Skip to main content

Full Flexera Kubernetes Agent Helm chart configuration and installation

The predefined out-of-the-box Full Flexera Kubernetes Inventory Agent Helm chart is available for download and can be pulled from the Flexera AWS ECR - https://gallery.ecr.aws/flexera/krm-chart​.

Employing the Full Flexera Kubernetes Inventory Agent Helm chart will help to accelerate the deployment of the Full Flexera Kubernetes Inventory Agent to your Kubernetes clusters.

Once you have downloaded the Helm chart and saved it to a directory, you only need to edit the options within the values.yaml file as needed. The majority of options within the values.yaml file are predefined and each option has a descriptive comment.

info

For the Full Flexera Kubernetes Inventory Agent, you must specify the FlexNet Beacon URL and persistent storage settings.

The steps and Helm commands needed to successfully download and install the Helm chart are detailed below. For general guidance on how to install Helm charts, see Helm Install in Helm's Online Help Documentation.

Installation steps

  1. Log in to the AWS Public ECR using the following command:

    $ aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin public.ecr.aws
  2. Either install the chart using this command (replace "release-name" with your own name, optionally replace the namespace "flexera" if appropriate to do so):

    $ helm install release-name oci://public.ecr.aws/flexera/krm-chart --set monitor.beaconURL="http://your-beacon.com" --namespace flexera --create-namespace

or if a values.yaml file has been prepared, use this command:

$ helm install release-name oci://public.ecr.aws/flexera/krm-chart -f ./values.yaml --namespace flexera --create-namespace

or if the chart has been pulled and unpacked into a directory, use this command:

$ helm install release-name ./flexera_charts/krm-chart --namespace flexera --create-namespace

How to download the chart into a local directory

To download the Helm chart into a local directory (offline installation), follow these steps:

  1. Create a directory to download and extract the Helm chart to using this command:

    $ mkdir ./flexera_charts
  2. Log in to the AWS Public ECR using this command:

    $ aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin public.ecr.aws
  3. Download and extract the krm-chart Helm chart using this command:

    $ helm pull oci://public.ecr.aws/flexera/krm-chart --untar --untardir ./flexera_charts

Parameter options

All of the parameters needed to deploy the Full Flexera Kubernetes Inventory Agent are listed below in the parameter options table.

The majority of parameters are predefined and do not need to be edited, except for the following:

  • For the monitor.beaconURL parameter, you must define the FlexNet Beacon URL [http://my-beacon.com\].

  • You must also define the persistent storage parameters:

  • monitor.volumeClaimTemplate.accessModes

  • monitor.volumeClaimTemplate.storageClassName

  • monitor.volumeClaimTemplate.resources.requests.storage.

    ParameterDescription
    fullnameOverrideAsCustomNameOverride the default chart name "krm-chart" with a custom name. For example, fullnameOverrideAsCustomName: [some name]
    fullnameOverrideAsReleaseNameOverride the default chart name "krm-chart" with the release name. For example, fullnameOverrideAsReleaseName: true
    openShiftExtensions.enabledInstall the extensions required for interoperability with OpenShift or OKD. For example, openShiftExtensions.enabled: true
    ibmLicensingExtensions.enabledInstall the extensions required to use RBAC-based authentication with the IBM Licensing Service For example, ibmLicensingExtensions.enabled: true
    storageResourcesExtensions.enabledInstall the extensions required to collect data on cluster storage resources For example, storageResourcesExtensions.enabled: true
    ibmLicensing.enableActivates the IBM License Service integration. For example, ibmLicensing.enable: true
    ibmLicensing.authSet the authentication strategy for IBM License Service. If not set, the default will be used. The default is intended to track License Service's default. Valid values are "standard", "rbac". For example, ibmLicensing.enable: "standard"
    ibmLicensing.httpsIndicate whether the IBM License Service API is being served over HTTPS. If not set, the agent will discover the setting. For example, ibmLicensing.https: true
    ibmLicensing.namespaceThe namespace in which the IBM License Service components are deployed. If not set, the agent will discover the correct namespace. For example, ibmLicensing.namespace: "ibm-common-services"
    ibmLicensing.serviceNameSet the name of the Service that exposes access to the IBM License Service API. If not set, the agent will discover the Service name For example, ibmLicensing.serviceName: "ibm-licensing-service-instance"
    ibmLicensing.servicePortSet the TCP port of the service exposing the IBM License Service API. If not set, the agent will discover the port. For example, ibmLicensing.servicePort: 8080
    ibmLicensing.tlsVerifyEnable or disable verification of X509 certificates when communicating with the IBM License Service API. This should be set to false if the service uses HTTPS and a self-signed certificate. For example, ibmLicensing.tlsVerify: false
    ibmLicensing.tokenSet the client token used for authentication with the IBM License Service API. If not set, the agent will discover the token. For example, ibmLicensing.token: "VoOMWJijBWuCxSxwgON11w7z"
    logLevelSet the log level for all agent components. When omitted, the default log level is "info". Valid values include "trace", "debug", "info", "warn", "error", and "fatal". For example, logLevel: info
    clusterNameSet the name for this cluster. As Kubernetes does not have a native naming mechanism, the agent uses a variety of strategies to discover an appropriate name for the cluster; however, these strategies are not consistently reliable. This parameter allows you to bypass the discovery process and directly assign a meaningful name. Note that this name is a display property, and the cluster is identified internally by a unique ID value. For example, clusterName: my-cluster-name
    imageTemplate.registryOverride the container image used to deploy the agent. (note /flexera/krm gets appended to the registry value)
    imageTemplate.versionVersion of image.
    imagePullSecretsTemplate.nameSecrets used to pull the container image from the registry. When set, these secrets are propagated to all of the agent's Pods. If pull secrets were associated with the service account or the registry does not require authentication, this can be omitted. See Pull an Image from a private registry configuration attribute in the Online Help.
    monitor.logLevelSet the logging level of the monitor component. Note that this overrides the field of the same name at the top level of the KRM spec. For example, monitor.logLevel: info
    monitor.beaconURLThe URL of the inventory beacon. This field is mandatory. For example, monitor.beaconURL: http://my\-bacon\.com
    monitor.intervalThe interval on which the agent produces and uploads inventory files to the beacon. (examples 5m or 6h). For example, monitor.interval: 6h
    monitor.downloadFromBeaconEnable or disable downloading policy updates from the beacon. This behavior is enabled by default, so this field only needs to be set when it should be disabled. For example, monitor.downloadFromBeacon: true
    monitor.collectStorageEnable or disable a feature, disabled by default, whereby the agent collects data on additional resource types related to storage. Note that this requires the "storage-resources" extension to be installed so that the agent has the necessary additional API permissions. For example, monitor.collectStorage: false
    monitor.imageInventoryEnable or disable obtaining software inventories from container images used in the cluster. This is enabled by default, so this value only needs to be set when it should be disabled. For example, monitor.imageInventory: true
    monitor.volumeClaimTemplate.accessModesClaims access modes (for example, they can be mounted ReadWriteOnce, ReadOnlyMany, ReadWriteMany, or ReadWriteOncePod, see AccessModes in the Kubernetes Online Help Documentation). For example, monitor.volumeClaimTemplate.accessModes: ["ReadWriteOnce"]
    monitor.volumeClaimTemplate.storageClassNameA PV can have a class, which is specified by setting the storageClassName attribute to the name of a Storage Class. See StorageClasses in the Kubernetes Online Help Documentation. For example, monitor.volumeClaimTemplate.storageClassName: standard
    monitor.volumeClaimTemplate.resources.requests.storageClaims storage size For example, monitor.volumeClaimTemplate.resources.requests.storage: 2Gi
    monitor.tlsFilesTemplate.secret.secretNameA volume source containing optional TLS certificates and keys. See Supporting Custom Certificates for HTTPS in the Online Help for details on how this feature works. For example, monitor.tlsFilesTemplate.secretName: myorg-certificates
    monitor.configPatchTemplate.nameA config map volume source containing config.ini patches. See Patching config.ini through Flexera Kubernetes Inventory Agent in the Online Help for details on how this feature works. For example, monitor.configPatchTemplate.name: krm-config
    node.enableEnable or disable the node component. The node component produces inventory files that are critical to the product, so it should not be disabled without fully understanding the ramifications. It is obviously enabled by default, so this value only needs to be set when disabling the component. For example, enable: true
    node.logLevelSet the logging level of the node component. Note that this overrides the field of the same name at the top level of the KRM spec. For example, logLevel: info
    node.intervalThe interval on which the node agent produces hardware inventory files. For example, interval: 30m
    node.readyRetriesThe number of times to attempt to connect to the monitor component's Service before giving up. For example, readyRetries: 20
    node.readyWaitDuration to wait between attempts to connect to the monitor component's Service. For example, readyWait: 2s
    node.mountHostFSEnable or disable the node mounting of the host file system. The node component will mount the /etc/os\-release file and /var/lib directory , in read-only mode when this is enabled. The reason for this option is to be able to report on what OS the node host is running as well as which rpm packages are installed. For example, mountHostFS: false
    node.collectHostRpmInfoEnable or disable the node collection of RPM package evidence from the host file system. The node component will collect RPM package evidence from the node host if this option is enabled and together with the MountHostFS option which also needs to be enabled. For example, collectHostRpmInfo: false
    node.mustUploadExit immediately if an attempt to upload an inventory file is unsuccessful. For example, mustUpload: true
    node.privilegedEnable or disable the setting of the privileged bit on the node component's containers. The privileged bit is needed in order for the node component to observe the BIOS data in the underlying server, which includes the server's serial number. This field is true by default, so it only needs to be set in order to be disabled. For example, privileged: true