This blog will be to allow sending Gmail notification through third-party apps. Currently, in a gsuite email id, the 2 Factor Authentication blocks unauthorized and less secure app access. eg. when we need to send notifications for alerts using Prometheus. We will see two ways to overcome it.
Gmail Notification Method 1: Less Secure App Access
If you visit https://myaccount.google.com/lesssecureapps you will see it is turned OFF or disabled.
You need to enable or Turn ON the access to allow Prometheus to send notifications.
However, this method is less secure and temporary. As we cannot allow less secure apps to access our email. And now Gmail is removing this in accounts enabled with 2 Factor authentication.
So will use the second method
Gmail Notification Method 2: App Passwords
This method creates passwords for applications where you do not want to use your passwords as a chance of losing it someone who has access to the device where the application runs. Open this link: https://myaccount.google.com/apppasswords
As this says “App passwords let you sign in to your Google Account from apps on devices that don’t support 2-Step Verification.” So we will use this method.
- Select Custom name or Other
- Type a name for the app. eg. email-alert
- Your new password is generated in 16-digit alphanumeric characters.
- Now you can see when it was created and when used
- once use is over you can delete it
How to Use
As read before, one use is in Prometheus, where we need to send email notifications. Now, simply add the email id as the username and the password generated as the password. Use this YAML as a reference:
receivers: - name: 'email' emailConfigs: - sendResolved: true to: 'email@example.com' from: 'firstname.lastname@example.org' smarthost: 'smtp.gmail.com:587' authUsername: 'email@example.com' authIdentity: 'firstname.lastname@example.org' authPassword: name: gmail-auth key: password
Here, a secret fills details of authPassword. The following YAML creates this secret.
apiVersion: v1 kind: Secret type: Opaque metadata: name: gmail-auth namespace: monitoring data: password: anJrZ3Z6anBpYnB5YWhrZg== # base64 encoded password # echo -n 'password' | base64