In this short blog, you will learn how to set up Kosli Notifications so your whole team can stay on top of environment changes and compliance events in real time. 🚀
In fast-paced technology landscapes, understanding how systems are changing is crucial. Developers, DevOps/Platform/SRE teams, security personnel, and management all need this information to manage operational risk, resolve incidents, and just for basic communication with each other. The trouble is, navigating change across teams and systems can mean a lot of wasted time digging through pipeline logs and operations dashboards. What if there was a better way?
Everyone needs to know what’s going on!
The value stream of software change from requirement to production involves a lot of steps, tools, and data. And with modern distributed systems, this value stream is multiplied across every microservice and frontend.
Amid all of this noise humans are often neglected because all of this change creates a huge navigation problem for the people involved in these value streams:
- Developers: often struggle to navigate complex DevOps automation. Finding out what versions of code are in each environment, and how their dependent services are changing, slows down testing, verification and feature delivery.
- DevOps, Platform, and SRE teams: recognize that 70% of outages occur at a change boundary. Without good change forensics it can be a challenge to resolve incidents, increasing the Mean Time to Resolution (MTTR).
- Security personnel: to ensure security across the operational landscape folks need to be able to find unauthorized changes, identify software provenance across all running systems, and track outdated systems.
- Managers: have no insights into the software delivery process, losing the connection on how continuous improvement initiatives are driving business outcomes like lead times and deployment frequency.
Kosli helps all of these people by recording every change made to runtime environments and showing exactly when, where and how those changes were made. And, with Kosli Notifications, you can now create live feeds for the information you care most about in your role.
The power of comprehensive DevOps notifications
Having a notification engine for the provenance of every change deployed to runtime removes a lot of toil for people across the value stream.
Solve Incidents Faster
When an incident occurs, the first question on everyone’s lips is always: “what changed?” Getting to the answer can mean sifting through endless pipeline logs and monitoring dashboards. With Notifications, you can instantly pinpoint what has changed and be the hero during incident response.
Give Developers Feedback
Developers often struggle to understand complex DevOps platforms. Simple questions like “what commit was running in production last night?” and “did my commit deploy to the test environment yet?” usually require help from DevOps and SREs. By providing a live feed of changes, developers know exactly where their code stands and are empowered to self-serve their needs.
Centralize Workflow Automation
DevOps Engineers building developer platforms often require automation of event-based triggers. For example, perhaps you’d like a metrics graph annotation on scaling events, or to create a Jira issue when there’s an unauthorized workload. With Notification webhooks, you can create “if-this-then-that” workflows based on Kosli’s centralized DevOps event data without patchy automation and duct tape across various systems and pipelines.
Enhance Platform Security
Prevent silent unauthorized changes from becoming painful security breaches and audit compliance findings. With Notifications, you are immediately alerted when an unauthorized or non-compliant deployment occurs, ensuring dark deploys are detected before they catch you out.
Let’s work through how to get notifications and change forensics for a Kubernetes environment. You can achieve the results shown in this example with a free Kosli account. You need to follow these three steps.
1. Record your environment
helm repo add kosli https://charts.kosli.com/ helm repo update helm install kosli-k8s-reporter kosli/k8s-reporter -f myvals.yaml
2. Report artifacts (binary provenance)
The second step is to connect what is happening in your environment(s) with information about the source of the binary artifacts. Reporting artifacts allows you to create a connection from source code to artifacts, so when an image shows up in an environment we can provide commit info, deployment diffs and lead time information.
In this case the artifacts are docker images, so we would add this line of code in our CI pipeline after the build:
kosli report artifact "$(docker_image_name)" --artifact-type docker
3. Set up Notifications
Notifications can be found under the settings sections of the application. Here you can view, create, modify, and delete Notifications.
To start with, you can create Slack Notifications for these types of events:
- Unauthorized workloads
- Scaling events
For example, here’s how you would set up Notifications in Slack for new artifact deployments, as well as Notifications when your environment has compliance issues like unauthorized workloads:
And here’s how that looks in Slack:
Give it a go!
Notifications are available on all plans, including our free tier. Why not try it out, and let us know in the community what you think? We are actively working to improve and extend our Notification functionality, so we’d love to hear from you! 🤗