From cfec200bd302ede94964a3ad45da54d355202e7c Mon Sep 17 00:00:00 2001 From: Yaron Date: Thu, 6 Jun 2024 07:08:01 +0300 Subject: [PATCH] fix: update readme and helm chart (#16) --- README.md | 46 +------- helm/runtime-sensor/templates/daemonset.yaml | 10 +- helm/runtime-sensor/values.schema.json | 108 +++++++++++++++++-- helm/runtime-sensor/values.yaml | 8 ++ 4 files changed, 118 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index 252a8aa..7a7aa7c 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,14 @@ # Runtime Sensor The Runtime Sensor watches your deployments on a Kubernetes cluster -and will send collected data to Snyk. +and sends collected data to Snyk. + +This is a [Helm chart](https://helm.sh) dedicated repo [helm/runtime-sensor](https://github.com/snyk/runtime-sensor), hosting the Snyk Runtime Sensor using Github pages in `https://snyk.github.io/runtime-sensor`. ## Usage ### Installation - -There is a [Helm chart](https://helm.sh) within this repo in [helm/runtime-sensor](https://github.com/snyk/runtime-sensor), that is hosted through Github pages in `https://snyk.github.io/runtime-sensor`. - -Initially you need to create a Kubernetes secret that contains the API token for the -[service account](https://docs.snyk.io/snyk-admin/service-accounts) - -The service account must have one of the following roles: -- Group Admin -- Custom Role with "AppRisk edit" permission - -To install Snyk's runtime sensor using Helm Charts follow these steps: - -1. Make sure Helm is installed -2. Create the namespace you would like to install the sensor in, for example `snyk-runtime-sensor`: - - ``` - kubectl create namespace <> - ``` - -3. Create a secret with your service account token which has the appropriate permissions under the created namespace: - - ``` - kubectl create secret generic <> --from-literal=snykToken=<> -n <> - ``` - -4. Add the Helm repo - - ``` - helm repo add runtime-sensor https://snyk.github.io/runtime-sensor - ``` - -5. Install the Helm chart: - - ``` - helm install my-runtime-sensor \ - --set secretName=<> \ - --set clusterName=<> \ - --set snykGroupId=<> \ - -n <> \ - runtime-sensor/runtime-sensor - ``` +Please find the installation instructions under Snyk's docs - https://docs.snyk.io/manage-risk/snyk-apprisk/integrations-for-snyk-apprisk/snyk-runtime-sensor. Release versions can be found [in GitHub](https://github.com/snyk/runtime-sensor/releases). diff --git a/helm/runtime-sensor/templates/daemonset.yaml b/helm/runtime-sensor/templates/daemonset.yaml index a9c7cd7..b73505e 100644 --- a/helm/runtime-sensor/templates/daemonset.yaml +++ b/helm/runtime-sensor/templates/daemonset.yaml @@ -41,11 +41,11 @@ spec: {{- end }} resources: requests: - memory: "512Mi" - cpu: "100m" + memory: "{{ .Values.sensor.resources.requests.memory }}" + cpu: "{{ .Values.sensor.resources.requests.cpu }}" limits: - memory: "1024Mi" - cpu: "500m" + memory: "{{ .Values.sensor.resources.limits.memory }}" + cpu: "{{ .Values.sensor.resources.limits.cpu }}" securityContext: {{- if .Values.securityContext.privileged }} privileged: true @@ -75,6 +75,8 @@ spec: value: "{{ .Values.clusterName }}" - name: SNYK_GROUP_ID value: "{{ .Values.snykGroupId }}" + - name: SNYK_API_BASE_URL + value: "{{ .Values.snykAPIBaseURL }}" envFrom: - configMapRef: name: env-config-map diff --git a/helm/runtime-sensor/values.schema.json b/helm/runtime-sensor/values.schema.json index 07bb11d..5ef3138 100644 --- a/helm/runtime-sensor/values.schema.json +++ b/helm/runtime-sensor/values.schema.json @@ -8,6 +8,7 @@ "secretName", "clusterName", "snykGroupId", + "snykAPIBaseURL", "replicaCount", "nameOverride", "sensor" @@ -54,12 +55,21 @@ "ffffffff-ffff-ffff-ffff-fffffffffffff", "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaaa" ] }, + "snykAPIBaseURL": { + "type": "string", + "default": "api.snyk.io:443", + "title": "The Snyk API region and port to report to", + "examples": [ + "api.snyk.io:443", "api.us.snyk.io:443" + ] + }, "sensor": { "type": "object", "default": {}, "title": "The sensor Schema", "required": [ "image", + "resources", "serviceAccount", "extraArgs" ], @@ -74,15 +84,15 @@ "properties": { "repository": { "type": "string", - "default": "", + "default": "snyk/runtime-sensor", "title": "The repository Schema", "examples": [ - "gcr.io/snyk-main/runtime-sensor" + "snyk/runtime-sensor" ] }, "tag": { "type": "string", - "default": "", + "default": "1.0.0", "title": "The tag Schema", "examples": [ "0.0.1" @@ -90,10 +100,92 @@ } }, "examples": [{ - "repository": "gcr.io/snyk-main/runtime-sensor", + "repository": "snyk/runtime-sensor", "tag": "0.0.1" }] }, + "resources": { + "type": "object", + "default": {}, + "title": "The resources Schema", + "required": [ + "requests" + ], + "properties": { + "limits": { + "type": "object", + "default": {}, + "title": "The limits Schema", + "required": [ + "cpu", + "memory" + ], + "properties": { + "cpu": { + "type": "string", + "default": "500m", + "title": "The cpu Schema", + "examples": [ + "500m" + ] + }, + "memory": { + "type": "string", + "default": "1024Mi", + "title": "The memory Schema", + "examples": [ + "1024Mi" + ] + } + }, + "examples": [{ + "cpu": "100m", + "memory": "128Mi" + }] + }, + "requests": { + "type": "object", + "default": {}, + "title": "The requests Schema", + "required": [ + "cpu", + "memory" + ], + "properties": { + "cpu": { + "type": "string", + "default": "100m", + "title": "The cpu Schema", + "examples": [ + "100m" + ] + }, + "memory": { + "type": "string", + "default": "512Mi", + "title": "The memory Schema", + "examples": [ + "64Mi" + ] + } + }, + "examples": [{ + "cpu": "100m", + "memory": "512Mi" + }] + } + }, + "examples": [{ + "limits": { + "cpu": "100m", + "memory": "128Mi" + }, + "requests": { + "cpu": "100m", + "memory": "64Mi" + } + }] + }, "serviceAccount": { "type": "object", "default": {}, @@ -133,8 +225,8 @@ }, "examples": [{ "image": { - "repository": "gcr.io/snyk-main/runtime-sensor", - "tag": "0.0.1" + "repository": "snyk/runtime-sensor", + "tag": "1.0.0" }, "resources": { "limits": { @@ -162,7 +254,7 @@ "properties": { "create": { "type": "boolean", - "default": false, + "default": true, "title": "The create Schema", "examples": [ true @@ -200,7 +292,7 @@ "nameOverride": "", "sensor": { "image": { - "repository": "gcr.io/snyk-main/runtime-sensor", + "repository": "snyk/runtime-sensor", "tag": "0.0.1" }, "resources": { diff --git a/helm/runtime-sensor/values.yaml b/helm/runtime-sensor/values.yaml index 66db8c1..72179aa 100644 --- a/helm/runtime-sensor/values.yaml +++ b/helm/runtime-sensor/values.yaml @@ -8,6 +8,7 @@ replicaCount: 1 nameOverride: "" clusterName: "dev" snykGroupId: "ffffffff-ffff-ffff-ffff-fffffffffffff" +snykAPIBaseURL: api.snyk.io:443 ### Provide the name of the secret secretName: snyk-secret ## Provide Snyk runtime sensor container image and resources. @@ -15,6 +16,13 @@ sensor: image: repository: snyk/runtime-sensor # -- Create the manager ServiceAccount + resources: + requests: + memory: 512Mi + cpu: 100m + limits: + memory: 1024Mi + cpu: 500m serviceAccount: create: true annotations: {}