Skip to content

Commit

Permalink
k8s-inventory: adding extraVolumes and extraVolumeMounts (#388)
Browse files Browse the repository at this point in the history 
* k8s-inventory: adding extraVolumes and extraVolumeMounts
* k8s-inventory: fix comments and update readme table

Signed-off-by: Hung Nguyen <[email protected]>

---------

Signed-off-by: Hung Nguyen <[email protected]>
  • Loading branch information
@HN23
HN23 authored Jun 18, 2024
1 parent aacb105 commit 1d89fdc
Show file tree
Hide file tree
Showing 4 changed files with 87 additions and 39 deletions.
2 changes: 1 addition & 1 deletion stable/k8s-inventory/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: k8s-inventory
version: 0.4.0
version: 0.4.1
appVersion: "1.6.0"
description: A Helm chart for Kubernetes Automated Inventory, which describes which images are in use in a given Kubernetes Cluster
keywords:
Expand Down
71 changes: 43 additions & 28 deletions stable/k8s-inventory/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ See the [K8s Inventory repo](https://github.com/anchore/k8s-inventory) for more
| `replicaCount` | Number of replicas for the K8s Inventory deployment | `1` |
| `image.pullPolicy` | Image pull policy used by the K8s Inventory deployment | `IfNotPresent` |
| `image.repository` | Image used for the K8s Inventory deployment | `anchore/k8s-inventory` |
| `image.tag` | Image tag used for the K8s Inventory deployment | `v1.4.0` |
| `image.tag` | Image tag used for the K8s Inventory deployment | `v1.6.0` |
| `imagePullSecrets` | secrets where Kubernetes should get the credentials for pulling private images | `[]` |
| `nameOverride` | overrides the name set on resources | `""` |
| `fullnameOverride` | overrides the fullname set on resources | `""` |
Expand Down Expand Up @@ -79,35 +79,50 @@ See the [K8s Inventory repo](https://github.com/anchore/k8s-inventory) for more
| `probes.readiness.periodSeconds` | Period seconds for the readiness probe | `15` |
| `probes.readiness.failureThreshold` | Failure threshold for the readiness probe | `3` |
| `probes.readiness.successThreshold` | Success threshold for the readiness probe | `1` |
| `extraVolumes` | mounts additional volumes to each pod | `[]` |
| `extraVolumeMounts` | mounts additional volumes to each pod | `[]` |
| `useExistingSecret` | Specify whether to use an existing secret | `false` |
| `existingSecretName` | if using an existing secret, specify the existing secret name | `""` |

### k8sInventory Parameters ##

| Name | Description | Value |
| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `k8sInventory.output` | The output format of the report (options: table, json) | `json` |
| `k8sInventory.quiet` | Determine whether or not to log the inventory report to stdout | `false` |
| `k8sInventory.verboseInventoryReports` | Determine whether or not to log the inventory report to stdout | `false` |
| `k8sInventory.log.structured` | Determine whether or not to use structured logs | `false` |
| `k8sInventory.log.level` | the level of verbosity for logs | `debug` |
| `k8sInventory.log.file` | location to write the log file (default is not to have a log file) | `""` |
| `k8sInventory.kubeconfig.path` | Path should not be changed | `use-in-cluster` |
| `k8sInventory.kubeconfig.cluster` | Tells Anchore which cluster this inventory is coming from | `docker-desktop` |
| `k8sInventory.namespaceSelectors.include` | Which namespaces to search as explicit strings, not regex; Will search all namespaces if empty array | `[]` |
| `k8sInventory.namespaceSelectors.exclude` | Which namespaces to exclude can use explicit strings and/or regexes. | `[]` |
| `k8sInventory.mode` | Can be one of adhoc, periodic (defaults to adhoc) | `periodic` |
| `k8sInventory.pollingIntervalSeconds` | Only respected if mode is periodic | `60` |
| `k8sInventory.kubernetes.requestTimeoutSeconds` | Sets the request timeout for kubernetes API requests | `60` |
| `k8sInventory.kubernetes.requestBatchSize` | Sets the number of objects to iteratively return when listing resources | `100` |
| `k8sInventory.kubernetes.workerPoolSize` | Worker pool size for collecting pods from namespaces. Adjust this if the api-server gets overwhelmed | `100` |
| `k8sInventory.missingTagPolicy.policy` | One of the following options [digest, insert, drop]. Default is 'digest' | `digest` |
| `k8sInventory.missingTagPolicy.tag` | Dummy tag to use. Only applicable if policy is 'insert'. Defaults to UNKNOWN | `UNKNOWN` |
| `k8sInventory.missingRegistryOverride` | | `""` |
| `k8sInventory.ignoreNotRunning` | Ignore images out of pods that are not in a Running state | `true` |
| `k8sInventory.anchore.url` | the url of the anchore platform | `""` |
| `k8sInventory.anchore.user` | the username of the anchore platform. The user specified must be an admin user or have full-control, or read-write RBAC permissions | `""` |
| `k8sInventory.anchore.password` | the password of the anchore platform | `""` |
| `k8sInventory.anchore.account` | the account to send data to | `admin` |
| `k8sInventory.anchore.http.insecure` | whether or not anchore is using ssl/tls | `true` |
| `k8sInventory.anchore.http.timeoutSeconds` | the amount of time in seconds before timing out | `10` |
| Name | Description | Value |
| ----------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `k8sInventory.output` | The output format of the report (options: table, json) | `json` |
| `k8sInventory.quiet` | Determine whether or not to log the inventory report to stdout | `false` |
| `k8sInventory.verboseInventoryReports` | Determine whether or not to log the inventory report to stdout | `false` |
| `k8sInventory.log.structured` | Determine whether or not to use structured logs | `false` |
| `k8sInventory.log.level` | the level of verbosity for logs | `debug` |
| `k8sInventory.log.file` | location to write the log file (default is not to have a log file) | `""` |
| `k8sInventory.kubeconfig.path` | Path should not be changed | `use-in-cluster` |
| `k8sInventory.kubeconfig.cluster` | Tells Anchore which cluster this inventory is coming from | `docker-desktop` |
| `k8sInventory.namespaceSelectors.include` | Which namespaces to search as explicit strings, not regex; Will search all namespaces if empty array | `[]` |
| `k8sInventory.namespaceSelectors.exclude` | Which namespaces to exclude can use explicit strings and/or regexes. | `[]` |
| `k8sInventory.mode` | Can be one of adhoc, periodic (defaults to adhoc) | `periodic` |
| `k8sInventory.pollingIntervalSeconds` | Only respected if mode is periodic | `60` |
| `k8sInventory.kubernetes.requestTimeoutSeconds` | Sets the request timeout for kubernetes API requests | `60` |
| `k8sInventory.kubernetes.requestBatchSize` | Sets the number of objects to iteratively return when listing resources | `100` |
| `k8sInventory.kubernetes.workerPoolSize` | Worker pool size for collecting pods from namespaces. Adjust this if the api-server gets overwhelmed | `100` |
| `k8sInventory.missingTagPolicy.policy` | One of the following options [digest, insert, drop]. Default is 'digest' | `digest` |
| `k8sInventory.missingTagPolicy.tag` | Dummy tag to use. Only applicable if policy is 'insert'. Defaults to UNKNOWN | `UNKNOWN` |
| `k8sInventory.missingRegistryOverride` | | `""` |
| `k8sInventory.ignoreNotRunning` | Ignore images out of pods that are not in a Running state | `true` |
| `k8sInventory.accountRouteByNamespaceLabel.key` | Kubernetes label key to use for determining Anchore account to send to | `""` |
| `k8sInventory.accountRouteByNamespaceLabel.defaultAccount` | Fallback account to send to if Anchore account or label is not found | `admin` |
| `k8sInventory.accountRouteByNamespaceLabel.ignoreNamespaceMissingLabel` | If true exclude sending inventory of namespaces that are missing the label | `false` |
| `k8sInventory.metadataCollection.nodes.annotations` | List of annotations to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.nodes.labels` | List of labels to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.nodes.disable` | Remove all optional node metadata from the inventory report | `false` |
| `k8sInventory.metadataCollection.namespaces.annotations` | List of annotations to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.namespaces.labels` | List of labels to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.namespaces.disable` | Remove all optional namespace metadata from the inventory report | `false` |
| `k8sInventory.metadataCollection.pods.annotations` | List of annotations to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.pods.labels` | List of labels to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.pods.disable` | Remove all optional pod metadata from the inventory report | `false` |
| `k8sInventory.inventoryReportLimits.namespaces` | Maximum number of namespaces to include in a single report. Default of 0 means no limit | `0` |
| `k8sInventory.anchore.url` | the url of the anchore platform | `""` |
| `k8sInventory.anchore.user` | the username of the anchore platform. The user specified must be an admin user or have full-control, or read-write RBAC permissions | `""` |
| `k8sInventory.anchore.password` | the password of the anchore platform | `""` |
| `k8sInventory.anchore.account` | the account to send data to | `admin` |
| `k8sInventory.anchore.http.insecure` | whether or not anchore is using ssl/tls | `true` |
| `k8sInventory.anchore.http.timeoutSeconds` | the amount of time in seconds before timing out | `10` |
6 changes: 6 additions & 0 deletions stable/k8s-inventory/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,9 @@ spec:
- name: config-volume
mountPath: /etc/xdg/anchore-k8s-inventory/config.yaml
subPath: config.yaml
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
envFrom:
{{- if not .Values.injectSecretsViaEnv }}
- secretRef:
Expand All @@ -84,6 +87,9 @@ spec:
- name: config-volume
configMap:
name: {{ include "k8sInventory.fullname" . }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
Loading

0 comments on commit 1d89fdc

Please sign in to comment.