Installation/Kubernetes
Kubernetes YAML file
Kubernetes YAML File
The following YAML file is the recommended one to use to deploy the coordimap agent in a kubernetes cluster. The agent requires only read rights to query Kubernetes resources.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: coordimap-agent-deployment-cluster-role
namespace: coordimap
rules:
- verbs:
- "get"
- "list"
apiGroups:
- ""
- "apps"
- "batch"
- "storage"
- "storage.k8s.io"
- "extensions"
- "networking.k8s.io"
resources:
- "nodes"
- "namespaces"
- "pods"
- "service"
- "secrets"
- "endpoints"
- "configmaps"
- "persistentvolumeclaims"
- "persistentvolumes"
- "deployments"
- "statefulsets"
- "daemonsets"
- "jobs"
- "cronjobs"
- "storageclasses"
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: coordimap-agent-rolebinding
namespace: coordimap
subjects:
- kind: User
name: system:serviceaccount:coordimap-agent:default
apiGroup: rbac.authorization.k8s.io
namespace: coordimap
- kind: ServiceAccount
name: default
namespace: coordimap
roleRef:
kind: ClusterRole
name: coordimap-agent-deployment-cluster-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coordimap-agent-deployment
namespace: coordimap
spec:
selector:
matchLabels:
app: coordimap-agent
template:
metadata:
labels:
app: coordimap-agent
spec:
containers:
- name: coordimap-agent
image: coordimap/coordimap-agent:latest
imagePullPolicy: Always
command:
- "/agent"
args:
- "--debug"
- "--config"
- "/config.yaml"
- "--endpoint"
- "https://api.coordimap.com/collector/crawlers/infra"
env:
- name: API_KEY
value: YYY
volumeMounts:
- mountPath: /config.yaml
subPath: config.yaml
name: coordimap-config-file
readOnly: True
resources:
requests:
memory: "150M"
cpu: "500m"
ephemeral-storage: "15Mi"
limits:
memory: "150M"
cpu: "500m"
ephemeral-storage: "15Mi"
volumes:
- name: coordimap-config-file
configMap:
name: coordimap-config
items:
- key: config.yaml
path: config.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coordimap-config
namespace: coordimap
data:
config.yaml: |-
coordimap:
api_key: ${API_KEY}
data_sources:
- type: aws
name: aws1
desc: desc1
config:
- name: policy_config
value: "true"
- name: access_key_id
value: ${ACCESS_KEY_ID}
- name: secret_access_key
value: ${SECRET_ACCSS_KEY}
- name: crawl_interval
value: 30s
- type: postgres
name: post1
desc: desc1
config:
- name: db_name
value: dbname1
- name: db_host
value: host1
- name: db_user
value: user1
- name: db_pass
value: pass1
- name: crawl_interval
value: 30s
- type: kubernetes
name: kube1
desc: desc1
config:
- name: in_cluster
value: "false"
- name: config_file
value: /.kube/config
- name: crawl_interval
value: 30s
- name: cluster_name
value: k8s_cluster
- type: aws_flow_logs
name: flowlog1
desc: desc1
config:
- name: log_format
value: all
- name: log_type
value: S3
- name: account_id
value: 123456789
- name: bucket_name
value: pe-flowlogs
- name: region
value: eu-central-1
- name: access_key_id
value: ${ACCESS_KEY_ID}
- name: secret_access_key
value: ${SECRET_ACCSS_KEY}
- name: crawl_interval
value: 30s