How to Collect Kubernetes Resource Data
The Kubernetes collector is configured within the Fix Inventory Worker configuration via the config command in Fix Inventory Shell.
Prerequisites​
This guide assumes that you have already installed Fix Inventory.
Directions​
1. Enable the Kubernetes Collector​
-
Open the Fix Inventory Worker configuration via the
configcommand in Fix Inventory Shell:> config edit fix.worker -
Add
k8sto the list of collectors by modifying the configuration as follows:Fix Inventory Worker configurationfixworker:
...
# List of collectors to run
collector:
- 'k8s'
...
...
2. Authenticate with Kubernetes​
You can authenticate with Kubernetes via kubeconfig files, manual configuration, or both.
- kubeconfig Files
- Manual Configuration
The easiest way to configure access to Kubernetes is via kubeconfig files.
-
Open the Fix Inventory Worker configuration via the
configcommand in Fix Inventory Shell:> config edit fix.worker -
Add the content of kubeconfig file(s) to the
fixworkersection as follows:Fix Inventory Worker configurationfixworker:
...
write_files_to_home_dir:
- path: ~/.kube/config_1
content: |
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <ca_data>
server: https://k8s.example.com
name: example-cluster
contexts:
- context:
cluster: example-cluster
user: k8s-admin
name: context1
current-context: context1
kind: Config
preferences: {}
users:
- name: k8s-admin
user:
token: <token>
- path: ~/.kube/config_2
content: ...
...
...noteIf you do not wish to save the contents of your kubeconfig file(s) to Fix Inventory's database, you can alternatively mount the directory containing your kubeconfig file(s) to the
fixworkercontainer.infoSince Fix Inventory is running on your local machine, it can access the file(s) directly. Move or copy your kubeconfig file(s) to the
~/.kubedirectory. -
Modify the
k8ssection of the configuration as follows, definingpathandcontextsfor each file:Fix Inventory Worker configurationfixworker:
...
...
k8s:
config_files:
- path: "/home/fixinventory/.kube/config_1"
all_contexts: false
contexts: ["context1", "context2"]
- path: "/home/fixinventory/.kube/config_2"
all_contexts: truenoteThe above example assumes that your kubeconfig file(s) are named
config_1,config_2, etc.infoIf a single kubeconfig file holds multiple contexts, it is possible to restrict the contexts to be used by defining them explicitly. Setting
all_contextstotruewill not filter, resulting in taking all found contexts.
Instead of exposing a kubeconfig file to Fix Inventory Worker, you can alternatively supply credentials manually.
The required values can be found in the kubeconfig file:
| Option | kubeconfig Property |
|---|---|
server | clusters.cluster.server |
token | users.user.token |
certificate_authority_data | clusters.cluster.certificate-authority-data(only required if the server is using a self-signed certificate) |
-
Open the Fix Inventory Worker configuration via the
configcommand in Fix Inventory Shell:> config edit fix.worker -
Modify the
k8ssection of the configuration as follows:Fix Inventory Worker configurationfixworker:
...
...
k8s:
configs:
- name: 'dev'
certificate_authority_data: 'xxx'
server: 'https://k8s-cluster-server.example.com'
token: 'token'infoMultiple k8s clusters can be defined by adding multiple sets of values.
3. Trigger Resource Collection​
By default, Fix Inventory performs resource collection each hour. To immediately trigger a collect run, use the workflow run command in Fix Inventory Shell:
> workflow run collect
Once the collect run completes, you can view a summary of collected Kubernetes resources using the following search:
> search is(kubernetes_resource) | count kind