logo
InstallKubernetes

Kubernetes YAML file

Kubernetes YAML File

The following YAML file is the recommended one to use to deploy the coordimap agent in a kubernetes cluster. The agent requires only read rights to query Kubernetes resources.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: coordimap-agent-deployment-cluster-role
  namespace: coordimap
rules:
  - verbs:
      - "get"
      - "list"
    apiGroups:
      - ""
      - "apps"
      - "batch"
      - "storage"
      - "storage.k8s.io"
      - "extensions"
      - "networking.k8s.io"
    resources:
      - "nodes"
      - "namespaces"
      - "pods"
      - "service"
      - "secrets"
      - "endpoints"
      - "configmaps"
      - "persistentvolumeclaims"
      - "persistentvolumes"
      - "deployments"
      - "statefulsets"
      - "daemonsets"
      - "jobs"
      - "cronjobs"
      - "storageclasses"
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: coordimap-agent-rolebinding
  namespace: coordimap
subjects:
  - kind: User
    name: system:serviceaccount:coordimap-agent:default
    apiGroup: rbac.authorization.k8s.io
    namespace: coordimap
  - kind: ServiceAccount
    name: default
    namespace: coordimap
roleRef:
  kind: ClusterRole
  name: coordimap-agent-deployment-cluster-role
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coordimap-agent-deployment
  namespace: coordimap
spec:
  selector:
    matchLabels:
      app: coordimap-agent
  template:
    metadata:
      labels:
        app: coordimap-agent
    spec:
      containers:
        - name: coordimap-agent
          image: coordimap/coordimap-agent:latest
          imagePullPolicy: Always
          command:
            - "/agent"
          args:
            - "--debug"
            - "--config"
            - "/config.yaml"
            - "--endpoint"
            - "https://api.coordimap.com/collector/crawlers/infra"
          env:
            - name: API_KEY
              value: YYY
          volumeMounts:
            - mountPath: /config.yaml
              subPath: config.yaml
              name: coordimap-config-file
              readOnly: True
          resources:
            requests:
              memory: "150M"
              cpu: "500m"
              ephemeral-storage: "15Mi"
            limits:
              memory: "150M"
              cpu: "500m"
              ephemeral-storage: "15Mi"
      volumes:
        - name: coordimap-config-file
          configMap:
            name: coordimap-config
            items:
              - key: config.yaml
                path: config.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: coordimap-config
  namespace: coordimap
data:
  config.yaml: |-
    coordimap:
      api_key: ${API_KEY}
      data_sources:
        - type: aws
          name: aws1
          desc: desc1
          config:
          - name: policy_config
            value: "true"
          - name: access_key_id
            value: ${ACCESS_KEY_ID}
          - name: secret_access_key
            value: ${SECRET_ACCSS_KEY}
          - name: crawl_interval
            value: 30s
        - type: postgres
          name: post1
          desc: desc1
          config:
            - name: db_name
              value: dbname1
            - name: db_host
              value: host1
            - name: db_user
              value: user1
            - name: db_pass
              value: pass1
            - name: crawl_interval
              value: 30s
        - type: kubernetes
          name: kube1
          desc: desc1
          config:
          - name: in_cluster
            value: "false"
          - name: config_file
            value: /.kube/config
          - name: crawl_interval
            value: 30s
          - name: cluster_name
            value: k8s_cluster
        - type: aws_flow_logs
          name: flowlog1
          desc: desc1
          config:
          - name: log_format
            value: all
          - name: log_type
            value: S3
          - name: account_id
            value: 123456789
          - name: bucket_name
            value: pe-flowlogs
          - name: region
            value: eu-central-1
          - name: access_key_id
            value: ${ACCESS_KEY_ID}
          - name: secret_access_key
            value: ${SECRET_ACCSS_KEY}
          - name: crawl_interval
            value: 30s

On this page