind: ObservabilityAlertsNotificationChannel
metadata:
  name: prod-webhook-notifications
  namespace: my-org
spec:
  environment: production
  isEnvDefault: false
  type: webhook
  webhookConfig:
    url: https://alerts.example.com/webhook
    headers:
      X-OpenChoreo-Source:
        value: observer
      Authorization:
        valueFrom:
          secretKeyRef:
            name: webhook-token
            key: token
    payloadTemplate: |
      {
        "text": "Alert: ${alertName}",
        "severity": "${alertSeverity}",
        "description": "${alertDescription}",
        "value": "${alertValue}"
      }