Cluster Sensor Commands and Options
Cluster Sensor offers various options to collect K8s inventory data in your account. The following are the available commands and options for Cluster Sensor. Some of the parameters are also used to connect the Cluster Sensor with Qualys TotalCloud.
Global Parameters
Both Cluster Sensor and Admission Controller support the following parameters irrespective of commands.
| Parameter | Mandatory/Optional | Description |
|---|---|---|
| global.customerId | Mandatory | Unique customer id associated with customer's account. |
| global.activationId | Mandatory | Unique activation id associated with customer's account. |
| global.gatewayUrl | Mandatory | Specify Qualys Platform (POD) gateway URL for backend communication. Specify this to use a POD which is not listed in: https://www.qualys.com/platform-identification/ |
| global.pod | Optional | Specify Qualys Platform (POD) for backend communication. For example, US1, US2, US3, US4, EU1, EU2, IN1, CA1, AE1, UK1, AU1, KSA1. If your platform is not mentioned here, please provide the gateway URL using ' global.gatewayUrl' |
| global.imagePullSecret | Optional | Specify to pull images from the private registry. |
| global.clusterInfoArgs.cloudProvider | Optional | Specify the name of the Cloud provider. Cloud Provider examples: AWS, GCP, AZURE, OCI, selfManagedK8S |
| global.clusterInfoArgs.AWS.arn | Mandatory | Mandatory if the cloud provider is 'AWS'. Specify value of the arn. Example: arn:aws:eks:<region>:<accountid>:cluster/<clustername>
|
| global.clusterInfoArgs.AZURE.id | Mandatory | Mandatory if the cloud provider is 'AZURE'. Specify value of the id. Example: /subscriptions/<subscription_id>/resourcegroups/NK_test/providers/Microsoft.ContainerService/managedClusters/<cluster_name>
|
| global.clusterInfoArgs.AZURE.region | Mandatory | Provide the value of the region. Mandatory if the cloud provider is 'AZURE'. |
| global.clusterInfoArgs.GCP.krn | Mandatory | Provide value of the krn. Mandatory if the cloud provider is 'GCP'. Example: projects/<project_id>/locations/<region>/clusters/<cluster_name>
|
| global.clusterInfoArgs.OCI.ocid | Mandatory | Specify value of the ocid. Mandatory if the Cloud Provider is 'OCI' Example: ocid1.cluster.oc1.<REGION>.<TENANCY_OCID>.<CLUSTER_OCID> |
| global.clusterInfoArgs.OCI.clusterName | Mandatory | Use this provide cluster name. Mandatory if the Cloud Provider is 'OCI'. |
| global.clusterInfoArgs.SELF_ MANAGED_K8S.clusterName |
Mandatory | Use this to provide cluster name. Mandatory if the Cloud Provider is 'SELF_MANAGED_K8S`. |
| global.rootCA.certificate | Optional | Provide custom certificate in base64 encoded format to connect with Qualys Cloud Platform if required. |
| global.proxy.value | Optional | Specify Url of the proxy server. Example: FQDN or Ip address |
| global.proxy.certificate | Optional | Provide proxy certificate in base64 encoded format to connect with proxy server if required. |
| global.proxy.skipVerifyTLS | Optional | Use this to skip secure TLS verification. |
| global.openshift | Optional | Set to true, if deploying in OpenShift. Default value: false |
Cluster Sensor Parameters
Here are the parameters specific to Cluster Sensor commands.
| Parameter | Mandatory/Optional | Description |
|---|---|---|
| clusterSensor.image | Optional | Specify the name of the cluster sensor image in the private or dockerhub registry. Default value: qualys/cluster-sensor:latest |
| clusterSensor.imagePullPolicy | Optional | Pull policy for cluster sensor image Accepted Values: IfNotPresent/Always/Never Default value: IfNotPresent |
| clusterSensor.persistentStorage.enabled | Optional | Use this to run sensor with or without persistent storage. Accepted value: true/false Default value: true |
| clusterSensor.persistentStorage.hostPath | Optional | Path of the persistent storage. Set appropriate ownership and permission to cluster sensor user qualys (UID:555) for the hostPath. For example, sudo chown 555:555 /usr/local/qualys/clustersensor/data |
| clusterSensor.logConfig.logLevel | Optional | Specify the log level Valid Values: debug, info, error, warn, fatal Default Value: info |
| clusterSensor.logConfig.logFileSize | Optional | The file is rotated when its size exceeds. File size is in megabytes. |
| clusterSensor.logConfig.logPurgeCount | Optional | Maximum number of archived log files. |
| clusterSensor.resources.limits.cpu | Optional | Specify cpu limit of the cluster sensor container. Default value: 200m |
| clusterSensor.resources.limits.memory | Optional | Specify memory limit of cluster sensor container. Default value: 256Mi |
| clusterSensor.resources.requests.cpu | Optional | Specify cpu request of cluster sensor container. Default value: 100m |
| clusterSensor.resources.requests.memory | Optional | Specify memory request of the cluster sensor container. Default value: 200m |
| clusterSensor.hostNetwork |
Optional | To enable/disable sharing host network namespace and resources with cluster sensor pod Default value: true |