Configure Kubernetes Resource Collection
The Kubernetes collector is configured within the Resoto Worker configuration via the config command in Resoto Shell.
Enabling the Collector​
Open the Resoto Worker configuration via the
configcommand in Resoto Shell:> config edit resoto.workerAdd
k8sto the list of collectors by modifying the configuration as follows:Resoto Worker configurationresotoworker:
...
# List of collectors to run
collector:
- 'k8s'
...
...
Authentication​
You can authenticate with Kubernetes via kubeconfig files, manual configuration, or both.
- kubeconfig Files
- Manual Configuration
The easiest way to configure access to Kubernetes is to give Resoto Worker access to kubeconfig files.
Move or copy your kubeconfig files to the
~/.kubedirectory.Make your kubeconfig file(s) available to Resoto at
/home/resoto/.kube:- Docker
- Kubernetes
- pip
Add volume definition(s) for each kubeconfig file to the
resotoworkerservice indocker-compose.yaml:docker-compose.yamlservices:
...
resotoworker:
image: somecr.io/someengineering/resotoworker:3.2.6
...
volumes:
- $HOME/.kube:/home/resoto/.kube
...
...Recreate the
resotoworkercontainer with the updated service definition:$ docker-compose up -dnoteDocker Compose V2 integrated compose functions in to the Docker platform.
In Docker Compose V2, the command is
docker compose(no hyphen) instead ofdocker-compose.
Create a secret with the path(s) to your kubeconfig file(s):
$ kubectl -n resoto create secret generic kubernetes-auth \
--from-file=config_1=<PATH TO kubeconfig FILE>
--from-file=config_2=<PATH TO ANOTHER kubeconfig FILE>Update
resoto-values.yamlas follows:resoto-values.yaml...
resotoworker:
...
volumeMounts:
- mountPath: /home/resoto/.kube
name: kubeconfig-files
volumes:
- name: kubeconfig-files
secret:
secretName: kubernetes-auth
...Deploy these changes with Helm:
$ helm upgrade resoto resoto/resoto --set image.tag=3.2.6 -f resoto-values.yaml
Simply move or copy your kubeconfig file(s) to the
~/.kubedirectory. (Since Resoto is running on your local machine, it can access the file(s) directly.)noteThe following steps assume that the file(s) are named
config_1,config_2, etc.
Open the Resoto Worker configuration via the
configcommand in Resoto Shell:> config edit resoto.workerModify the
k8ssection of the configuration as follows, definingpathandcontextsfor each file:Resoto Worker configurationresotoworker:
...
...
k8s:
config_files:
- path: "/home/resoto/.kube/config_1"
all_contexts: false
contexts: ["context1", "context2"]
- path: "/home/resoto/.kube/config_2"
all_contexts: trueinfoIf a single kubeconfig file holds multiple contexts, it is possible to restrict the contexts to be used by defining them explicitly. Setting
all_contextstotruewill not filter, resulting in taking all found contexts.
Instead of exposing a kubeconfig file to Resoto Worker, you can alternatively supply credentials manually.
The required values can be found in the kubeconfig file:
| Option | kubeconfig Property |
|---|---|
server | clusters.cluster.server |
token | users.user.token |
certificate_authority_data | clusters.cluster.certificate-authority-data(only required if the server is using a self-signed certificate) |
Open the Resoto Worker configuration via the
configcommand in Resoto Shell:> config edit resoto.workerModify the
k8ssection of the configuration as follows:Resoto Worker configurationresotoworker:
...
...
k8s:
configs:
- name: 'dev'
certificate_authority_data: 'xxx'
server: 'https://k8s-cluster-server.example.com'
token: 'token'infoMultiple k8s clusters can be defined by adding multiple sets of values.
Resource Collection​
By default, Resoto performs resource collection each hour. To immediately trigger a collect run, use the workflow run command in Resoto Shell:
> workflow run collect
Once the collect run completes, you can view a summary of collected Kubernetes resources using the following search:
> search is(kubernetes_resource) | count kind