Kubernetes Version Checker with Telegram Notifications

README.md

Kubernetes Version Checker with Telegram Notifications

This configuration sets up a Kubernetes CronJob that runs every 6 hours to check for the latest stable Kubernetes version. If a new version is available, a notification is sent to a specified Telegram chat, and the version is stored in a ConfigMap to avoid duplicate alerts.

Components

• Secret:
  Stores the Telegram Bot Token and Chat ID.

• ConfigMap:
  Contains the check_k8s_version.sh script that checks for updates and sends notifications.

• CronJob:
  Runs the script inside an Alpine container every 6 hours (0 */6 * * *).

• ServiceAccount, Role, and RoleBinding:
  Grant permissions to read and update the ConfigMap in the specified namespace.

Features

• Uses kubectl and curl to fetch and compare Kubernetes versions.
• Sends a Telegram message only when a new version is released.
• Stores the last known version in a ConfigMap to prevent repeated alerts.
• Easily deployable with minimal changes.

Schedule

Runs every 6 hours: 0 */6 * * *

Telegram Notification Example

📦 Kubernetes update: new version v1.33.3 (previous: v1.33.2)

---

Note: Replace the values in telegram-secret with your actual Telegram Bot Token and Chat ID before deploying.

k8s-checker-init.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: projects
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: k8s-version-state
  namespace: projects
data:
  last_version: ""

k8s-checker.yaml

apiVersion: v1
kind: Secret
metadata:
  name: telegram-secret
  namespace: projects
type: Opaque
stringData:
  TELEGRAM_BOT_TOKEN: "<Telegream bot token>"
  TELEGRAM_CHAT_ID: "<Your Telegram chat id>"
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: k8s-version-checker
  namespace: projects
spec:
  schedule: "0 */6 * * *"  # каждые 6 часов
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - name: checker
              image: alpine:3.22
              command: ["/bin/sh", "-c"]
              args:
                - >
                  apk update && apk add curl kubectl && sh /scripts/check_k8s_version.sh
              volumeMounts:
                - name: script-volume
                  mountPath: /scripts
                - name: secret-volume
                  mountPath: /secrets
                  readOnly: true
          restartPolicy: OnFailure
          serviceAccountName: k8s-version-sa
          volumes:
            - name: script-volume
              configMap:
                name: k8s-check-script
                defaultMode: 0755
            - name: secret-volume
              secret:
                secretName: telegram-secret
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: k8s-check-script
  namespace: projects
data:
  check_k8s_version.sh: |
    #!/bin/sh
    CONFIGMAP_NAME="k8s-version-state"
    NAMESPACE="projects"

    LATEST_URL="https://cdn.dl.k8s.io/release/stable.txt"
    TELEGRAM_BOT_TOKEN=$(cat /secrets/TELEGRAM_BOT_TOKEN)
    TELEGRAM_CHAT_ID=$(cat /secrets/TELEGRAM_CHAT_ID)

    saved_version=$(kubectl get configmap "$CONFIGMAP_NAME" -n "$NAMESPACE" -o jsonpath="{.data.last_version}" 2>/dev/null)

    latest_full_version=$(curl -s "$LATEST_URL" | tr -d '\n')
    
    if ! echo "$latest_full_version" | grep -Eq '^v[0-9]+\.[0-9]+'; then
      echo "❌ Invalid version format: $latest_full_version"
      exit 0
    fi

    if [ "$latest_full_version" != "$saved_version" ]; then
      echo "Новая версия Kubernetes: $latest_full_version (старая: $saved_version)"

      kubectl create configmap "$CONFIGMAP_NAME" --from-literal=last_version="$latest_full_version" -o yaml --dry-run=client \
        | kubectl apply -f -

      message="📦 Обновление Kubernetes: новая версия $latest_full_version (было: $saved_version)"
      curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
        -d chat_id="$TELEGRAM_CHAT_ID" \
        -d text="$message"
    else
      echo "Версия не изменилась: $latest_full_version"
    fi
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: k8s-version-sa
  namespace: projects
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: k8s-version-role
  namespace: projects
rules:
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get", "create", "update", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: k8s-version-rolebinding
  namespace: projects
subjects:
  - kind: ServiceAccount
    name: k8s-version-sa
roleRef:
  kind: Role
  name: k8s-version-role
  apiGroup: rbac.authorization.k8s.io