Skip to content

Commit

Permalink
fix: update readme and helm chart (#16)
Browse files Browse the repository at this point in the history
  • Loading branch information
@prsnca
prsnca authored Jun 6, 2024
1 parent bb4c2ec commit cfec200
Show file tree
Hide file tree
Showing 4 changed files with 118 additions and 54 deletions.
46 changes: 4 additions & 42 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,52 +1,14 @@
# Runtime Sensor

The Runtime Sensor watches your deployments on a Kubernetes cluster
and will send collected data to Snyk.
and sends collected data to Snyk.

This is a [Helm chart](https://helm.sh) dedicated repo [helm/runtime-sensor](https://github.com/snyk/runtime-sensor), hosting the Snyk Runtime Sensor using Github pages in `https://snyk.github.io/runtime-sensor`.

## Usage

### Installation


There is a [Helm chart](https://helm.sh) within this repo in [helm/runtime-sensor](https://github.com/snyk/runtime-sensor), that is hosted through Github pages in `https://snyk.github.io/runtime-sensor`.

Initially you need to create a Kubernetes secret that contains the API token for the
[service account](https://docs.snyk.io/snyk-admin/service-accounts)

The service account must have one of the following roles:
- Group Admin
- Custom Role with "AppRisk edit" permission

To install Snyk's runtime sensor using Helm Charts follow these steps:

1. Make sure Helm is installed
2. Create the namespace you would like to install the sensor in, for example `snyk-runtime-sensor`:

```
kubectl create namespace <<YOUR_NAMESPACE>>
```

3. Create a secret with your service account token which has the appropriate permissions under the created namespace:

```
kubectl create secret generic <<YOUR_SECRET_NAME>> --from-literal=snykToken=<<YOUR_TOKEN>> -n <<YOUR_NAMESPACE>>
```

4. Add the Helm repo

```
helm repo add runtime-sensor https://snyk.github.io/runtime-sensor
```

5. Install the Helm chart:

```
helm install my-runtime-sensor \
--set secretName=<<YOUR_SECRET_NAME>> \
--set clusterName=<<CLUSTER_NAME>> \
--set snykGroupId=<<YOUR_GROUP_ID>> \
-n <<YOUR_NAMESPACE>> \
runtime-sensor/runtime-sensor
```
Please find the installation instructions under Snyk's docs - https://docs.snyk.io/manage-risk/snyk-apprisk/integrations-for-snyk-apprisk/snyk-runtime-sensor.

Release versions can be found [in GitHub](https://github.com/snyk/runtime-sensor/releases).
10 changes: 6 additions & 4 deletions helm/runtime-sensor/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,11 @@ spec:
{{- end }}
resources:
requests:
memory: "512Mi"
cpu: "100m"
memory: "{{ .Values.sensor.resources.requests.memory }}"
cpu: "{{ .Values.sensor.resources.requests.cpu }}"
limits:
memory: "1024Mi"
cpu: "500m"
memory: "{{ .Values.sensor.resources.limits.memory }}"
cpu: "{{ .Values.sensor.resources.limits.cpu }}"
securityContext:
{{- if .Values.securityContext.privileged }}
privileged: true
Expand Down Expand Up @@ -75,6 +75,8 @@ spec:
value: "{{ .Values.clusterName }}"
- name: SNYK_GROUP_ID
value: "{{ .Values.snykGroupId }}"
- name: SNYK_API_BASE_URL
value: "{{ .Values.snykAPIBaseURL }}"
envFrom:
- configMapRef:
name: env-config-map
Expand Down
108 changes: 100 additions & 8 deletions helm/runtime-sensor/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
"secretName",
"clusterName",
"snykGroupId",
"snykAPIBaseURL",
"replicaCount",
"nameOverride",
"sensor"
Expand Down Expand Up @@ -54,12 +55,21 @@
"ffffffff-ffff-ffff-ffff-fffffffffffff", "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaaa"
]
},
"snykAPIBaseURL": {
"type": "string",
"default": "api.snyk.io:443",
"title": "The Snyk API region and port to report to",
"examples": [
"api.snyk.io:443", "api.us.snyk.io:443"
]
},
"sensor": {
"type": "object",
"default": {},
"title": "The sensor Schema",
"required": [
"image",
"resources",
"serviceAccount",
"extraArgs"
],
Expand All @@ -74,26 +84,108 @@
"properties": {
"repository": {
"type": "string",
"default": "",
"default": "snyk/runtime-sensor",
"title": "The repository Schema",
"examples": [
"gcr.io/snyk-main/runtime-sensor"
"snyk/runtime-sensor"
]
},
"tag": {
"type": "string",
"default": "",
"default": "1.0.0",
"title": "The tag Schema",
"examples": [
"0.0.1"
]
}
},
"examples": [{
"repository": "gcr.io/snyk-main/runtime-sensor",
"repository": "snyk/runtime-sensor",
"tag": "0.0.1"
}]
},
"resources": {
"type": "object",
"default": {},
"title": "The resources Schema",
"required": [
"requests"
],
"properties": {
"limits": {
"type": "object",
"default": {},
"title": "The limits Schema",
"required": [
"cpu",
"memory"
],
"properties": {
"cpu": {
"type": "string",
"default": "500m",
"title": "The cpu Schema",
"examples": [
"500m"
]
},
"memory": {
"type": "string",
"default": "1024Mi",
"title": "The memory Schema",
"examples": [
"1024Mi"
]
}
},
"examples": [{
"cpu": "100m",
"memory": "128Mi"
}]
},
"requests": {
"type": "object",
"default": {},
"title": "The requests Schema",
"required": [
"cpu",
"memory"
],
"properties": {
"cpu": {
"type": "string",
"default": "100m",
"title": "The cpu Schema",
"examples": [
"100m"
]
},
"memory": {
"type": "string",
"default": "512Mi",
"title": "The memory Schema",
"examples": [
"64Mi"
]
}
},
"examples": [{
"cpu": "100m",
"memory": "512Mi"
}]
}
},
"examples": [{
"limits": {
"cpu": "100m",
"memory": "128Mi"
},
"requests": {
"cpu": "100m",
"memory": "64Mi"
}
}]
},
"serviceAccount": {
"type": "object",
"default": {},
Expand Down Expand Up @@ -133,8 +225,8 @@
},
"examples": [{
"image": {
"repository": "gcr.io/snyk-main/runtime-sensor",
"tag": "0.0.1"
"repository": "snyk/runtime-sensor",
"tag": "1.0.0"
},
"resources": {
"limits": {
Expand Down Expand Up @@ -162,7 +254,7 @@
"properties": {
"create": {
"type": "boolean",
"default": false,
"default": true,
"title": "The create Schema",
"examples": [
true
Expand Down Expand Up @@ -200,7 +292,7 @@
"nameOverride": "",
"sensor": {
"image": {
"repository": "gcr.io/snyk-main/runtime-sensor",
"repository": "snyk/runtime-sensor",
"tag": "0.0.1"
},
"resources": {
Expand Down
8 changes: 8 additions & 0 deletions helm/runtime-sensor/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,21 @@ replicaCount: 1
nameOverride: ""
clusterName: "dev"
snykGroupId: "ffffffff-ffff-ffff-ffff-fffffffffffff"
snykAPIBaseURL: api.snyk.io:443
### Provide the name of the secret
secretName: snyk-secret
## Provide Snyk runtime sensor container image and resources.
sensor:
image:
repository: snyk/runtime-sensor
# -- Create the manager ServiceAccount
resources:
requests:
memory: 512Mi
cpu: 100m
limits:
memory: 1024Mi
cpu: 500m
serviceAccount:
create: true
annotations: {}
Expand Down

0 comments on commit cfec200

Please sign in to comment.