Home/Docs/Slack

Slack

Medulla leverages a Slack integration to deliver Kubernetes upgrade notifications directly to your Slack channels as rich Block Kit messages. This integration supports two delivery methods — Bot Token and Incoming Webhook — allowing teams to receive immediate, actionable alerts when Kubernetes upgrade events occur, including scan results, scheduled upgrades, execution progress, and failures, making it easier to manage infrastructure updates within existing Slack workflows.

What is Slack?

Slack is a channel-based messaging platform widely used by engineering and operations teams for real-time collaboration. It provides organized channels, direct messaging, file sharing, and extensive third-party integrations, making it a central hub for team communication and incident response.

When Medulla connects to Slack, it can send automated notifications to your configured channel, keeping your team informed of essential Kubernetes upgrade updates and actions required.

Medulla's Slack integration is specifically designed to:

  • Send rich Block Kit notifications for critical Kubernetes upgrade events (e.g., failed executions, high-risk scan results, scheduled upgrades) directly to your Slack channel.
  • Color-code alerts by severity so that high-risk events (red sidebar) and successful completions (green sidebar) are visually distinct in your channel.
  • Map risk scores to severity labels (CRITICAL, HIGH, MEDIUM, LOW) so your team can quickly assess urgency without leaving Slack.
  • Provide one-click dashboard access via action buttons embedded in every notification, linking directly to the relevant Medulla dashboard page.

Permissions and Access

To allow Medulla to send notifications through Slack, the integration requires specific access depending on the delivery method chosen:

  1. Option A — Slack Bot Token: A bot token (starting with xoxb-) created via a Slack App. This allows Medulla to post messages to the specified channel using the Slack Bot Token API. The bot must be invited to the target channel.

  2. Option B — Slack Incoming Webhook URL: A unique URL generated when you add an Incoming Webhook to a Slack App or workspace. It allows Medulla to post messages to a specific channel without requiring a bot user.

  3. Channel-Level Access: Notifications are sent to a single configured channel. Medulla can only send messages to the channel specified during setup.

  4. No Read Access: Medulla does not read any data from Slack. The integration is write-only — it sends notifications to Slack but cannot access messages, users, channels, or any other Slack data.

These permissions are limited to the scope necessary for notification delivery and do not grant Medulla the ability to read messages, access user profiles, or modify any Slack configuration.

Steps to Install

  1. Navigate to Integrations Settings: In Medulla, go to the Integrations Settings page, where the Slack integration option is provided.

  2. Get Your Slack Credentials:

    • Bot Token method: Create a Slack App at api.slack.com/apps, add the chat:write scope under OAuth & Permissions, install the app to your workspace, and copy the Bot User OAuth Token (starts with xoxb-). Invite the bot to your target channel with /invite @YourBotName.
    • Webhook method: Create a Slack App, enable Incoming Webhooks, add a new webhook to your target channel, and copy the Webhook URL (starts with https://hooks.slack.com/).

  3. Connect to Slack:

    • Click on Connect Slack in Medulla's Integrations page. This opens a configuration panel.
    • Enter either your Bot Token or your Webhook URL (one or the other, not both).
    • Optionally specify the Channel name (defaults to #general if not provided).
    • Click Connect to save and activate the integration.

  4. Test Notifications: After completing the setup, Medulla will provide an option to test the Slack integration by sending a sample test message. This posts a test notification to your Slack channel, verifying that the integration is successful and confirming message delivery.

  5. Verify in Slack: Open your Slack channel and confirm the test notification appeared as a Block Kit message with a blue sidebar, a title, details, and a "View in Dashboard" action button.

  6. Save Settings: Once the test is successful, the Slack integration is active for real-time notifications.

Key Benefits

  • Real-time Channel Notifications: Receive immediate Block Kit notifications in your Slack channel for critical Kubernetes upgrade events, helping your team respond quickly to urgent issues.
  • Rich Visual Messages: Notifications are delivered as structured Block Kit attachments with color-coded sidebars, field grids, and action buttons — not plain text messages — making them easy to scan and act on.
  • Risk-Based Severity Indicators: Upgrade risk scores are mapped to visual severity labels (CRITICAL, HIGH, MEDIUM, LOW) with color coding, so your team can instantly assess urgency.
  • One-Click Dashboard Access: Every notification includes a "View in Dashboard" button that links directly to the relevant page in Medulla for quick investigation.
  • Secure Credential Storage: Your Slack bot token or webhook URL is encrypted using AES-256-GCM before being stored, ensuring credentials are protected at rest.

Key Features

  • Risk Score to Severity Label Mapping: Medulla automatically maps upgrade risk scores to human-readable severity labels displayed in the notification. Scores of 80-100 map to CRITICAL (red), 60-79 to HIGH (amber/warning), 30-59 to MEDIUM, and scores below 30 to LOW.

  • Five Supported Event Types: Medulla sends Slack notifications for five Kubernetes upgrade lifecycle stages:

    • scan_completed: Posts a notification when a cluster scan finishes, showing the risk score, deprecated APIs, and addon conflicts.
    • upgrade_scheduled: Posts a notification when an upgrade maintenance window is scheduled, including version details and the maintenance window.
    • execution_started: Posts an informational notification when an upgrade execution begins.
    • execution_completed: Posts a green-highlighted success message when an upgrade succeeds, showing duration, rollback status, and confidence score.
    • execution_failed: Posts a red-highlighted failure message when an upgrade execution fails, always showing the failure reason, rollback status, and error details.

  • Block Kit Format: All notifications use the Slack Block Kit format with attachments, providing structured layouts with colored sidebars, field grids, dividers, action buttons, and footer context.

  • Automatic Retry with Backoff: Failed delivery attempts are retried automatically — up to 3 attempts with exponential backoff (1 second, then 2 seconds). Retryable conditions include rate limits (HTTP 429), server errors (502, 503, 504), and network errors.

  • Encryption at Rest: Your Slack bot token or webhook URL is encrypted using AES-256-GCM before being stored in Medulla's database. The decrypted credential is held in memory only for the duration of each API call to Slack, then cleared.

Prerequisites

Before setting up the Slack integration, ensure the following:

  • A Slack workspace with permissions to create apps or configure webhooks.
  • A Slack channel where you want to receive Medulla notifications.
  • Either a Slack Bot Token (xoxb- prefix, with chat:write scope) or an Incoming Webhook URL (from hooks.slack.com).
  • If using a bot token, the bot must be invited to the target channel.
  • Access to Medulla's Integrations tab in the platform UI.
  • The Slack integration feature must be enabled in your Medulla environment.

Setup Guide

To connect Slack to Medulla, follow these steps to configure the integration and enable automated notification delivery for Kubernetes upgrade events.

Step 1: Navigate to Medulla Integrations

  1. Log in to the Medulla platform.
  2. Go to the Integrations screen in the UI.
  3. Locate the Slack integration card, which displays a Connect Slack call-to-action (CTA) button.

Step 2: Create Slack Credentials

Option A — Bot Token (recommended):

  1. Go to api.slack.com/apps and create a new Slack App (or use an existing one).
  2. Under OAuth & Permissions, add the chat:write bot token scope.
  3. Install the app to your workspace.
  4. Copy the Bot User OAuth Token — it starts with xoxb-.
  5. In Slack, invite the bot to your target channel: type /invite @YourBotName in the channel.

Option B — Incoming Webhook:

  1. Go to api.slack.com/apps and create a new Slack App.
  2. Under Incoming Webhooks, toggle the feature on.
  3. Click Add New Webhook to Workspace and select the target channel.
  4. Copy the Webhook URL — it starts with https://hooks.slack.com/.

Important: Keep your bot token or webhook URL secure — anyone with these credentials can post messages to the channel.

Step 3: Connect Slack in Medulla

  1. Click the Connect Slack button to open a configuration panel.
  2. Enter either your Bot Token or your Webhook URL (one or the other, not both).
  3. Optionally specify the Channel name (defaults to #general).
  4. Click Connect to save the configuration.

Step 4: Test and Validate

  1. After connecting, click the Test Integration button to send a sample notification to your Slack channel.
  2. Open your Slack channel and verify a test message appeared with a blue sidebar.
  3. The test message will have a title indicating it is a Medulla test notification and include a "View in Dashboard" action button.
  4. Click the action button to verify it links correctly to the Medulla dashboard.

Step 5: Finalize and Manage Integration

  1. After a successful test, the Slack integration is active and will automatically send notifications for all Kubernetes upgrade lifecycle events.
  2. To update the configuration: Return to the Integrations tab, click on the Slack card, and modify the credentials or channel as needed.
  3. To disconnect the integration: Click Disconnect in the Integrations tab to clear all credentials from Medulla's database and deactivate the integration.

How It Works

The Slack integration enables Medulla to act as a real-time bridge between your Kubernetes upgrade pipeline and your team's collaboration channel. Here's how it works:

  1. Upgrade Events Occur: Medulla's upgrade engine generates events at each stage of the Kubernetes upgrade lifecycle: scan completion, upgrade scheduling, execution start, execution completion, and execution failure. Each event is recorded in Medulla's notification log with the channel set to slack and status set to pending.

  2. Risk-Based Severity Assessment: For scan and scheduling events, Medulla evaluates the upgrade risk score and maps it to a severity label and sidebar color: 80-100 = CRITICAL (red), 60-79 = HIGH (amber), 30-59 = MEDIUM, below 30 = LOW (blue). Execution failures always display with a red sidebar. Execution completions display with a green sidebar.

  3. Block Kit Message Construction: Medulla's background worker picks up pending notifications and constructs a Slack Block Kit message with a header, field grid, divider, action button, and footer.

  4. Notification Delivery: Messages are posted via the Slack Bot Token API or webhook URL, with per-workspace rate limiting and automatic retry on failures.

  5. Secure Credential Handling: Your bot token or webhook URL is encrypted using AES-256-GCM before being stored. The decrypted credential is held in memory only for the duration of each API call.

Troubleshooting

  • Integration Not Available: Ensure the Slack integration feature is enabled in your Medulla environment.

  • Test Event Not Appearing in Slack: Verify your credentials are correct — bot tokens must start with xoxb- and webhook URLs must start with https://hooks.slack.com/. If using a bot token, confirm the bot has been invited to the target channel.

  • "provide either bot_token or webhook_url" Error: You must provide exactly one credential type during setup.

  • Notifications Not Appearing After Real Events: Check that the Medulla background worker is running. Verify the notification log shows entries with status delivered.

  • Notifications Stuck in Pending: Ensure the background worker service is running and healthy.

  • Bot Token Invalid Error: Ensure your bot token starts with xoxb-.

  • Webhook URL Invalid Error: Ensure the webhook URL starts with https://hooks.slack.com/.

  • Permission Errors: Verify your bot token has the chat:write scope and the bot has been invited to the target channel.