Can pluto be run inside a cluster? Is there a helm chart or a reference manifest?

Question

Can pluto be run inside a cluster? Is there a helm chart or a reference manifest?

kastl-ars opened this issue 7 months ago · 6 comments

I find that using pluto is a very nice way to make sure my cluster workloads are using recent apiVersions.

However, manually running pluto seems wrong. Running pluto in Jenkins or Gitlab CI means I need to give the CI permissions to access my cluster.

So, is it possible to run pluto from inside the cluster? Talking to the kube-apiserver directly?

If so, is there a reference manifest or a helm chart to deploy pluto as e.g. a cronjob?

Unfortunately searching for "pluto helm chart" only gives references to checking helm charts with pluto... :-)

Thanks in advance!

Kind Regards,
Johannes

Answer 1 · 2024-06-04T15:13:46.000Z

Pluto can definitely be run in-cluster! We use it as part of our Insight-agent for our commercial offering. We don't currently provide any manifests, since there's lots of different ways one might want to run it and then consume the data. There is a docker image you can use in the releases, and a basic cronjob would probably be the route I would go.

The question then becomes - where do you want to send the results?

Answer 2 · 2024-06-04T23:46:49.000Z

In my previous company, we wrote a cronjob that was emitting policyreport resources from pluto JSON output so they could be shown to the clusters users using https://github.com/kyverno/policy-reporter.

Answer 3 · 2024-06-05T04:51:35.000Z

In my previous company, we wrote a cronjob that was emitting policyreport resources from pluto JSON output so they could be shown to the clusters users using https://github.com/kyverno/policy-reporter.

Thanks, that sounds interesting.

So, from both answers I take it there is no official helm chart or manifests?

Does anyone have a snippet for running as a cronjob?

Answer 4 · 2024-07-24T15:00:41.000Z

You could look at the pluto cronjob template from our insights-agent as a starting point: https://github.com/FairwindsOps/charts/tree/master/stable/insights-agent/templates/pluto.

Answer 5 · 2024-07-25T05:55:20.000Z

Thanks for the link @bbensky!

How is the reporting or alerting done in your case, if I may ask? I have put together a cronjob myself in the meantime, but never got around to the actual alerting part (this far the cronjob never failed, so I was researching how to add a deprecated resource to make it find someting...)

Answer 6 · 2024-09-20T22:04:50.000Z

@kastl-ars Our reporting is done to our commercial SaaS backend - Fairwinds Insights.

I'm going to mark this as resolved, please feel free to re-open or open a new question if needed. Thanks!