InstallationKubernetes
Kubernetes YAML Manifest
This page shows a raw Kubernetes manifest for the Coordimap agent.
For long-lived environments, use the maintained Helm chart instead:
Use pinned image tags
Replace the example image tag with the version you intend to run. Avoid
latest in production.
Example Manifest
apiVersion: v1
kind: Namespace
metadata:
name: coordimap
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: coordimap-agent
namespace: coordimap
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: coordimap-agent
rules:
- apiGroups: [""]
resources:
[
"nodes",
"namespaces",
"pods",
"services",
"secrets",
"endpoints",
"configmaps",
"persistentvolumeclaims",
"persistentvolumes",
]
verbs: ["get", "list"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets", "daemonsets", "replicasets"]
verbs: ["get", "list"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses", "networkpolicies"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: coordimap-agent
subjects:
- kind: ServiceAccount
name: coordimap-agent
namespace: coordimap
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: coordimap-agent
---
apiVersion: v1
kind: Secret
metadata:
name: coordimap-agent-secrets
namespace: coordimap
type: Opaque
stringData:
COORDIMAP_API_KEY: "YOUR_API_KEY"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coordimap-agent-config
namespace: coordimap
data:
config.yaml: |-
coordimap:
api_key: ${COORDIMAP_API_KEY}
data_sources:
- type: kubernetes
data_source_id: <YOUR_KUBERNETES_DATASOURCE_ID>
config:
- name: scope_id
value: "<YOUR_KUBERNETES_CLUSTER_UID>"
- name: in_cluster
value: "true"
- name: cluster_name
value: "production-cluster"
- name: crawl_interval
value: "30s"
- type: aws
data_source_id: <YOUR_AWS_DATASOURCE_ID>
config:
- name: scope_id
value: "<YOUR_AWS_ACCOUNT_ID>"
- name: policy_config
value: "true"
- name: crawl_interval
value: "60s"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coordimap-agent
namespace: coordimap
spec:
replicas: 1
selector:
matchLabels:
app: coordimap-agent
template:
metadata:
labels:
app: coordimap-agent
spec:
serviceAccountName: coordimap-agent
containers:
- name: coordimap-agent
image: coordimap/coordimap-agent:v1.2.7
imagePullPolicy: IfNotPresent
args:
- --config
- /config/config.yaml
envFrom:
- secretRef:
name: coordimap-agent-secrets
volumeMounts:
- name: agent-config
mountPath: /config
readOnly: true
resources:
requests:
memory: "150Mi"
cpu: "500m"
ephemeral-storage: "15Mi"
limits:
memory: "150Mi"
cpu: "500m"
ephemeral-storage: "15Mi"
volumes:
- name: agent-config
configMap:
name: coordimap-agent-configNotes About The Example
- The example uses
data_source_id, not legacynameordescfields. - The example includes
scope_idbecause stable identity is required for correct graph correlation. - The Kubernetes
scope_idshould be the cluster UID. - The AWS
scope_idshould be the AWS account ID. - Secrets should come from Kubernetes Secrets or an external secret manager, not plain-text ConfigMaps.
Useful Commands
Find the Kubernetes cluster UID:
kubectl get namespace kube-system -o jsonpath='{.metadata.uid}'Apply the manifest:
kubectl apply -f coordimap-agent.yamlInstall Coordimap Agent On Kubernetes
Deploy the Coordimap agent on Kubernetes with Helm, Artifact Hub, or raw YAML, using the maintained Helm chart as the recommended path.
Coordimap Configuration Guide
Learn how to configure the Coordimap agent, choose the right scope_id, and keep cloud, Kubernetes, and database asset identities stable.