Full Flexera Kubernetes Agent Helm chart configuration and installation

IT Asset Management (Cloud)

The predefined out-of-the-box Full Flexera Kubernetes Inventory Agent Helm chart is available for download and can be pulled from the Flexera AWS ECR - https://gallery.ecr.aws/flexera/krm-chart.

Employing the Full Flexera Kubernetes Inventory Agent Helm chart will help to accelerate the deployment of the Full Flexera Kubernetes Inventory Agent to your Kubernetes clusters.

Once you have downloaded the Helm chart and saved it to a directory, you only need to edit the options within the values.yaml file as needed. The majority of options within the values.yaml file are predefined and each option has a descriptive comment.
Important: For the Full Flexera Kubernetes Inventory Agent, you must specify the FlexNet Beacon URL and persistent storage settings.

The steps and Helm commands needed to successfully download and install the Helm chart are detailed below. For general guidance on how to install Helm charts, see Helm Install in Helm's Online Help Documentation.

Installation steps

  1. Log in to the AWS Public ECR using the following command:
    $ aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin public.ecr.aws
  2. Either install the chart using this command (replace "release-name" with your own name, optionally replace the namespace "flexera" if appropriate to do so):
    $ helm install release-name oci://public.ecr.aws/flexera/krm-chart --set monitor.beaconURL="http://your-beacon.com" --namespace flexera --create-namespace
    or if a values.yaml file has been prepared, use this command:
    $ helm install release-name oci://public.ecr.aws/flexera/krm-chart -f ./values.yaml --namespace flexera --create-namespace
    or if the chart has been pulled and unpacked into a directory, use this command:
    $ helm install release-name ./flexera_charts/krm-chart --namespace flexera --create-namespace

How to download the chart into a local directory

To download the Helm chart into a local directory (offline installation), follow these steps:

  1. Create a directory to download and extract the Helm chart to using this command:
    $ mkdir ./flexera_charts
  2. Log in to the AWS Public ECR using this command:
    $ aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin public.ecr.aws
  3. Download and extract the krm-chart Helm chart using this command:
    $ helm pull oci://public.ecr.aws/flexera/krm-chart --untar --untardir ./flexera_charts

Parameter options

All of the parameters needed to deploy the Full Flexera Kubernetes Inventory Agent are listed below in the parameter options table.

The majority of parameters are predefined and do not need to be edited, except for the following:
  • For the monitor.beaconURL parameter, you must define the FlexNet Beacon URL [http://my-beacon.com].
  • You must also define the persistent storage parameters:
    • monitor.volumeClaimTemplate.storage.accessModes
    • monitor.volumeClaimTemplate.storage.storageClassName
    • monitor.volumeClaimTemplate.storage.resources.requests.storage.
Parameter Description Default Required
fullnameOverrideAsCustomName Override the default chart name "krm-chart" with a custom name.

For example, fullnameOverrideAsCustomName: [some name]

N/A N/A
fullnameOverrideAsReleaseName

Override the default chart name "krm-chart" with the release name.

For example, fullnameOverrideAsReleaseName: true

true N/A
openShiftExtensions.enabled

Install the extensions required for interoperability with OpenShift or OKD.

For example, openShiftExtensions.enabled: true

false N/A
ibmLicensingExtensions.enabled

Install the extensions required to use RBAC-based authentication with the IBM Licensing Service

For example, ibmLicensingExtensions.enabled: true

true N/A
storageResourcesExtensions.enabled

Install the extensions required to collect data on cluster storage resources

For example, storageResourcesExtensions.enabled: true

true N/A
ibmLicensing.enable

Activates the IBM License Service integration.

For example, ibmLicensing.enable: true

false N/A
ibmLicensing.auth

Set the authentication strategy for IBM License Service. If not set, the default will be used. The default is intended to track License Service's default. Valid values are "standard", "rbac".

For example, ibmLicensing.enable: "standard"

N/A N/A
ibmLicensing.https

Indicate whether the IBM License Service API is being served over HTTPS. If not set, the agent will discover the setting.

For example, ibmLicensing.https: true

N/A N/A
ibmLicensing.namespace

The namespace in which the IBM License Service components are deployed. If not set, the agent will discover the correct namespace.

For example, ibmLicensing.namespace: "ibm-common-services"

N/A N/A
ibmLicensing.serviceName

Set the name of the Service that exposes access to the IBM License Service API. If not set, the agent will discover the Service name

For example, ibmLicensing.serviceName: "ibm-licensing-service-instance"

N/A N/A
ibmLicensing.servicePort

Set the TCP port of the service exposing the IBM License Service API. If not set, the agent will discover the port.

For example, ibmLicensing.servicePort: 8080

N/A N/A
ibmLicensing.tlsVerify

Enable or disable verification of X509 certificates when communicating with the IBM License Service API. This should be set to false if the service uses HTTPS and a self-signed certificate.

For example, ibmLicensing.tlsVerify: false

N/A N/A
ibmLicensing.token

Set the client token used for authentication with the IBM License Service API. If not set, the agent will discover the token.

For example, ibmLicensing.token: "VoOMWJijBWuCxSxwgON11w7z"

N/A N/A
logLevel

Set the log level for all agent components. When omitted, the default log level is "info". Valid values include "trace", "debug", "info", "warn", "error", and "fatal".

For example, logLevel: info

info N/A
imageTemplate.image.registry Override the container image used to deploy the agent. (note /flexera/krm gets appended to the registry value) public.ecr.aws N/A
imageTemplate.image.version Version of image. current image version N/A
imagePullSecretsTemplate.imagePullSecrets.name Secrets used to pull the container image from the registry. When set, these secrets are propagated to all of the agent's Pods. If pull secrets were associated with the service account or the registry does not require authentication, this can be omitted. See Pull an Image from a private registry configuration attribute in the Online Help. N/A N/A
monitor.logLevel

Set the logging level of the monitor component. Note that this overrides the field of the same name at the top level of the KRM spec.

For example, monitor.logLevel: info

info N/A
monitor.beaconURL

The URL of the inventory beacon.

Important: This field is mandatory.

For example, monitor.beaconURL: http://my-bacon.com

"http://my-beacon.com" Yes
monitor.interval

The interval on which the agent produces and uploads inventory files to the beacon. (examples 5m or 6h).

For example, monitor.interval: 6h

2h N/A
monitor.downloadFromBeacon

Enable or disable downloading policy updates from the beacon. This behavior is enabled by default, so this field only needs to be set when it should be disabled.

For example, monitor.downloadFromBeacon: true

true N/A
monitor.collectStorage

Enable or disable a feature, disabled by default, whereby the agent collects data on additional resource types related to storage. Note that this requires the "storage-resources" extension to be installed so that the agent has the necessary additional API permissions.

For example, monitor.collectStorage: false

false N/A
monitor.imageInventory

Enable or disable obtaining software inventories from container images used in the cluster. This is enabled by default, so this value only needs to be set when it should be disabled.

For example, monitor.imageInventory: true

true N/A
monitor.volumeClaimTemplate.storage.accessModes Claims access modes (for example, they can be mounted ReadWriteOnce, ReadOnlyMany, ReadWriteMany, or ReadWriteOncePod, see AccessModes in the Kubernetes Online Help Documentation).

For example, monitor.volumeClaimTemplate.storage.accessModes: ["ReadWriteOnce"]

["ReadWriteOnce"] Yes
monitor.volumeClaimTemplate.storage.storageClassName

A PV can have a class, which is specified by setting the storageClassName attribute to the name of a Storage Class. See StorageClasses in the Kubernetes Online Help Documentation.

For example, monitor.volumeClaimTemplate.storage.storageClassName: standard

standard Yes
monitor.volumeClaimTemplate.storage.resources.requests.storage

Claims storage size

For example, monitor.volumeClaimTemplate.storage.resources.requests.storage: 2Gi

2Gi Yes
monitor.tlsFilesTemplate.tlsFiles.secret.secretName

A volume source containing optional TLS certificates and keys. See Supporting Custom Certificates for HTTPS in the Online Help for details on how this feature works.

For example, monitor.tlsFilesTemplate.tlsFiles.secretName: myorg-certificates

N/A N/A
monitor.configPatchTemplate.configPatch.name

A config map volume source containing config.ini patches. See Patching config.ini through Flexera Kubernetes Inventory Agent in the Online Help for details on how this feature works.

For example, monitor.configPatchTemplate.configPatch.name: krm-config

N/A N/A
node.enable

Enable or disable the node component. The node component produces inventory files that are critical to the product, so it should not be disabled without fully understanding the ramifications. It is obviously enabled by default, so this value only needs to be set when disabling the component.

For example, enable: true

true N/A
node.logLevel

Set the logging level of the node component. Note that this overrides the field of the same name at the top level of the KRM spec.

For example, logLevel: info

info N/A
node.interval

The interval on which the node agent produces hardware inventory files.

For example, interval: 30m

30 N/A
node.readyRetries

The number of times to attempt to connect to the monitor component's Service before giving up.

For example, readyRetries: 20

20 N/A
node.readyWait

Duration to wait between attempts to connect to the monitor component's Service.

For example, readyWait: 2s

2s N/A
node.mountHostFS

Enable or disable the node mounting of the host file system. The node component will mount the /etc/os-release file and /var/lib directory, in read-only mode when this is enabled. The reason for this option is to be able to report on what OS the node host is running as well as which rpm packages are installed.

For example, mountHostFS: false

false N/A
node.collectHostRpmInfo

Enable or disable the node collection of RPM package evidence from the host file system. The node component will collect RPM package evidence from the node host if this option is enabled and together with the MountHostFS option which also needs to be enabled.

For example, collectHostRpmInfo: false

false N/A
node.mustUpload

Exit immediately if an attempt to upload an inventory file is unsuccessful.

For example, mustUpload: true

true N/A
node.privileged

Enable or disable the setting of the privileged bit on the node component's containers. The privileged bit is needed in order for the node component to observe the BIOS data in the underlying server, which includes the server's serial number. This field is true by default, so it only needs to be set in order to be disabled.

For example, privileged: true

true N/A

IT Asset Management (Cloud)

Current