Two FlexNet Kubernetes Agents

IT Asset Management (Cloud)
The Kubernetes inventory consists of the following three components.
  • Kubernetes cluster inventory—Collected through the Kubernetes API.
  • Kubernetes image inventory—Required to discover software installed within the Kubernetes container images used to spin up containers.
  • Kubernetes Node inventory—Required to discover software and detailed hardware inventory of the Node operating system.
    Tip: Kubernetes cluster Nodes can be virtual machines or physical hosts. They provide computing resources to the Kubernetes containers.
Flexera provides the following two types of Kubernetes inventory agents. They are standalone applications specifically designed to capture inventory data from Kubernetes clusters, and are entirely independent of the standard FlexNet Inventory Agent that collects full hardware and software inventory from a variety of environments.
  • Standard Flexera Kubernetes Inventory Agent

    This agent is sometimes called the "full" Kubernetes inventory agent, which is the primary implementation that is recommended for most organizations.

    The Standard Flexera Kubernetes Inventory Agent collects a complete inventory of the Kubernetes cluster infrastructure, covering all three components mentioned above, which includes:

    • Collection of the Kubernetes cluster inventory through the Kubernetes API.
    • Collection of the Kubernetes image inventory through software discovery of the container images deployed in the Kubernetes cluster. You have the option to turn this collection on or off. Flexera recommends turning it on when the Kubernetes inventory agent is deployed to discover software installed in each image used to initiate containers.
    • Collection of the Kubernetes Node inventory. You have the option to turn this collection on or off. Flexera recommends turning it on.
      Important: When the Kubernetes Node inventory collection is turned on, the FlexNet Inventory Agent for Linux should not be deployed on the Node operating system.
      Tip: It is best practice that Nodes in a Kubernetes cluster only run Kubernetes components but not other software. However, in the case where other non-Kubernetes software is also installed on a Node server, it is possible to separately install the standard FlexNet Inventory Agent on that server for inventory collection of the other software. If this scenario happens, you must disable the container inventory feature of the standard FlexNet Inventory Agent; otherwise, there will be duplicate container inventory reports from both the Kubernetes inventory agent and the FlexNet Inventory Agent.
  • Lightweight Kubernetes Inventory Agent

    This agent is intended for high security environments, omitting some features, automation, and capabilities present in the other agent in order to have the smallest possible footprint, and to provide the maximum manual control of its configuration and operation.

    The Lightweight Kubernetes Inventory Agent only collects the Kubernetes cluster inventory through the Kubernetes API, but does not collect the Kubernetes image inventory or the Kubernetes Node inventory.

    To collect the container image inventory, use the imgtrack tool through CI/CD pipelines to scan the image and upload the image inventory file to the inventory beacon.

    To collect the Node inventory, you can use the standard FlexNet Inventory Agent for Linux.

Information collected

One instance of either Kubernetes inventory agent is deployed into each Kubernetes cluster as a native containerized application, and is managed using standard Kubernetes tooling. Either agent observes the cluster into which it is deployed, produces inventory files containing the observed data, and uploads the files to an existing FlexNet inventory beacon. The agent collects its information by connecting to the Kubernetes API, and using the watch interfaces to subscribe to event streams for the resources it needs to monitor. It extracts the data it needs from the API data and stores it in a local cache (either in persistent storage or in memory), periodically flushing the data out into an inventory (.ndi) file. Because both of these agents target the standard Kubernetes API, they can operate with minimal configuration on any platform based Kubernetes version 1.16 or later.

Either agent collects the following information from the cluster where its container is installed:
  • Basic cluster metadata:
    • Kubernetes version
    • A unique ID for the cluster
  • The Nodes that compose the cluster:
    • Hardware resources
    • Serial number of the underlying server (Standard Flexera Kubernetes Inventory Agent only, optional)
    • Cloud instance metadata for the underlying server (Standard Flexera Kubernetes Inventory Agent only, optional)
  • The Pods that are deployed in the cluster:
    • The images on which the containers are based
    • Resource limits applied to containers
    • Usage: when, how many, and for how long Pods are used
    • Software-identifying annotations applied to Pods
    • Kubernetes resources that own Pods for contextualization (optional)
  • Data from the IBM License Service about IBM software (in particular, IBM Cloud Paks) running in the cluster (optional)
  • Additional software content of images (Standard Flexera Kubernetes Inventory Agent only, optional).

Supported architectures

The following hardware architectures are supported:
  • The x86_64 architecture, which is designed for AMD and Intel 64-bit computers.
  • The s390x architecture, also known as "System z", "zSystems", or "z/Architecture", which is a mainframe architecture developed and supported by IBM.
  • The ARM64 architecture, also known as the AArch64 architecture, which can run on the Amazon Graviton processors.

Choosing between the agents

The Standard Flexera Kubernetes Inventory Agent is recommended for most environments, because it offers relative ease of use and complete software inventory of the contents of containers and Nodes. The Lightweight Kubernetes Inventory Agent can be considered for cases where container image scanning might not be allowed due to required permission using Kubernetes Role Based Access Control (RBAC). The decision between these two agents normally involves a conversation between your ITAM team and the platform team managing your Kubernetes environment.

When choosing between the Standard Flexera Kubernetes Inventory Agent and the Lightweight Kubernetes Inventory Agent, the following factors may assist:
Factor Standard Flexera Kubernetes Inventory Agent Lightweight Kubernetes Inventory Agent

Configuration

May be automated.

Requires manual specification, either with command-line flags on the installer, or editing of .yaml files.

Persistent storage

Requires persistent storage within its container.

Primarily intended to operate without persistent storage (although this can be configured as usual within Kubernetes).

Permissions Controlled by role, includes read/write options. Requires limited Kubernetes write permissions as part of automated management. Normally run as a root user (especially if calling the FlexNet Inventory Agent).

Fewest possible permissions, and read-only. Can run as a non-root user.

Operator pattern

Required option (which requires write permissions in the controller).

Not supported.

Container image

Default image supplied, including pre-configuration. Includes standard (Linux) OS layer.

"From scratch" (single, stand-alone binary executable, written in Go), with manual configuration required. Container can be immutable at run time.

Integration with IBM License Service

Supported (off by default, must be enabled).

Supported (off by default, must be enabled).

Additional software inventory

Can inject the FlexNet Inventory Agent temporarily into a container to collect inventory of ancillary software. Minimizes this process by assessing only one container per image.

Not supported. Other than reporting IBM Cloud Paks (through integration with IBM License Service), third-party tools are required to take inventory of software within containers.

Prerequisite software The following software tools must be installed: The following software tools must be installed:

Installation instructions

To download and install the Standard Flexera Kubernetes Inventory Agent, see Download Flexera Kubernetes Inventory Agent in the Online Help.

To download and install the Lightweight Kubernetes Inventory Agent, see The Lightweight Kubernetes Agent.

IT Asset Management (Cloud)

Current