Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

k8s-inventory: adding extraVolumes and extraVolumeMounts #388

Merged
merged 2 commits into from
Jun 18, 2024
Merged

k8s-inventory: adding extraVolumes and extraVolumeMounts #388

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
da4d7f3
k8s-inventory: adding extraVolumes and extraVolumeMounts
HN23 Jun 14, 2024
4f96b9e
k8s-inventory: fix comments and update readme table
HN23 Jun 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion stable/k8s-inventory/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: k8s-inventory
version: 0.4.0
version: 0.4.1
appVersion: "1.6.0"
description: A Helm chart for Kubernetes Automated Inventory, which describes which images are in use in a given Kubernetes Cluster
keywords:
Expand Down
71 changes: 43 additions & 28 deletions stable/k8s-inventory/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ See the [K8s Inventory repo](https://github.com/anchore/k8s-inventory) for more
| `replicaCount` | Number of replicas for the K8s Inventory deployment | `1` |
| `image.pullPolicy` | Image pull policy used by the K8s Inventory deployment | `IfNotPresent` |
| `image.repository` | Image used for the K8s Inventory deployment | `anchore/k8s-inventory` |
| `image.tag` | Image tag used for the K8s Inventory deployment | `v1.4.0` |
| `image.tag` | Image tag used for the K8s Inventory deployment | `v1.6.0` |
| `imagePullSecrets` | secrets where Kubernetes should get the credentials for pulling private images | `[]` |
| `nameOverride` | overrides the name set on resources | `""` |
| `fullnameOverride` | overrides the fullname set on resources | `""` |
Expand Down Expand Up @@ -79,35 +79,50 @@ See the [K8s Inventory repo](https://github.com/anchore/k8s-inventory) for more
| `probes.readiness.periodSeconds` | Period seconds for the readiness probe | `15` |
| `probes.readiness.failureThreshold` | Failure threshold for the readiness probe | `3` |
| `probes.readiness.successThreshold` | Success threshold for the readiness probe | `1` |
| `extraVolumes` | mounts additional volumes to each pod | `[]` |
| `extraVolumeMounts` | mounts additional volumes to each pod | `[]` |
| `useExistingSecret` | Specify whether to use an existing secret | `false` |
| `existingSecretName` | if using an existing secret, specify the existing secret name | `""` |

### k8sInventory Parameters ##

| Name | Description | Value |
| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `k8sInventory.output` | The output format of the report (options: table, json) | `json` |
| `k8sInventory.quiet` | Determine whether or not to log the inventory report to stdout | `false` |
| `k8sInventory.verboseInventoryReports` | Determine whether or not to log the inventory report to stdout | `false` |
| `k8sInventory.log.structured` | Determine whether or not to use structured logs | `false` |
| `k8sInventory.log.level` | the level of verbosity for logs | `debug` |
| `k8sInventory.log.file` | location to write the log file (default is not to have a log file) | `""` |
| `k8sInventory.kubeconfig.path` | Path should not be changed | `use-in-cluster` |
| `k8sInventory.kubeconfig.cluster` | Tells Anchore which cluster this inventory is coming from | `docker-desktop` |
| `k8sInventory.namespaceSelectors.include` | Which namespaces to search as explicit strings, not regex; Will search all namespaces if empty array | `[]` |
| `k8sInventory.namespaceSelectors.exclude` | Which namespaces to exclude can use explicit strings and/or regexes. | `[]` |
| `k8sInventory.mode` | Can be one of adhoc, periodic (defaults to adhoc) | `periodic` |
| `k8sInventory.pollingIntervalSeconds` | Only respected if mode is periodic | `60` |
| `k8sInventory.kubernetes.requestTimeoutSeconds` | Sets the request timeout for kubernetes API requests | `60` |
| `k8sInventory.kubernetes.requestBatchSize` | Sets the number of objects to iteratively return when listing resources | `100` |
| `k8sInventory.kubernetes.workerPoolSize` | Worker pool size for collecting pods from namespaces. Adjust this if the api-server gets overwhelmed | `100` |
| `k8sInventory.missingTagPolicy.policy` | One of the following options [digest, insert, drop]. Default is 'digest' | `digest` |
| `k8sInventory.missingTagPolicy.tag` | Dummy tag to use. Only applicable if policy is 'insert'. Defaults to UNKNOWN | `UNKNOWN` |
| `k8sInventory.missingRegistryOverride` | | `""` |
| `k8sInventory.ignoreNotRunning` | Ignore images out of pods that are not in a Running state | `true` |
| `k8sInventory.anchore.url` | the url of the anchore platform | `""` |
| `k8sInventory.anchore.user` | the username of the anchore platform. The user specified must be an admin user or have full-control, or read-write RBAC permissions | `""` |
| `k8sInventory.anchore.password` | the password of the anchore platform | `""` |
| `k8sInventory.anchore.account` | the account to send data to | `admin` |
| `k8sInventory.anchore.http.insecure` | whether or not anchore is using ssl/tls | `true` |
| `k8sInventory.anchore.http.timeoutSeconds` | the amount of time in seconds before timing out | `10` |
| Name | Description | Value |
| ----------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `k8sInventory.output` | The output format of the report (options: table, json) | `json` |
| `k8sInventory.quiet` | Determine whether or not to log the inventory report to stdout | `false` |
| `k8sInventory.verboseInventoryReports` | Determine whether or not to log the inventory report to stdout | `false` |
| `k8sInventory.log.structured` | Determine whether or not to use structured logs | `false` |
| `k8sInventory.log.level` | the level of verbosity for logs | `debug` |
| `k8sInventory.log.file` | location to write the log file (default is not to have a log file) | `""` |
| `k8sInventory.kubeconfig.path` | Path should not be changed | `use-in-cluster` |
| `k8sInventory.kubeconfig.cluster` | Tells Anchore which cluster this inventory is coming from | `docker-desktop` |
| `k8sInventory.namespaceSelectors.include` | Which namespaces to search as explicit strings, not regex; Will search all namespaces if empty array | `[]` |
| `k8sInventory.namespaceSelectors.exclude` | Which namespaces to exclude can use explicit strings and/or regexes. | `[]` |
| `k8sInventory.mode` | Can be one of adhoc, periodic (defaults to adhoc) | `periodic` |
| `k8sInventory.pollingIntervalSeconds` | Only respected if mode is periodic | `60` |
| `k8sInventory.kubernetes.requestTimeoutSeconds` | Sets the request timeout for kubernetes API requests | `60` |
| `k8sInventory.kubernetes.requestBatchSize` | Sets the number of objects to iteratively return when listing resources | `100` |
| `k8sInventory.kubernetes.workerPoolSize` | Worker pool size for collecting pods from namespaces. Adjust this if the api-server gets overwhelmed | `100` |
| `k8sInventory.missingTagPolicy.policy` | One of the following options [digest, insert, drop]. Default is 'digest' | `digest` |
| `k8sInventory.missingTagPolicy.tag` | Dummy tag to use. Only applicable if policy is 'insert'. Defaults to UNKNOWN | `UNKNOWN` |
| `k8sInventory.missingRegistryOverride` | | `""` |
| `k8sInventory.ignoreNotRunning` | Ignore images out of pods that are not in a Running state | `true` |
| `k8sInventory.accountRouteByNamespaceLabel.key` | Kubernetes label key to use for determining Anchore account to send to | `""` |
| `k8sInventory.accountRouteByNamespaceLabel.defaultAccount` | Fallback account to send to if Anchore account or label is not found | `admin` |
| `k8sInventory.accountRouteByNamespaceLabel.ignoreNamespaceMissingLabel` | If true exclude sending inventory of namespaces that are missing the label | `false` |
| `k8sInventory.metadataCollection.nodes.annotations` | List of annotations to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.nodes.labels` | List of labels to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.nodes.disable` | Remove all optional node metadata from the inventory report | `false` |
| `k8sInventory.metadataCollection.namespaces.annotations` | List of annotations to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.namespaces.labels` | List of labels to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.namespaces.disable` | Remove all optional namespace metadata from the inventory report | `false` |
| `k8sInventory.metadataCollection.pods.annotations` | List of annotations to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.pods.labels` | List of labels to include (explicit or regex) | `[]` |
| `k8sInventory.metadataCollection.pods.disable` | Remove all optional pod metadata from the inventory report | `false` |
| `k8sInventory.inventoryReportLimits.namespaces` | Maximum number of namespaces to include in a single report. Default of 0 means no limit | `0` |
| `k8sInventory.anchore.url` | the url of the anchore platform | `""` |
| `k8sInventory.anchore.user` | the username of the anchore platform. The user specified must be an admin user or have full-control, or read-write RBAC permissions | `""` |
| `k8sInventory.anchore.password` | the password of the anchore platform | `""` |
| `k8sInventory.anchore.account` | the account to send data to | `admin` |
| `k8sInventory.anchore.http.insecure` | whether or not anchore is using ssl/tls | `true` |
| `k8sInventory.anchore.http.timeoutSeconds` | the amount of time in seconds before timing out | `10` |
6 changes: 6 additions & 0 deletions stable/k8s-inventory/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,9 @@ spec:
- name: config-volume
mountPath: /etc/xdg/anchore-k8s-inventory/config.yaml
subPath: config.yaml
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
envFrom:
{{- if not .Values.injectSecretsViaEnv }}
- secretRef:
Expand All @@ -84,6 +87,9 @@ spec:
- name: config-volume
configMap:
name: {{ include "k8sInventory.fullname" . }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
Loading
Loading