[VC-45804] Add cluster name and description to CyberArk Discovery and Context snapshot

deploy/charts/disco-agent/README.md

@@ -277,6 +277,24 @@ Example: excludeAnnotationKeysRegex: ['^kapp\.k14s\.io/original.*']
 > ```yaml
 > []
 > ```
+#### **config.clusterName** ~ `string`
+> Default value:
+> ```yaml
+> ""
+> ```
+
+A human readable name for the cluster where the agent is deployed (optional). 
+
+This cluster name will be associated with the data that the agent uploads to the Discovery and Context service. If empty (the default), the service account name will be used instead.
+#### **config.clusterDescription** ~ `string`
+> Default value:
+> ```yaml
+> ""
+> ```
+
+A short description of the cluster where the agent is deployed (optional). 
+
+This description will be associated with the data that the agent uploads to the Discovery and Context service. The description may include contact information such as the email address of the cluster administrator, so that any problems and risks identified by the Discovery and Context service can be communicated to the people responsible for the affected secrets.
 #### **authentication.secretName** ~ `string`
 > Default value:
 > ```yaml

deploy/charts/disco-agent/templates/configmap.yaml

@@ -7,6 +7,8 @@ metadata:
  {{- include "disco-agent.labels" . | nindent 4 }}
 data:
  config.yaml: |-
+ cluster_name: {{ .Values.config.clusterName | quote }}
+ cluster_description: {{ .Values.config.clusterDescription | quote }}
  period: {{ .Values.config.period | quote }}
  {{- with .Values.config.excludeAnnotationKeysRegex }}
  exclude-annotation-keys-regex:

deploy/charts/disco-agent/tests/__snapshot__/configmap_test.yaml.snap

@@ -1,8 +1,224 @@
+custom-cluster-description:
+ 1: |
+ apiVersion: v1
+ data:
+ config.yaml: |-
+ cluster_name: ""
+ cluster_description: "A cloud hosted Kubernetes cluster hosting production workloads.\n\nteam: team-1\nemail: team-1@example.com\npurpose: Production workloads\n"
+ period: "12h0m0s"
+ data-gatherers:
+ - kind: k8s-discovery
+ name: ark/discovery
+ - kind: k8s-dynamic
+ name: ark/secrets
+ config:
+ resource-type:
+ version: v1
+ resource: secrets
+ field-selectors:
+ - type!=kubernetes.io/dockercfg
+ - type!=kubernetes.io/dockerconfigjson
+ - type!=bootstrap.kubernetes.io/token
+ - type!=helm.sh/release.v1
+ - kind: k8s-dynamic
+ name: ark/serviceaccounts
+ config:
+ resource-type:
+ resource: serviceaccounts
+ version: v1
+ - kind: k8s-dynamic
+ name: ark/roles
+ config:
+ resource-type:
+ version: v1
+ group: rbac.authorization.k8s.io
+ resource: roles
+ - kind: k8s-dynamic
+ name: ark/clusterroles
+ config:
+ resource-type:
+ version: v1
+ group: rbac.authorization.k8s.io
+ resource: clusterroles
+ - kind: k8s-dynamic
+ name: ark/rolebindings
+ config:
+ resource-type:
+ version: v1
+ group: rbac.authorization.k8s.io
+ resource: rolebindings
+ - kind: k8s-dynamic
+ name: ark/clusterrolebindings
+ config:
+ resource-type:
+ version: v1
+ group: rbac.authorization.k8s.io
+ resource: clusterrolebindings
+ - kind: k8s-dynamic
+ name: ark/jobs
+ config:
+ resource-type:
+ version: v1
+ group: batch
+ resource: jobs
+ - kind: k8s-dynamic
+ name: ark/cronjobs
+ config:
+ resource-type:
+ version: v1
+ group: batch
+ resource: cronjobs
+ - kind: k8s-dynamic
+ name: ark/deployments
+ config:
+ resource-type:
+ version: v1
+ group: apps
+ resource: deployments
+ - kind: k8s-dynamic
+ name: ark/statefulsets
+ config:
+ resource-type:
+ version: v1
+ group: apps
+ resource: statefulsets
+ - kind: k8s-dynamic
+ name: ark/daemonsets
+ config:
+ resource-type:
+ version: v1
+ group: apps
+ resource: daemonsets
+ - kind: k8s-dynamic
+ name: ark/pods
+ config:
+ resource-type:
+ version: v1
+ resource: pods
+ kind: ConfigMap
+ metadata:
+ labels:
+ app.kubernetes.io/instance: test
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: disco-agent
+ app.kubernetes.io/version: v0.0.0
+ helm.sh/chart: disco-agent-0.0.0
+ name: test-disco-agent-config
+ namespace: test-ns
+custom-cluster-name:
+ 1: |
+ apiVersion: v1
+ data:
+ config.yaml: |-
+ cluster_name: "cluster-1 region-1 cloud-1 "
+ cluster_description: ""
+ period: "12h0m0s"
+ data-gatherers:
+ - kind: k8s-discovery
+ name: ark/discovery
+ - kind: k8s-dynamic
+ name: ark/secrets
+ config:
+ resource-type:
+ version: v1
+ resource: secrets
+ field-selectors:
+ - type!=kubernetes.io/dockercfg
+ - type!=kubernetes.io/dockerconfigjson
+ - type!=bootstrap.kubernetes.io/token
+ - type!=helm.sh/release.v1
+ - kind: k8s-dynamic
+ name: ark/serviceaccounts
+ config:
+ resource-type:
+ resource: serviceaccounts
+ version: v1
+ - kind: k8s-dynamic
+ name: ark/roles
+ config:
+ resource-type:
+ version: v1
+ group: rbac.authorization.k8s.io
+ resource: roles
+ - kind: k8s-dynamic
+ name: ark/clusterroles
+ config:
+ resource-type:
+ version: v1
+ group: rbac.authorization.k8s.io
+ resource: clusterroles
+ - kind: k8s-dynamic
+ name: ark/rolebindings
+ config:
+ resource-type:
+ version: v1
+ group: rbac.authorization.k8s.io
+ resource: rolebindings
+ - kind: k8s-dynamic
+ name: ark/clusterrolebindings
+ config:
+ resource-type:
+ version: v1
+ group: rbac.authorization.k8s.io
+ resource: clusterrolebindings
+ - kind: k8s-dynamic
+ name: ark/jobs
+ config:
+ resource-type:
+ version: v1
+ group: batch
+ resource: jobs
+ - kind: k8s-dynamic
+ name: ark/cronjobs
+ config:
+ resource-type:
+ version: v1
+ group: batch
+ resource: cronjobs
+ - kind: k8s-dynamic
+ name: ark/deployments
+ config:
+ resource-type:
+ version: v1
+ group: apps
+ resource: deployments
+ - kind: k8s-dynamic
+ name: ark/statefulsets
+ config:
+ resource-type:
+ version: v1
+ group: apps
+ resource: statefulsets
+ - kind: k8s-dynamic
+ name: ark/daemonsets
+ config:
+ resource-type:
+ version: v1
+ group: apps
+ resource: daemonsets
+ - kind: k8s-dynamic
+ name: ark/pods
+ config:
+ resource-type:
+ version: v1
+ resource: pods
+ kind: ConfigMap
+ metadata:
+ labels:
+ app.kubernetes.io/instance: test
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: disco-agent
+ app.kubernetes.io/version: v0.0.0
+ helm.sh/chart: disco-agent-0.0.0
+ name: test-disco-agent-config
+ namespace: test-ns
 custom-period:
  1: |
  apiVersion: v1
  data:
  config.yaml: |-
+ cluster_name: ""
+ cluster_description: ""
  period: "1m"
  data-gatherers:
  - kind: k8s-discovery
@@ -108,6 +324,8 @@ defaults:
  apiVersion: v1
  data:
  config.yaml: |-
+ cluster_name: ""
+ cluster_description: ""
  period: "12h0m0s"
  data-gatherers:
  - kind: k8s-discovery

deploy/charts/disco-agent/tests/configmap_test.yaml

@@ -14,3 +14,20 @@ tests:
  config.period: 1m
  asserts:
  - matchSnapshot: {}
+
+ - it: custom-cluster-name
+ set:
+ config.clusterName: "cluster-1 region-1 cloud-1 "
+ asserts:
+ - matchSnapshot: {}
+
+ - it: custom-cluster-description
+ set:
+ config.clusterDescription: |
+ A cloud hosted Kubernetes cluster hosting production workloads.
+
+ team: team-1
+ email: team-1@example.com
+ purpose: Production workloads
+ asserts:
+ - matchSnapshot: {}

deploy/charts/disco-agent/values.schema.json

@@ -104,6 +104,12 @@
  "helm-values.config": {
  "additionalProperties": false,
  "properties": {
+ "clusterDescription": {
+ "$ref": "#/$defs/helm-values.config.clusterDescription"
+ },
+ "clusterName": {
+ "$ref": "#/$defs/helm-values.config.clusterName"
+ },
  "excludeAnnotationKeysRegex": {
  "$ref": "#/$defs/helm-values.config.excludeAnnotationKeysRegex"
  },
@@ -116,6 +122,16 @@
  },
  "type": "object"
  },
+ "helm-values.config.clusterDescription": {
+ "default": "",
+ "description": "A short description of the cluster where the agent is deployed (optional).\n\nThis description will be associated with the data that the agent uploads to the Discovery and Context service. The description may include contact information such as the email address of the cluster administrator, so that any problems and risks identified by the Discovery and Context service can be communicated to the people responsible for the affected secrets.",
+ "type": "string"
+ },
+ "helm-values.config.clusterName": {
+ "default": "",
+ "description": "A human readable name for the cluster where the agent is deployed (optional).\n\nThis cluster name will be associated with the data that the agent uploads to the Discovery and Context service. If empty (the default), the service account name will be used instead.",
+ "type": "string"
+ },
  "helm-values.config.excludeAnnotationKeysRegex": {
  "default": [],
  "description": "You can configure the agent to exclude some annotations or labels from being pushed . All Kubernetes objects are affected. The objects are still pushed, but the specified annotations and labels are removed before being pushed.\n\nDots is the only character that needs to be escaped in the regex. Use either double quotes with escaped single quotes or unquoted strings for the regex to avoid YAML parsing issues with `\\.`.\n\nExample: excludeAnnotationKeysRegex: ['^kapp\\.k14s\\.io/original.*']",

deploy/charts/disco-agent/values.yaml

@@ -138,6 +138,22 @@ config:
  excludeAnnotationKeysRegex: []
  excludeLabelKeysRegex: []
 
+ # A human readable name for the cluster where the agent is deployed (optional).
+ #
+ # This cluster name will be associated with the data that the agent uploads to
+ # the Discovery and Context service. If empty (the default), the service
+ # account name will be used instead.
+ clusterName: ""
+
+ # A short description of the cluster where the agent is deployed (optional).
+ #
+ # This description will be associated with the data that the agent uploads to
+ # the Discovery and Context service. The description may include contact
+ # information such as the email address of the cluster administrator, so that
+ # any problems and risks identified by the Discovery and Context service can
+ # be communicated to the people responsible for the affected secrets.
+ clusterDescription: ""
+
 authentication:
  secretName: agent-credentials
 

deploy/charts/venafi-kubernetes-agent/templates/NOTES.txt

@@ -1,3 +1,11 @@
+{{- if .Values.config.configmap.name }}
+You are using a custom configuration in the following ConfigMap: {{ .Values.config.configmap.name | quote }}.
+
+DEPRECATION: The `cluster_id` configuration field is deprecated.
+If your configuration contains `cluster_id`, it will continue to work as a
+fallback, but please migrate to `cluster_name` to avoid ambiguity.
+{{- end }}
+
 {{- if .Values.authentication.venafiConnection.enabled }}
 - Check the VenafiConnection exists: "{{ .Values.authentication.venafiConnection.namespace }}/{{ .Values.authentication.venafiConnection.name }}"
 > kubectl get VenafiConnection -n {{ .Values.authentication.venafiConnection.namespace }} {{ .Values.authentication.venafiConnection.name }}

deploy/charts/venafi-kubernetes-agent/templates/configmap.yaml

@@ -9,7 +9,7 @@ metadata:
  {{- include "venafi-kubernetes-agent.labels" . | nindent 4 }}
 data:
  config.yaml: |-
- cluster_id: {{ .Values.config.clusterName | quote }}
+ cluster_name: {{ .Values.config.clusterName | quote }}
  cluster_description: {{ .Values.config.clusterDescription | quote }}
  server: {{ .Values.config.server | quote }}
  period: {{ .Values.config.period | quote }}