Collect additional k8s resources using the cluster resources collector
Closed this issue · 4 comments
Describe the rationale for the suggested feature.
Add implementation to collect following additional resources from a cluster
Describe the feature
Have the clusterResources collector collect
- Service accounts - stored in
serviceaccounts - Secrets - stored in
secrets - ConfigMaps - stored in
configmaps - Volume attachments - stored in
volumeattachments
Additional context
Although secrets objects are highly sensitive to avoid collecting, they are crucial when it comes to piecing together an environment when troubleshooting a field problem. To mitigate accidental leakage of confidential information, I propose redacting secrets data and stringData fields by default and have an explicit field to not redact such values for cases where such information needs to be retained. Perhaps we should introducing a field like retailSensitiveData or something similar in the clusterResources collector
Secrets: https://troubleshoot.sh/docs/collect/secret/ (note: includeValue defaults to false, i.e. don't collect the data)
ConfigMap: https://troubleshoot.sh/docs/collect/configmap/
How does this differ from the above? Is it the location of the data?
Regards volumeattachments and serviceaccounts, yup that should be easy enough to add and worthwhile.
How does this differ from the above? Is it the location of the data?
Yer, its the location of the data. Since these are k8s resources, storing them there as native objects like all other resources collected by the clusterResources collector makes it possible to consume them with tools like sbctl.
I should have made that explicit in the original description.
I have added volumeAttachments and configmaps. Secrets will not be collected as default.