#Email Notification

Compliance Service supports sending scan reports via email.

#Prerequisites

• Use in global cluster: You need upgrade Alauda Container Platform to v4.3.0 or later.
• Use in workload cluster: You need install Alauda Container Platform Cluster Notification plugin.
• Prepare Email Server configurations:
  • global cluster: You need to configure the email server by this document Email Server Configuration for global cluster.
  • workload cluster: You need to configure the email server by this document Email Server Configuration for workload cluster.

#Configure Notification Template

Create a NotificationTemplate resource to define the email content:

apiVersion: ait.alauda.io/v1beta1
kind: NotificationTemplate
metadata:
  name: email-compliance-report-template
  namespace: cpaas-system
labels:
  cpaas.io/template.email.body.type: Html
  cpaas.io/template.language: EN
spec:
  templates:
    - type: Email
      subject: "Compliance {{ .labels.name }} Report"
      content: |-
        The compliance scan has completed. Please download the attached report ZIP file.

Note:

• The resource name cannot be customized; Compliance sending reports relies on this name by default.
• The notification template needs to be created in the cpaas-system namespace.

#Configure Report Recipients

Create a ConfigMap to specify email recipients:

apiVersion: v1
kind: ConfigMap
metadata:
  name: compliance-mail-recipients
  namespace: compliance-system
data:
  to: example1@alauda.io,example@gmail.com

Note:

• The contact resource must be created under the compliance-system namespace.
• The resource name must be consistent with the value of reportDelivery.email.recipientsRef.name.

#Enable Email Notification for Scan

Add the reportDelivery section directly under spec in the Scan resource:

apiVersion: compliance.security.alauda.io/v1alpha1
kind: Scan
metadata:
  name: os-scan
  namespace: compliance-system
spec:
  profile: stig-os-microos
  scanType: node
  reportDelivery:
    email:
      enabled: true
      recipientsRef:
        name: compliance-mail-recipients

#Enable Email Notification for ScanSuite

Add the reportDelivery section directly under spec in the ScanSuite resource:

apiVersion: compliance.security.alauda.io/v1alpha1
kind: ScanSuite
metadata:
  name: notify-scan-suite
  namespace: compliance-system
spec:
  profiles:
    - stig-k8s-api-server
  maxHistoricalResults: 3
  scanTemplate:
    scanType: node
    nodeScopeStrategy: auto
  reportDelivery:
    email:
      enabled: true
      recipientsRef:
        name: compliance-mail-recipients

#Resource-Specific Notes

• In Scan, reportDelivery applies to that single Scan resource.
• In ScanSuite, reportDelivery applies to the batch resource and its generated reports.
• For more details, see Using Scan and Using ScanSuite.