Kyverno
Kyverno Kyverno 是一个专为 Kubernetes 设计的策略引擎。 Kyverno 策略可以验证、mutation、生成和清理 Kubernetes 资源,允许集群管理员为其集群执行最佳配置实践。
使用 Port 的 Kubernetes 导出器,您可以跟踪不同集群中的所有 Kyverno 资源,并将所有策略和报告导出到 Port。 您将使用来自 kubernetes 资源和 CRD 的内置元数据在 Port 中创建实体,并跟踪其状态。
先决条件
- Helm must be installed to use the chart. Please refer to Helm's documentation to get started;
- The
jqcommand must installed; - The
yqcommand must installed; - The
kubectlcommand must be installed; - Have your Port credentials ready.
In this use-case, you will use a custom bash script which will assist you in the process of installing Port's K8s exporter.
The script will install the helm chart to the Kubernetes cluster which is currently in kubectl context. To view the context name of the cluster the exporter will be installed on, run:
kubectl config current-context
设置蓝图和资源映射
下文将指导您使用安装脚本设置蓝图和资源映射。您可以阅读有关安装脚本的更多信息here 。
创建蓝图
安装脚本提供了一种创建蓝图的便捷方法。 使用 CUSTOM_BP_PATH 环境变量,您可以获取预定义的 blueprints.json 来创建蓝图。 在本例中,您将使用this file 来定义蓝图。请通过运行
export CUSTOM_BP_PATH="https://github.com/port-labs/template-assets/blob/main/kubernetes/blueprints/kyverno-blueprints.json"
该 blueprints.json 文件定义了以下蓝图:
- 集群
- namespace
- 节点
- 节点
- 复制集
- 工作量
- Kyverno 策略
- Kyverno 策略报告
- Workload "是创建和管理 pod 的 Kubernetes 对象的抽象。
通过创建该蓝图,可以避免为每种工作负载类型创建专用蓝图,因为所有这些蓝图都可能
看起来非常相似。
以下是 "Workload "将代表的 kubernetes 对象列表:
- 部署
- 状态集
- 守护进程集
- Kyverno策略 "是最重要的Kyverno资源之一,让开发人员能够在Kubernetes集群中设置和执行策略规则。
- Kyverno策略报告 "是另一个重要的Kyverno资源,它包含将策略应用到Kubernetes集群的结果。
导出自定义资源映射
使用 CONFIG_YAML_URL 参数,可以定义自定义资源映射,以便在安装导出程序时使用。
在本例中,您将被用于 ** this configuration file**。为此,请运行
export CONFIG_YAML_URL="https://github.com/port-labs/template-assets/blob/main/kubernetes/templates/kyverno-kubernetes_v1_config.yaml"
现在,您可以使用以下代码片段运行安装脚本:
export CLUSTER_NAME="my-cluster"
export PORT_CLIENT_ID="my-port-client-id"
export PORT_CLIENT_SECRET="my-port-client-secret"
curl -s https://raw.githubusercontent.com/port-labs/template-assets/main/kubernetes/install.sh | bash
现在您可以浏览您的 Port 环境,查看蓝图是否已创建,您的 k8s 和 Kyverno 资源是否正在使用新安装的 k8s 导出器向 Port 报告。
安装脚本如何工作?
Port's K8s exporter installation script will assist you in the process of installing Port's K8s exporter template using helm chart.
This script will help you with:
- setting up your custom Port blueprints;
- installing Port's k8s exporter using helm (check out the Helm chart's source code);
- deploying your custom integration resources configuration
You can view the bash script here.
General installation configuration
The script supports configuration via environment variables.
For each variable you'd like to set, run the following command before running the script:
export {VARIABLE_NAME}={value}
| Environment Variable | Description | Default |
|---|---|---|
PORT_CLIENT_ID | Required - Your Port organization's Client ID used to authenticate the exporter to Port | |
PORT_CLIENT_SECRET | Required - Your Port organization's Client Secret used to authenticate the exporter to Port | |
CUSTOM_BP_PATH | Required - The URL/path to a json file with an array of blueprint objects to create. Can be either a https://domain.com/path/to/blueprint.json format URL, or a local path to a file envs/production/blueprint.json. | |
CONFIG_YAML_URL | Required - The URL/path to the desired integration resource mapping. Can be either an https format URLhttps://domain.com/path/to/config.yaml, or a local path to a file envs/production/config.yaml | https://github.com/port-labs/template-assets/blob/main/kubernetes/kubernetes_config.yaml |
TARGET_NAMESPACE | Optional - The Kubernetes namespace in which the exporter will be installed | port-k8s-exporter |
DEPLOYMENT_NAME | Optional - The Kubernetes deployment name the exporter will be installed as | port-k8s-exporter |
CLUSTER_NAME | Optional - The cluster's name as it will be exported to. Check out the note bellow for more information. | my-cluster |
- CLUSTER_NAME: The script will set the cluster's name as the
CLUSTER_NAMEenvironment variable. This name will be used as the cluster's name in integration resources configuration. If you'd like to change the cluster's name, you can do so by setting theCLUSTER_NAMEenvironment variable before running the script. - CUSTOM_BP_PATH: It is important to order the blueprints while taking in to account the necessary relations for each blueprint. Once a blueprint was created, attempting to recreate it using the script will fail. To recreate a blueprint using the script, first delete the blueprint.