Two FlexNet Kubernetes Agents
- Kubernetes cluster inventory—Collected through the Kubernetes API.
- Kubernetes image inventory—Required to discover software installed within the Kubernetes container images used to spin up containers.
- Kubernetes Node inventory—Required to discover software and detailed
hardware inventory of the Node operating system.Tip: Kubernetes cluster Nodes can be virtual machines or physical hosts. They provide computing resources to the Kubernetes containers.
- Standard Flexera Kubernetes inventory agent
This agent is sometimes called the "full" Kubernetes inventory agent, which is the primary implementation that is recommended for most organizations.
The Standard Flexera Kubernetes inventory agent collects a complete inventory of the Kubernetes cluster infrastructure, covering all three components mentioned above, which includes:
- Collection of the Kubernetes cluster inventory through the Kubernetes API.
- Collection of the Kubernetes image inventory through software discovery of the container images deployed in the Kubernetes cluster. You have the option to turn this collection on or off. Flexera recommends turning it on when the Kubernetes inventory agent is deployed to discover software installed in each image used to initiate containers.
- Collection of the Kubernetes Node inventory. You have the option
to turn this collection on or off. Flexera recommends turning it on.
Important: When the Kubernetes Node inventory collection is turned on, the FlexNet Inventory Agent for Linux should not be deployed on the Node operating system.Tip: It is best practice that Nodes in a Kubernetes cluster only run Kubernetes components but not other software. However, in the case where other non-Kubernetes software is also installed on a Node server, it is possible to separately install the standard FlexNet Inventory Agent on that server for inventory collection of the other software. If this scenario happens, you must disable the container inventory feature of the standard FlexNet Inventory Agent; otherwise, there will be duplicate container inventory reports from both the Kubernetes inventory agent and the FlexNet Inventory Agent.
- Lightweight Kubernetes inventory agent
This agent is intended for high security environments, omitting some features, automation, and capabilities present in the other agent in order to have the smallest possible footprint, and to provide the maximum manual control of its configuration and operation.
The Lightweight Kubernetes inventory agent only collects the Kubernetes cluster inventory through the Kubernetes API, but does not collect the Kubernetes image inventory or the Kubernetes Node inventory.
To collect the container image inventory, use the imgtrack tool through CI/CD pipelines to scan the image and upload the image inventory file to the inventory beacon.
To collect the Node inventory, you can use the standard FlexNet Inventory Agent for Linux.
Information collected
One instance of either Kubernetes inventory agent is deployed into each Kubernetes
cluster as a native containerized application, and is managed using standard
Kubernetes tooling. Either agent observes the cluster into which it is deployed,
produces inventory files containing the observed data, and uploads the files to an
existing FlexNet inventory beacon. The agent collects its information by
connecting to the Kubernetes API, and using the watch interfaces to
subscribe to event streams for the resources it needs to monitor. It extracts the
data it needs from the API data and stores it in a local cache (either in persistent
storage or in memory), periodically flushing the data out into an inventory
(.ndi) file. Because both of these agents target the
standard Kubernetes API, they can operate with minimal configuration on any platform
based Kubernetes version 1.16 or later.
- Basic cluster metadata:
- Kubernetes version
- A unique ID for the cluster
- The Nodes that compose the cluster:
- Hardware resources
- Serial number of the underlying server (Standard Flexera Kubernetes inventory agent only, optional)
- Cloud instance metadata for the underlying server (Standard Flexera Kubernetes inventory agent only, optional)
- The Pods that are deployed in the cluster:
- The images on which the containers are based
- Resource limits applied to containers
- Usage: when, how many, and for how long Pods are used
- Software-identifying annotations applied to Pods
- Kubernetes resources that own Pods for contextualization (optional)
- Data from the IBM License Service about IBM software (in particular, IBM Cloud Paks) running in the cluster (optional)
- Additional software content of images (Standard Flexera Kubernetes inventory agent only, optional).
Supported architectures
- The x86_64 architecture, which is designed for AMD and Intel 64-bit computers.
- The s390x architecture, also known as "System z", "zSystems", or "z/Architecture", which is a mainframe architecture developed and supported by IBM.
- The ARM64 architecture, also known as the AArch64 architecture, which can run on the Amazon Graviton processors.
Choosing between the agents
The Standard Flexera Kubernetes inventory agent is recommended for most environments, because it offers relative ease of use and complete software inventory of the contents of containers and Nodes. The Lightweight Kubernetes inventory agent can be considered for cases where container image scanning might not be allowed due to required permission using Kubernetes Role Based Access Control (RBAC). The decision between these two agents normally involves a conversation between your ITAM team and the platform team managing your Kubernetes environment.
| Factor | Standard Flexera Kubernetes inventory agent | Lightweight Kubernetes inventory agent |
|---|---|---|
|
Configuration |
May be automated. |
Requires manual specification, either with command-line flags on the installer, or editing of .yaml files. |
|
Persistent storage |
Requires persistent storage within its container. |
Primarily intended to operate without persistent storage (although this can be configured as usual within Kubernetes). |
| Permissions | Controlled by role, includes read/write options. Requires limited Kubernetes write permissions as part of automated management. Normally run as a root user (especially if calling the FlexNet Inventory Agent). |
Fewest possible permissions, and read-only. Can run as a non-root user. |
|
Operator pattern |
Required option (which requires write permissions in the controller). |
Not supported. |
|
Container image |
Default image supplied, including pre-configuration. Includes standard (Linux) OS layer. |
"From scratch" (single, stand-alone binary executable, written in Go), with manual configuration required. Container can be immutable at run time. |
| Integration with IBM License Service |
Supported (off by default, must be enabled). |
Supported (off by default, must be enabled). |
|
Additional software inventory |
Can inject the FlexNet Inventory Agent temporarily into a container to collect inventory of ancillary software. Minimizes this process by assessing only one container per image. |
Not supported. Other than reporting IBM Cloud Paks (through integration with IBM License Service), third-party tools are required to take inventory of software within containers. |
| Prerequisite software | The following software tools must be installed: | The following software tools must be installed: |
Installation instructions
To download and install the Standard Flexera Kubernetes inventory agent, see Download Flexera Kubernetes Inventory Agent in the Online Help.
To download and install the Lightweight Kubernetes inventory agent, see The Lightweight Kubernetes Agent.
IT Asset Management (Cloud)
Current