pluto icon indicating copy to clipboard operation
pluto copied to clipboard
verified publisher icon FairwindsOps

Can pluto be run inside a cluster? Is there a helm chart or a reference manifest?

Open kastl-ars opened this issue 1 year ago • 3 comments

I find that using pluto is a very nice way to make sure my cluster workloads are using recent apiVersions.

However, manually running pluto seems wrong. Running pluto in Jenkins or Gitlab CI means I need to give the CI permissions to access my cluster.

So, is it possible to run pluto from inside the cluster? Talking to the kube-apiserver directly?

If so, is there a reference manifest or a helm chart to deploy pluto as e.g. a cronjob?

Unfortunately searching for "pluto helm chart" only gives references to checking helm charts with pluto... :-)

Thanks in advance!

Kind Regards, Johannes

kastl-ars avatar Jun 04 '24 07:06 kastl-ars

Pluto can definitely be run in-cluster! We use it as part of our Insight-agent for our commercial offering. We don't currently provide any manifests, since there's lots of different ways one might want to run it and then consume the data. There is a docker image you can use in the releases, and a basic cronjob would probably be the route I would go.

The question then becomes - where do you want to send the results?

sudermanjr avatar Jun 04 '24 15:06 sudermanjr

In my previous company, we wrote a cronjob that was emitting policyreport resources from pluto JSON output so they could be shown to the clusters users using https://github.com/kyverno/policy-reporter.

aslafy-z avatar Jun 04 '24 23:06 aslafy-z

In my previous company, we wrote a cronjob that was emitting policyreport resources from pluto JSON output so they could be shown to the clusters users using https://github.com/kyverno/policy-reporter.

Thanks, that sounds interesting.

So, from both answers I take it there is no official helm chart or manifests?

Does anyone have a snippet for running as a cronjob?

kastl-ars avatar Jun 05 '24 04:06 kastl-ars

You could look at the pluto cronjob template from our insights-agent as a starting point: https://github.com/FairwindsOps/charts/tree/master/stable/insights-agent/templates/pluto.

bbensky avatar Jul 24 '24 15:07 bbensky

Thanks for the link @bbensky!

How is the reporting or alerting done in your case, if I may ask? I have put together a cronjob myself in the meantime, but never got around to the actual alerting part (this far the cronjob never failed, so I was researching how to add a deprecated resource to make it find someting...)

kastl-ars avatar Jul 25 '24 05:07 kastl-ars

@kastl-ars Our reporting is done to our commercial SaaS backend - Fairwinds Insights.

I'm going to mark this as resolved, please feel free to re-open or open a new question if needed. Thanks!

sudermanjr avatar Sep 20 '24 22:09 sudermanjr