-
Notifications
You must be signed in to change notification settings - Fork 11
Search Configurable Collection
Control the Kubernetes resources that get collected from the cluster by referencing an allow and deny list within a configmap with the name search-collector-config
. Create the configmap following the format in the sample template below:
apiVersion: v1
kind: ConfigMap
metadata:
name: search-collector-config
namespace: <namespace where search-collector add-on is deployed>
data:
AllowedResources: |-
- apiGroups:
- "*"
resources:
- services
- pods
- apiGroups:
- admission.k8s.io
- authentication.k8s.io
resources:
- "*"
DeniedResources: |-
- apiGroups:
- "*"
resources:
- secrets
- apiGroups:
- admission.k8s.io
resources:
- policies
- iampolicies
- certificatepolicies
Steps to create search-collector-config
-
The name of the ConfigMap must be
search-collector-config
. -
namespace is the Namespace where the Search-Collector add-on is deployed.
-
Under data define
AllowedResources
andDeniedResources
as key value pairs wrapped in a string block with|-
to preserve linebreaks.-
The asterisk
"*"
represents all. -
For resources that don't have apigroups, you should replace the
apiGroups
value with an empty string""
. You can check which resources don't have apigroups withoc api-resources -o wide
-
If the same resources are featured in both lists, they will be excluded.
-
-
Once you save your changes you can apply your changes by running
oc apply -f configMapFile.yaml
-
Wait a few minutes for changes to resources to update. This also applies when current configmap gets updated.