From 8c3879d12ffe2ca09d9fbb224ceef34feef9bfc6 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Date: Thu, 11 Apr 2024 12:04:27 -0400 Subject: [PATCH 1/4] adding missingRegistryOverride config for k8s inventory Signed-off-by: Hung Nguyen --- stable/k8s-inventory/Chart.yaml | 2 +- stable/k8s-inventory/templates/configmap.yaml | 2 ++ stable/k8s-inventory/values.yaml | 3 +++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/k8s-inventory/Chart.yaml b/stable/k8s-inventory/Chart.yaml index ea2a0696..7b63e7d7 100644 --- a/stable/k8s-inventory/Chart.yaml +++ b/stable/k8s-inventory/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: k8s-inventory -version: 0.2.2 +version: 0.2.3 appVersion: "1.2.0" description: A Helm chart for Kubernetes Automated Inventory, which describes which images are in use in a given Kubernetes Cluster keywords: diff --git a/stable/k8s-inventory/templates/configmap.yaml b/stable/k8s-inventory/templates/configmap.yaml index 3198ca6d..dc5a6e5a 100644 --- a/stable/k8s-inventory/templates/configmap.yaml +++ b/stable/k8s-inventory/templates/configmap.yaml @@ -34,6 +34,8 @@ data: request-batch-size: {{ .Values.k8sInventory.kubernetes.requestBatchSize }} worker-pool-size: {{ .Values.k8sInventory.kubernetes.workerPoolSize }} ignore-not-running: {{ .Values.k8sInventory.ignoreNotRunning }} + missing-registry-override: + {{- toYaml .Values.k8sInventory.missingRegistryOverride | nindent 6 }} missing-tag-policy: {{- toYaml .Values.k8sInventory.missingTagPolicy | nindent 6 }} anchore: diff --git a/stable/k8s-inventory/values.yaml b/stable/k8s-inventory/values.yaml index 18361f7f..02383f9e 100644 --- a/stable/k8s-inventory/values.yaml +++ b/stable/k8s-inventory/values.yaml @@ -192,6 +192,9 @@ k8sInventory: policy: digest tag: UNKNOWN + ## @param k8sInventory.missingRegistryOverride + missingRegistryOverride: {} + ## @param k8sInventory.ignoreNotRunning Ignore images out of pods that are not in a Running state ## ignoreNotRunning: true From 4c133dd093d19dc2766c7584db71c93b57d3cdc1 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Date: Thu, 11 Apr 2024 13:49:46 -0400 Subject: [PATCH 2/4] bumping image and appVersion Signed-off-by: Hung Nguyen --- stable/k8s-inventory/Chart.yaml | 2 +- stable/k8s-inventory/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/k8s-inventory/Chart.yaml b/stable/k8s-inventory/Chart.yaml index 7b63e7d7..a5b394dd 100644 --- a/stable/k8s-inventory/Chart.yaml +++ b/stable/k8s-inventory/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: k8s-inventory version: 0.2.3 -appVersion: "1.2.0" +appVersion: "1.4.0" description: A Helm chart for Kubernetes Automated Inventory, which describes which images are in use in a given Kubernetes Cluster keywords: - analysis diff --git a/stable/k8s-inventory/values.yaml b/stable/k8s-inventory/values.yaml index 02383f9e..821a3d1f 100644 --- a/stable/k8s-inventory/values.yaml +++ b/stable/k8s-inventory/values.yaml @@ -15,7 +15,7 @@ replicaCount: 1 image: pullPolicy: "IfNotPresent" repository: "anchore/k8s-inventory" - tag: "v1.2.0" + tag: "v1.4.0" ## @param imagePullSecrets secrets where Kubernetes should get the credentials for pulling private images ## From bfb292973dc8fac4ba0f962e8e3eb775bcb6d6a7 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Date: Thu, 11 Apr 2024 14:34:18 -0400 Subject: [PATCH 3/4] changing MissingRegistryOverride default value to empty string Signed-off-by: Hung Nguyen --- stable/k8s-inventory/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/k8s-inventory/values.yaml b/stable/k8s-inventory/values.yaml index 821a3d1f..0a4b3f6c 100644 --- a/stable/k8s-inventory/values.yaml +++ b/stable/k8s-inventory/values.yaml @@ -193,7 +193,7 @@ k8sInventory: tag: UNKNOWN ## @param k8sInventory.missingRegistryOverride - missingRegistryOverride: {} + missingRegistryOverride: "" ## @param k8sInventory.ignoreNotRunning Ignore images out of pods that are not in a Running state ## From c7d64ccfe0a1698ea6f1703ff78b6ce50bd7de44 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Date: Thu, 11 Apr 2024 14:37:18 -0400 Subject: [PATCH 4/4] readme update and configmap change to use value Signed-off-by: Hung Nguyen --- stable/k8s-inventory/README.md | 56 +++++++++---------- stable/k8s-inventory/templates/configmap.yaml | 3 +- 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/stable/k8s-inventory/README.md b/stable/k8s-inventory/README.md index 6aa26164..e6b00bca 100644 --- a/stable/k8s-inventory/README.md +++ b/stable/k8s-inventory/README.md @@ -51,7 +51,7 @@ See the [K8s Inventory repo](https://github.com/anchore/k8s-inventory) for more | `replicaCount` | Number of replicas for the K8s Inventory deployment | `1` | | `image.pullPolicy` | Image pull policy used by the K8s Inventory deployment | `IfNotPresent` | | `image.repository` | Image used for the K8s Inventory deployment | `anchore/k8s-inventory` | -| `image.tag` | Image tag used for the K8s Inventory deployment | `v1.1.1` | +| `image.tag` | Image tag used for the K8s Inventory deployment | `v1.4.0` | | `imagePullSecrets` | secrets where Kubernetes should get the credentials for pulling private images | `[]` | | `nameOverride` | overrides the name set on resources | `""` | | `fullnameOverride` | overrides the fullname set on resources | `""` | @@ -82,32 +82,32 @@ See the [K8s Inventory repo](https://github.com/anchore/k8s-inventory) for more | `useExistingSecret` | Specify whether to use an existing secret | `false` | | `existingSecretName` | if using an existing secret, specify the existing secret name | `""` | - ### k8sInventory Parameters ## -| Name | Description | Value | -| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `k8sInventory.output` | The output format of the report (options: table, json) | `json` | -| `k8sInventory.quiet` | Determine whether or not to log the inventory report to stdout | `false` | -| `k8sInventory.verboseInventoryReports` | Determine whether or not to log the inventory report to stdout | `false` | -| `k8sInventory.log.structured` | Determine whether or not to use structured logs | `false` | -| `k8sInventory.log.level` | the level of verbosity for logs | `debug` | -| `k8sInventory.log.file` | location to write the log file (default is not to have a log file) | `""` | -| `k8sInventory.kubeconfig.path` | Path should not be changed | `use-in-cluster` | -| `k8sInventory.kubeconfig.cluster` | Tells Anchore which cluster this inventory is coming from | `docker-desktop` | -| `k8sInventory.namespaceSelectors.include` | Which namespaces to search as explicit strings, not regex; Will search all namespaces if empty array | `[]` | -| `k8sInventory.namespaceSelectors.exclude` | Which namespaces to exclude can use explicit strings and/or regexes. | `[]` | -| `k8sInventory.mode` | Can be one of adhoc, periodic (defaults to adhoc) | `periodic` | -| `k8sInventory.pollingIntervalSeconds` | Only respected if mode is periodic | `60` | -| `k8sInventory.kubernetes.requestTimeoutSeconds` | Sets the request timeout for kubernetes API requests | `60` | -| `k8sInventory.kubernetes.requestBatchSize` | Sets the number of objects to iteratively return when listing resources | `100` | -| `k8sInventory.kubernetes.workerPoolSize` | Worker pool size for collecting pods from namespaces. Adjust this if the api-server gets overwhelmed | `100` | -| `k8sInventory.missingTagPolicy.policy` | One of the following options [digest, insert, drop]. Default is 'digest' | `digest` | -| `k8sInventory.missingTagPolicy.tag` | Dummy tag to use. Only applicable if policy is 'insert'. Defaults to UNKNOWN | `UNKNOWN` | -| `k8sInventory.ignoreNotRunning` | Ignore images out of pods that are not in a Running state | `true` | -| `k8sInventory.anchore.url` | the url of the anchore platform | `http://localhost:8228` | -| `k8sInventory.anchore.user` | the username of the anchore platform. The user specified must be an admin user or have full-control, or read-write RBAC permissions | `admin` | -| `k8sInventory.anchore.password` | the password of the anchore platform | `foobar` | -| `k8sInventory.anchore.account` | the account to send data to | `admin` | -| `k8sInventory.anchore.http.insecure` | whether or not anchore is using ssl/tls | `true` | -| `k8sInventory.anchore.http.timeoutSeconds` | the amount of time in seconds before timing out | `10` | +| Name | Description | Value | +| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `k8sInventory.output` | The output format of the report (options: table, json) | `json` | +| `k8sInventory.quiet` | Determine whether or not to log the inventory report to stdout | `false` | +| `k8sInventory.verboseInventoryReports` | Determine whether or not to log the inventory report to stdout | `false` | +| `k8sInventory.log.structured` | Determine whether or not to use structured logs | `false` | +| `k8sInventory.log.level` | the level of verbosity for logs | `debug` | +| `k8sInventory.log.file` | location to write the log file (default is not to have a log file) | `""` | +| `k8sInventory.kubeconfig.path` | Path should not be changed | `use-in-cluster` | +| `k8sInventory.kubeconfig.cluster` | Tells Anchore which cluster this inventory is coming from | `docker-desktop` | +| `k8sInventory.namespaceSelectors.include` | Which namespaces to search as explicit strings, not regex; Will search all namespaces if empty array | `[]` | +| `k8sInventory.namespaceSelectors.exclude` | Which namespaces to exclude can use explicit strings and/or regexes. | `[]` | +| `k8sInventory.mode` | Can be one of adhoc, periodic (defaults to adhoc) | `periodic` | +| `k8sInventory.pollingIntervalSeconds` | Only respected if mode is periodic | `60` | +| `k8sInventory.kubernetes.requestTimeoutSeconds` | Sets the request timeout for kubernetes API requests | `60` | +| `k8sInventory.kubernetes.requestBatchSize` | Sets the number of objects to iteratively return when listing resources | `100` | +| `k8sInventory.kubernetes.workerPoolSize` | Worker pool size for collecting pods from namespaces. Adjust this if the api-server gets overwhelmed | `100` | +| `k8sInventory.missingTagPolicy.policy` | One of the following options [digest, insert, drop]. Default is 'digest' | `digest` | +| `k8sInventory.missingTagPolicy.tag` | Dummy tag to use. Only applicable if policy is 'insert'. Defaults to UNKNOWN | `UNKNOWN` | +| `k8sInventory.missingRegistryOverride` | | `""` | +| `k8sInventory.ignoreNotRunning` | Ignore images out of pods that are not in a Running state | `true` | +| `k8sInventory.anchore.url` | the url of the anchore platform | `""` | +| `k8sInventory.anchore.user` | the username of the anchore platform. The user specified must be an admin user or have full-control, or read-write RBAC permissions | `""` | +| `k8sInventory.anchore.password` | the password of the anchore platform | `""` | +| `k8sInventory.anchore.account` | the account to send data to | `admin` | +| `k8sInventory.anchore.http.insecure` | whether or not anchore is using ssl/tls | `true` | +| `k8sInventory.anchore.http.timeoutSeconds` | the amount of time in seconds before timing out | `10` | diff --git a/stable/k8s-inventory/templates/configmap.yaml b/stable/k8s-inventory/templates/configmap.yaml index dc5a6e5a..bf961387 100644 --- a/stable/k8s-inventory/templates/configmap.yaml +++ b/stable/k8s-inventory/templates/configmap.yaml @@ -34,8 +34,7 @@ data: request-batch-size: {{ .Values.k8sInventory.kubernetes.requestBatchSize }} worker-pool-size: {{ .Values.k8sInventory.kubernetes.workerPoolSize }} ignore-not-running: {{ .Values.k8sInventory.ignoreNotRunning }} - missing-registry-override: - {{- toYaml .Values.k8sInventory.missingRegistryOverride | nindent 6 }} + missing-registry-override: {{ .Values.k8sInventory.missingRegistryOverride}} missing-tag-policy: {{- toYaml .Values.k8sInventory.missingTagPolicy | nindent 6 }} anchore: