Search Configurable Collection - stolostron/search-v2-operator GitHub Wiki

Control the Kubernetes resources that get collected from the cluster by referencing an allow and deny list within a configmap with the name search-collector-config. Create the configmap following the format in the sample template below:

apiVersion: v1
kind: ConfigMap
metadata:
 name: search-collector-config
 namespace: <namespace where search-collector add-on is deployed>
data:
 AllowedResources: |-
   - apiGroups:
       - "*"
     resources:
       - services
       - pods
   - apiGroups:
       - admission.k8s.io
       - authentication.k8s.io
     resources:
       - "*"
 DeniedResources: |-
   - apiGroups:
       - "*"
     resources:
       - secrets
   - apiGroups:
       - admission.k8s.io
     resources:
       - policies
       - iampolicies
       - certificatepolicies

Steps to create search-collector-config

1. The name of the ConfigMap must be search-collector-config.

2. namespace is the Namespace where the Search-Collector add-on is deployed.

3. Under data define AllowedResources and DeniedResources as key value pairs wrapped in a string block with |- to preserve linebreaks.

   • The asterisk "*" represents all.

   • For resources that don't have apigroups, you should replace the apiGroups value with an empty string "". You can check which resources don't have apigroups with oc api-resources -o wide

   • If the same resources are featured in both lists, they will be excluded.

4. Once you save your changes you can apply your changes by running oc apply -f configMapFile.yaml

5. Wait a few minutes for changes to resources to update. This also applies when current configmap gets updated.