From 3e6b87955846a5c3cf422c1cbdf4dfd7a646e617 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Tourri=C3=A8re?= Date: Thu, 23 Jan 2025 08:45:49 +0100 Subject: [PATCH] docs: Add fetch_only documentation Set default NHI scout version to 0.12.0 --- README.md | 7 ++-- .../nhi-scout/examples/fetch_only/secret.yaml | 8 ++++ .../nhi-scout/examples/fetch_only/values.yaml | 38 +++++++++++++++++++ charts/nhi-scout/values.yaml | 2 +- 4 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 charts/nhi-scout/examples/fetch_only/secret.yaml create mode 100644 charts/nhi-scout/examples/fetch_only/values.yaml diff --git a/README.md b/README.md index 3cc9c98..066b57a 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,8 @@ inventory: jobs: # Job to fetch defined sources fetch: - # Set to `true` to enable the job - enabled: false + # Set to `false` to disable the job + enabled: true # Run every 15 minutes schedule: '*/15 * * * *' send: true @@ -50,7 +50,6 @@ inventory: enabled: true # Run every minute schedule: '* * * * *' - # Set to `true` to enable sending fetched data to the GitGuardian instance # This needs to be created separately, and contain the following keys: # - `HASHICORP_VAULT_TOKEN` - the hashicorp vault token to use @@ -60,6 +59,8 @@ envFrom: name: gitguardian-nhi-scout-secrets ``` +If you want to only fetch the identities without sending them, please see this [example](charts/nhi-scout/examples/fetch_only) + Other examples can be found in [charts/nhi-scout/examples](charts/nhi-scout/examples). ## Development diff --git a/charts/nhi-scout/examples/fetch_only/secret.yaml b/charts/nhi-scout/examples/fetch_only/secret.yaml new file mode 100644 index 0000000..5e79318 --- /dev/null +++ b/charts/nhi-scout/examples/fetch_only/secret.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: gitguardian-nhi-scout-secrets +stringData: + # OUTPUT_PATH is the path that the Scout `fetch` command is using to write the inventory + OUTPUT_PATH: "/tmp/output/inventory.json" diff --git a/charts/nhi-scout/examples/fetch_only/values.yaml b/charts/nhi-scout/examples/fetch_only/values.yaml new file mode 100644 index 0000000..c650b50 --- /dev/null +++ b/charts/nhi-scout/examples/fetch_only/values.yaml @@ -0,0 +1,38 @@ +--- +# yaml-language-server: $schema=../../values.schema.json + +inventory: + config: + sources: + vault-secrets: + type: hashicorpvault + vault_address: "https://your-vault-address-here" + # Token configuration can be read from environment variables like so: + auth_token: "${HASHICORP_VAULT_TOKEN}" + fetch_all_versions: true + path: "secret/" + + jobs: + fetch: + schedule: "* * * * *" + enabled: true + # send is set to `false` so this job will only retrieve secrets and write there into `${OUTPUT_PATH}` + send: false + +# This needs to be created separately, and contain the following keys: +# - `OUTPUT_PATH` - path that the Scout `fetch` command is using to write the inventory +envFrom: +- secretRef: + name: gitguardian-nhi-scout-secrets + +volumes: +- name: test-local + hostPath: + # The host local volume where the inventory will be sent + path: /tmp/output + type: DirectoryOrCreate + +volumeMounts: + # The mount point where the inventory will be written. Must be the same directory than the one set in OUTPUT_PATH +- mountPath: /tmp/output + name: test-local diff --git a/charts/nhi-scout/values.yaml b/charts/nhi-scout/values.yaml index 9d29c94..b5a040e 100644 --- a/charts/nhi-scout/values.yaml +++ b/charts/nhi-scout/values.yaml @@ -5,7 +5,7 @@ # Options for the inventory configuration. inventory: # Specific version of the image to use - version: 0.11.0 + version: 0.12.0 # Schedule to run the collection on log_level: info # Enable syncing secrets to vaults