How the Lightweight Kubernetes Agent Works

IT Asset Management (Cloud)

After you have downloaded and installed the Lightweight Kubernetes Inventory Agent (see Downloading the Lightweight Kubernetes Agent and associated sub-topics), Kubernetes instantiates your container, and the Lightweight Kubernetes Inventory Agent immediately connects to the Kubernetes API, and uses the watch interfaces to subscribe to the events streams for the Node, Namespace, and Pod resources in the cluster that it needs to monitor.

More specifically, the Lightweight Kubernetes Inventory Agent (using read-only permissions):
  • Reads the kube-system Namespace, obtaining its UID to use as a cluster identifier (get namespace)
  • Reads the Kubernetes version
  • Watches the Nodes resource (watch nodes) to extract the hardware resources of the working nodes (servers) that compose the cluster, and to receive updates should any nodes be modified, added, or removed
  • Watches the Namespaces resource (watch namespaces) for its cluster, so it can identify the namespaces needed for finding Pods
  • Watches the Pods resource for each namespace (watch pods), recording each event when Pods are created, modified, or deleted; and extracting:
    • Basic identifying information about the Pod, and runtime information such as when the Pod was started
    • The images on which the containers used on the pods are based
    • Resource constraints applied to containers
    • Usage: when, how many, and for how long Pods are used
    • Software-identifying annotations applied to Pods
      Note: Annotations can be of arbitrary size, and may potentially include sensitive data. For this reason, the Lightweight Kubernetes Inventory Agent captures only the known set of annotations required by the IBM License Service:
      • productID
      • productName
      • productMetric
      • cloudpakId
      • cloudpakName
      • cloudpakVersion
      • productChargedContainers
      • productCloudpakRatio.
    • If ancestry is configured, the Kubernetes resources that own Pods for contextualization
      Tip: Currently there is no support in the web interface of IT Asset Management for displaying the chains of ownership of Pods, for which reason it is not recommended that you enable this functionality at this time.

All of the above subscriptions take place concurrently, relying on the event subscriptions provided by Kubernetes (that is, it does not poll the API on a preset interval).

Separately, if the --ibm-licensing flag (and its companion flags) have been set during installation (or edited in the deployment.yaml file), the Lightweight Kubernetes Inventory Agent also collects data from the IBM License Service about IBM software (in particular, IBM Cloud Paks) running in the cluster, assembling a rolling window of 180 days of relevant licensing data (more details in Inventory from IBM License Service).

By default, the Lightweight Kubernetes Inventory Agent spends about 5 minutes gathering this data, and then writes it into one or more .ndi inventory files (see full details in Inventory Uploaded by the Kubernetes Agents and its sub-topics), and uploads the result to its nominated inventory beacon. It then waits for 24 hours (by default), and again writes the latest collected inventory into .ndi files for upload.

IT Asset Management (Cloud)