Full Flexera Kubernetes Agent Helm chart configuration and installation
The predefined out-of-the-box Full Flexera Kubernetes Inventory Agent Helm chart is available for download and can be pulled from the Flexera AWS ECR - https://gallery.ecr.aws/flexera/krm-chart.
Employing the Full Flexera Kubernetes Inventory Agent Helm chart will help to accelerate the deployment of the Full Flexera Kubernetes Inventory Agent to your Kubernetes clusters.
The steps and Helm commands needed to successfully download and install the Helm chart are detailed below. For general guidance on how to install Helm charts, see Helm Install in Helm's Online Help Documentation.
Installation steps
- Log in to the AWS Public ECR using the following
command:
$ aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin public.ecr.aws
- Either install the chart using this command (replace "release-name" with
your own name, optionally replace the namespace "flexera" if appropriate to
do
so):
or if a values.yaml file has been prepared, use this command:$ helm install release-name oci://public.ecr.aws/flexera/krm-chart --set monitor.beaconURL="http://your-beacon.com" --namespace flexera --create-namespace
or if the chart has been pulled and unpacked into a directory, use this command:$ helm install release-name oci://public.ecr.aws/flexera/krm-chart -f ./values.yaml --namespace flexera --create-namespace
$ helm install release-name ./flexera_charts/krm-chart --namespace flexera --create-namespace
How to download the chart into a local directory
To download the Helm chart into a local directory (offline installation), follow these steps:
- Create a directory to download and extract the Helm chart to using this
command:
$ mkdir ./flexera_charts
- Log in to the AWS Public ECR using this
command:
$ aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin public.ecr.aws
- Download and extract the krm-chart Helm chart using this
command:
$ helm pull oci://public.ecr.aws/flexera/krm-chart --untar --untardir ./flexera_charts
Parameter options
All of the parameters needed to deploy the Full Flexera Kubernetes Inventory Agent are listed below in the parameter options table.
- For the monitor.beaconURL parameter, you must define the FlexNet Beacon URL [http://my-beacon.com].
- You must also define the persistent storage parameters:
- monitor.volumeClaimTemplate.accessModes
- monitor.volumeClaimTemplate.storageClassName
- monitor.volumeClaimTemplate.resources.requests.storage.
Parameter | Description | Default | Required |
---|---|---|---|
fullnameOverrideAsCustomName | Override the default chart name "krm-chart" with a custom
name. For example, fullnameOverrideAsCustomName: [some name] |
N/A | N/A |
fullnameOverrideAsReleaseName |
Override the default chart name "krm-chart" with the release name. For example, fullnameOverrideAsReleaseName: true |
true | N/A |
openShiftExtensions.enabled |
Install the extensions required for interoperability with OpenShift or OKD. For example, openShiftExtensions.enabled: true |
false | N/A |
ibmLicensingExtensions.enabled |
Install the extensions required to use RBAC-based authentication with the IBM Licensing Service For example, ibmLicensingExtensions.enabled: true |
true | N/A |
storageResourcesExtensions.enabled |
Install the extensions required to collect data on cluster storage resources For example, storageResourcesExtensions.enabled: true |
true | N/A |
ibmLicensing.enable |
Activates the IBM License Service integration. For example, ibmLicensing.enable: true |
false | N/A |
ibmLicensing.auth |
Set the authentication strategy for IBM License Service. If not set, the default will be used. The default is intended to track License Service's default. Valid values are "standard", "rbac". For example, ibmLicensing.enable: "standard" |
N/A | N/A |
ibmLicensing.https |
Indicate whether the IBM License Service API is being served over HTTPS. If not set, the agent will discover the setting. For example, ibmLicensing.https: true |
N/A | N/A |
ibmLicensing.namespace |
The namespace in which the IBM License Service components are deployed. If not set, the agent will discover the correct namespace. For example, ibmLicensing.namespace: "ibm-common-services" |
N/A | N/A |
ibmLicensing.serviceName |
Set the name of the Service that exposes access to the IBM License Service API. If not set, the agent will discover the Service name For example, ibmLicensing.serviceName: "ibm-licensing-service-instance" |
N/A | N/A |
ibmLicensing.servicePort |
Set the TCP port of the service exposing the IBM License Service API. If not set, the agent will discover the port. For example, ibmLicensing.servicePort: 8080 |
N/A | N/A |
ibmLicensing.tlsVerify |
Enable or disable verification of X509 certificates when communicating with the IBM License Service API. This should be set to false if the service uses HTTPS and a self-signed certificate. For example, ibmLicensing.tlsVerify: false |
N/A | N/A |
ibmLicensing.token |
Set the client token used for authentication with the IBM License Service API. If not set, the agent will discover the token. For example, ibmLicensing.token: "VoOMWJijBWuCxSxwgON11w7z" |
N/A | N/A |
logLevel |
Set the log level for all agent components. When omitted, the default log level is "info". Valid values include "trace", "debug", "info", "warn", "error", and "fatal". For example, logLevel: info |
info | N/A |
imageTemplate.registry | Override the container image used to deploy the agent. (note /flexera/krm gets appended to the registry value) | public.ecr.aws | N/A |
imageTemplate.version | Version of image. | current image version | N/A |
imagePullSecretsTemplate.name | Secrets used to pull the container image from the registry. When set, these secrets are propagated to all of the agent's Pods. If pull secrets were associated with the service account or the registry does not require authentication, this can be omitted. See Pull an Image from a private registry configuration attribute in the Online Help. | N/A | N/A |
monitor.logLevel |
Set the logging level of the monitor component. Note that this overrides the field of the same name at the top level of the KRM spec. For example, monitor.logLevel: info |
info | N/A |
monitor.beaconURL |
The URL of the inventory beacon. Important: This field is mandatory.
For example, monitor.beaconURL: http://my-bacon.com |
"http://my-beacon.com" | Yes |
monitor.interval |
The interval on which the agent produces and uploads inventory files to the beacon. (examples 5m or 6h). For example, monitor.interval: 6h |
2h | N/A |
monitor.downloadFromBeacon |
Enable or disable downloading policy updates from the beacon. This behavior is enabled by default, so this field only needs to be set when it should be disabled. For example, monitor.downloadFromBeacon: true |
true | N/A |
monitor.collectStorage |
Enable or disable a feature, disabled by default, whereby the agent collects data on additional resource types related to storage. Note that this requires the "storage-resources" extension to be installed so that the agent has the necessary additional API permissions. For example, monitor.collectStorage: false |
false | N/A |
monitor.imageInventory |
Enable or disable obtaining software inventories from container images used in the cluster. This is enabled by default, so this value only needs to be set when it should be disabled. For example, monitor.imageInventory: true |
true | N/A |
monitor.volumeClaimTemplate.accessModes | Claims access modes (for example, they can be mounted
ReadWriteOnce, ReadOnlyMany, ReadWriteMany, or ReadWriteOncePod, see
AccessModes in the
Kubernetes Online Help Documentation). For example, monitor.volumeClaimTemplate.accessModes: ["ReadWriteOnce"] |
["ReadWriteOnce"] | Yes |
monitor.volumeClaimTemplate.storageClassName |
A PV can have a class, which is specified by setting the
For example, monitor.volumeClaimTemplate.storageClassName: standard |
standard | Yes |
monitor.volumeClaimTemplate.resources.requests.storage |
Claims storage size For example, monitor.volumeClaimTemplate.resources.requests.storage: 2Gi |
2Gi | Yes |
monitor.tlsFilesTemplate.secret.secretName |
A volume source containing optional TLS certificates and keys. See Supporting Custom Certificates for HTTPS in the Online Help for details on how this feature works. For example, monitor.tlsFilesTemplate.secret.secretName: myorg-certificates |
N/A | N/A |
monitor.configPatchTemplate.name |
A config map volume source containing config.ini patches. See Patching config.ini through Flexera Kubernetes Inventory Agent in the Online Help for details on how this feature works. For example, monitor.configPatchTemplate.name: krm-config |
N/A | N/A |
node.enable |
Enable or disable the node component. The node component produces inventory files that are critical to the product, so it should not be disabled without fully understanding the ramifications. It is obviously enabled by default, so this value only needs to be set when disabling the component. For example, enable: true |
true | N/A |
node.logLevel |
Set the logging level of the node component. Note that this overrides the field of the same name at the top level of the KRM spec. For example, logLevel: info |
info | N/A |
node.interval |
The interval on which the node agent produces hardware inventory files. For example, interval: 30m |
30 | N/A |
node.readyRetries |
The number of times to attempt to connect to the monitor component's Service before giving up. For example, readyRetries: 20 |
20 | N/A |
node.readyWait |
Duration to wait between attempts to connect to the monitor component's Service. For example, readyWait: 2s |
2s | N/A |
node.mountHostFS |
Enable or disable the node mounting of the host file system. The node component will mount the /etc/os-release file and /var/lib directory, in read-only mode when this is enabled. The reason for this option is to be able to report on what OS the node host is running as well as which rpm packages are installed. For example, mountHostFS: false |
false | N/A |
node.collectHostRpmInfo |
Enable or disable the node collection of RPM package evidence from the host file system. The node component will collect RPM package evidence from the node host if this option is enabled and together with the MountHostFS option which also needs to be enabled. For example, collectHostRpmInfo: false |
false | N/A |
node.mustUpload |
Exit immediately if an attempt to upload an inventory file is unsuccessful. For example, mustUpload: true |
true | N/A |
node.privileged |
Enable or disable the setting of the privileged bit on the node component's containers. The privileged bit is needed in order for the node component to observe the BIOS data in the underlying server, which includes the server's serial number. This field is true by default, so it only needs to be set in order to be disabled. For example, privileged: true |
true | N/A |
IT Asset Management (Cloud)
Current