{"id":13541641,"url":"https://github.com/anchore/k8s-inventory","last_synced_at":"2025-04-07T10:25:30.017Z","repository":{"id":40505163,"uuid":"295869102","full_name":"anchore/k8s-inventory","owner":"anchore","description":"Anchore Kubernetes Inventory can poll Kubernetes Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-use","archived":false,"fork":false,"pushed_at":"2024-10-29T09:29:09.000Z","size":912,"stargazers_count":63,"open_issues_count":4,"forks_count":15,"subscribers_count":20,"default_branch":"main","last_synced_at":"2024-10-29T11:38:28.317Z","etag":null,"topics":["anchore","container-image","containers","docker","go","golang","kubernetes","security","tool","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anchore.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-15T23:06:23.000Z","updated_at":"2024-10-29T09:26:37.000Z","dependencies_parsed_at":"2023-11-07T02:42:49.743Z","dependency_job_id":"9d14c794-20c8-47ab-a161-033d13fa2479","html_url":"https://github.com/anchore/k8s-inventory","commit_stats":{"total_commits":344,"total_committers":17,"mean_commits":"20.235294117647058","dds":0.6918604651162791,"last_synced_commit":"7f3999be24a3d42d915abaf03d1b82ce5a421a7f"},"previous_names":["anchore/kai"],"tags_count":33,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fk8s-inventory","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fk8s-inventory/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fk8s-inventory/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anchore%2Fk8s-inventory/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anchore","download_url":"https://codeload.github.com/anchore/k8s-inventory/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247633571,"owners_count":20970349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anchore","container-image","containers","docker","go","golang","kubernetes","security","tool","vulnerability"],"created_at":"2024-08-01T10:00:52.889Z","updated_at":"2025-04-07T10:25:29.991Z","avatar_url":"https://github.com/anchore.png","language":"Go","funding_links":[],"categories":["Container Tools"],"sub_categories":["MultiCloud Governance"],"readme":"# Anchore Kubernetes Inventory\n[![Go Report Card](https://goreportcard.com/badge/github.com/anchore/k8s-inventory)](https://goreportcard.com/report/github.com/anchore/k8s-inventory)\n[![GitHub release](https://img.shields.io/github/release/anchore/k8s-inventory.svg)](https://github.com/anchore/k8s-inventory/releases/latest)\n[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/anchore/k8s-inventory/blob/main/LICENSE)\n\n`anchore-k8s-inventory` polls the Kubernetes API on an interval to retrieve which images are currently in use.\n\nIt can be run inside a cluster (under a Service Account) or outside (via any provided kubeconfig).\n\n## Getting Started\n[Install the binary](#installation) or Download the [Docker image](https://hub.docker.com/r/anchore/k8s-inventory/tags)\n\n## Installation\n`anchore-k8s-inventory` can be run as a CLI, Docker Container, or Helm Chart\n\nBy default, `anchore-k8s-inventory` will look for a kubeconfig in the home directory to use to authenticate (when run as a CLI).\n\n### CLI\n```shell script\n$ anchore-k8s-inventory --verbose-inventory-reports\n{\n \"cluster_name\": \"docker-desktop\",\n \"containers\": [\n {\n \"id\": \"docker://911d2cf6351cbafc349f131aeef1b1fb295a889504d38c89a065da1a91d828b9\",\n \"image_digest\": \"sha256:76049887f07a0476dc93efc2d3569b9529bf982b22d29f356092ce206e98765c\",\n \"image_tag\": \"docker.io/kubernetesui/metrics-scraper:v1.0.8\",\n \"name\": \"dashboard-metrics-scraper\",\n \"pod_uid\": \"c5b40099-20a5-4b46-8062-cf84f9d6ac23\"\n },\n {\n \"id\": \"docker://a9cd75ad99dd4363bbd882b40e753b58c62bfd7b03cabeb764c1dac97568ad26\",\n \"image_digest\": \"sha256:2e500d29e9d5f4a086b908eb8dfe7ecac57d2ab09d65b24f588b1d449841ef93\",\n \"image_tag\": \"docker.io/kubernetesui/dashboard:v2.7.0\",\n \"name\": \"kubernetes-dashboard\",\n \"pod_uid\": \"72ba7e4e-6e35-48c0-bff7-558a525074d5\"\n },\n\t.....\n ],\n \"namespaces\": [\n {\n \"labels\": {\n \"kubernetes.io/metadata.name\": \"kube-public\"\n },\n \"name\": \"kube-public\",\n \"uid\": \"dd561bf1-11ff-4381-8a1f-f156c206fe13\"\n },\n {\n \"labels\": {\n \"kubernetes.io/metadata.name\": \"kube-system\"\n },\n \"name\": \"kube-system\",\n \"uid\": \"012ebe67-dd49-4fd9-b604-258385df3957\"\n },\n\t.....\n ],\n \"nodes\": [\n {\n \"annotations\": {\n \"kubeadm.alpha.kubernetes.io/cri-socket\": \"unix:///var/run/cri-dockerd.sock\",\n \"node.alpha.kubernetes.io/ttl\": \"0\",\n \"volumes.kubernetes.io/controller-managed-attach-detach\": \"true\"\n },\n \"arch\": \"arm64\",\n \"container_runtime_version\": \"docker://20.10.23\",\n \"kernel_version\": \"5.15.49-linuxkit\",\n \"kube_proxy_version\": \"v1.26.1\",\n \"kubelet_version\": \"v1.26.1\",\n \"labels\": {\n \"beta.kubernetes.io/arch\": \"arm64\",\n \"beta.kubernetes.io/os\": \"linux\",\n \"kubernetes.io/arch\": \"arm64\",\n \"kubernetes.io/hostname\": \"minikube\",\n \"kubernetes.io/os\": \"linux\",\n \"minikube.k8s.io/commit\": \"ddac20b4b34a9c8c857fc602203b6ba2679794d3\",\n \"minikube.k8s.io/name\": \"minikube\",\n \"minikube.k8s.io/primary\": \"true\",\n \"minikube.k8s.io/updated_at\": \"2023_04_11T11_20_54_0700\",\n \"minikube.k8s.io/version\": \"v1.29.0\",\n \"node-role.kubernetes.io/control-plane\": \"\",\n \"node.kubernetes.io/exclude-from-external-load-balancers\": \"\"\n },\n \"name\": \"minikube\",\n \"operating_system\": \"linux\",\n \"uid\": \"b8334e25-68a5-4cbc-bf7a-fc188f2c6023\"\n }\n ],\n \"pods\": [\n {\n \"annotations\": {\n \"seccomp.security.alpha.kubernetes.io/pod\": \"runtime/default\"\n },\n \"labels\": {\n \"k8s-app\": \"dashboard-metrics-scraper\",\n \"pod-template-hash\": \"5c6664855\"\n },\n \"name\": \"dashboard-metrics-scraper-5c6664855-s8lpc\",\n \"namespace_uid\": \"c1d98ff5-6689-4016-aef3-8802790c3b10\",\n \"node_uid\": \"b8334e25-68a5-4cbc-bf7a-fc188f2c6023\",\n \"uid\": \"c5b40099-20a5-4b46-8062-cf84f9d6ac23\"\n },\n {\n \"labels\": {\n \"gcp-auth-skip-secret\": \"true\",\n \"k8s-app\": \"kubernetes-dashboard\",\n \"pod-template-hash\": \"55c4cbbc7c\"\n },\n \"name\": \"kubernetes-dashboard-55c4cbbc7c-6p28m\",\n \"namespace_uid\": \"c1d98ff5-6689-4016-aef3-8802790c3b10\",\n \"node_uid\": \"b8334e25-68a5-4cbc-bf7a-fc188f2c6023\",\n \"uid\": \"72ba7e4e-6e35-48c0-bff7-558a525074d5\"\n },\n\t.....\n ],\n \"serverVersionMetadata\": {\n \"major\": \"1\",\n \"minor\": \"26\",\n \"gitVersion\": \"v1.26.1\",\n \"gitCommit\": \"8f94681cd294aa8cfd3407b8191f6c70214973a4\",\n \"gitTreeState\": \"clean\",\n \"buildDate\": \"2023-01-18T15:51:25Z\",\n \"goVersion\": \"go1.19.5\",\n \"compiler\": \"gc\",\n \"platform\": \"linux/arm64\"\n },\n \"timestamp\": \"2023-05-03T12:34:13Z\"\n}\n```\n### Container\n\nIn order to run `anchore-k8s-inventory` as a container, it needs a kubeconfig\n```sh\n~ docker run -it --rm -v ~/.kube/config:/.kube/config anchore/k8s-inventory:latest --verbose-inventory-reports\n```\n\n### Helm Chart\n\nAnchore-k8s-inventory is the foundation of Anchore Enterprise's Runtime Inventory feature. Running anchore-k8s-inventory via Helm is a great way to retrieve your Kubernetes Image inventory without providing Cluster Credentials to Anchore.\n\nAnchore-k8s-inventory runs as a read-only service account in the cluster it's deployed to.\n\nIn order to report the inventory to Anchore, anchore-k8s-inventory does require authentication material for your Anchore Enterprise deployment.\nanchore-k8s-inventory's helm chart automatically creates a kubernetes secret for the Anchore Password based on the values file you use, Ex.:\n\n```yaml\nanchore-k8s-inventory:\n anchore:\n password: foobar\n```\n\nIt will set the following environment variable based on this: `ANCHORE_K8S_INVENTORY_ANCHORE_PASSWORD=foobar`.\n\nIf you don't want to store your Anchore password in the values file, you can create your own secret to do this:\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n name: anchore-k8s-inventory-anchore-password\ntype: Opaque\nstringData:\n ANCHORE_K8S_INVENTORY_ANCHORE_PASSWORD: foobar\n```\n\nand then provide it to the helm chart via the values file:\n\n```yaml\nanchore-k8s-inventory:\n existingSecret: anchore-k8s-inventory-anchore-password\n```\n\nanchore-k8s-inventory's helm chart is part of the [charts.anchore.io](https://charts.anchore.io) repo. You can install it via:\n\n```sh\nhelm repo add anchore https://charts.anchore.io\nhelm install \u003crelease-name\u003e -f \u003cvalues.yaml\u003e anchore/k8s-inventory\n```\n\nA basic values file can always be found [here](https://github.com/anchore/anchore-charts/tree/main/stable/k8s-inventory/values.yaml)\n\n## The anchore-k8s-inventory agent as an Enterprise Integration\nIn the Enterprise `v5.11.0` release, Enterprise provides the ability for k8s-inventory to register and provide health \nreporting. This allows Enterprise to track the status of the agents and expose that information to administrators.\nIn the API that Enterprise provides for this feature, the entities are referred to as Integrations. Hence, the\nanchore-k8s-inventory agent is a type of Integration.\n\nBefore an agent can start sending health reports, it needs to register with Enterprise. This is a handshake whereby\nthe agent presents itself to Enterprise. The registration contains information such as type of integration, its name, \nwhen it was started, uptime, how often it will send health reports etc. Some of the properties are optional such as the \n'description' property.\n\nWhen the agent registers it is assigned an integration uuid by Enterprise. This uuid is then used for all API operations \nthat target that particular integration instance. Hence, when the agent sends its health reports to Enterprise, it \nmakes a REST API call to a URL that includes the integration uuid.\n\n### Registering as integration\nWhen the agent registers with Enterprise, the registration will include a `registration_id` and a \n`registration_instance_id`. These are used by Enterprise to look up the integration uuid for the agent.\nIf it is the first time the agent registers, no integration `uuid` will exist so Enterprise will create one and store the\nassociation between the integration uuid and `\u003cregistration_id, registration_instance_id\u003e` in its database. For \nsubsequent re-registrations (e.g., if the agent pod is restarted), the association will allow Enterprise to return the\nintegration `uuid` created in the earlier registration. Hence, as long as the \n`\u003cregistration_id, registration_instance_id\u003e` pair remains the same, Enterprise will consider it to be the same \nintegration instance. The reason a value pair is needed is that integrations like the `anchore_k8s_inventory` agent can\nbe deployed as multiple replicas (in the case of K8s Deployment). Enterprise must be able to differentiate between the\nagent replica instances. A value pair with sensibly chosen values makes that possible.\n\nThe `registration_id` can be set via configuration (see the Configuration section below).\n\nOnly the agent itself can set the `registration_instance_id` value. It will set it to the hostname where the agent runs \n(or if its empty, generate a uuid and use that value).\n\n### Backwards compatibility \nIf the agent interacts with an Enterprise deployment that does not support Integration registration and health\nreporting (i.e., Enterprise releases \u003c `v5.11.0`), it will skip registration, disable health reporting and then let\ninventory reporting continue like in pre-`v1.7.0` releases. The agent will periodically check if Enterprise has been\nupgraded to `v5.11.0` or later and perform registration and enable health reporting in such cases. No restart of the\nagent is required for this to happen.\n\n## Configuration\n```yaml\n# same as -q ; suppress all output (except for the inventory results)\nquiet: false\n\nlog:\n # use structured logging\n structured: false\n\n # the log level; note: detailed logging suppress the ETUI\n level: \"debug\"\n\n # location to write the log file (default is not to have a log file)\n file: \"./anchore-k8s-inventory.log\"\n\n# enable/disable checking for application updates on startup\ncheck-for-app-update: true\n\nkubeconfig:\n path:\n cluster: docker-desktop\n cluster-cert:\n server: # ex. https://kubernetes.docker.internal:6443\n user:\n type: # valid: [private_key, token]\n client-cert:\n private-key:\n token:\n\n# enable/disable printing inventory reports to stdout\nverbose-inventory-reports: false\n```\n\n### Integration registration\nConfigure values for the registration of the agent as an Integration.\nThe `registration_id` can preferably be left empty if the Anchore helm charts`k8s-inventory v0.5.0` or later are used.\nIf explicitly set in the configuration it is advisable to use some tool that can generate uuids to ensure uniqueness.\n```yaml\nanchore-registration:\n # The id to register the agent as with Enterprise, so Enterprise can map the agent to its integration uuid.\n # If left unspecified, the agent will attempt to set registration-id to the uid of the K8s Deployment for the agent.\n # If that fails (e.g., if the agent is not deployed on K8s), the agent will generate a UUID to use as registration-id.\n registration-id:\n # The name that the agent should have. If left unspecified, the agent will attempt to set it to the name of the K8s\n # Deployment for the agent. If that fails it will be empty.\n integration-name:\n # A short description for the agent\n integration-description:\n```\n\n### Namespace selection\n\nConfigure which namespaces anchore-k8s-inventory should search.\n\n* `include` section\n * A list of explicit strings that will detail the list of namespaces to capture image data from.\n * If left as an empty list `[]` all namespaces will be searched\n * Example:\n\n```yaml\nnamespace-selectors:\n include:\n - default\n - kube-system\n - prod-app\n```\n\n* `exclude` section\n * A list of explicit strings and/or regex patterns for namespaces to be excluded.\n * A regex is determined if the string does not match standard DNS name requirements.\n * Example:\n\n```yaml\nnamespace-selectors:\n exclude:\n - default\n - ^kube-*\n - ^prod-*\n```\n\n```yaml\n# Which namespaces to search or exclude.\nnamespace-selectors:\n # Namespaces to include as explicit strings, not regex\n # NOTE: Will search ALL namespaces if left as an empty array\n include: []\n\n # List of namespaces to exclude, can use explicit strings and/or regexes.\n # For example\n #\n # list:\n # - default\n # - ^kube-*\n #\n # Will exclude the default, kube-system, and kube-public namespaces\n exclude: []\n\n # If true then namespaces containing 0 pods will be omitted from the report sent to Anchore Enterprise\n ignore-empty: false\n```\n\n### Account Routing\n\nThe following configuration options can determine which Anchore account\ninventory reports are sent to. Without any of the following configuration the\naccount set in the `anchore` section will be used.\n\nIf a mixture of static account routing and account routing by namespace label\nis used then the static account routes configured in k8s-inventory config will\ntake precedence over any account that is specified by namespace label.\n\n#### Static account routing config\n\nSet a list of accounts and which namespaces inventory should be sent to that\naccount. You can override the default credentials on a per account basis, if\nnot set then the global credentials set in the `anchore` section will be used.\n\n```yaml\naccount-routes:\n # \u003cAnchore Account Name\u003e: # (this is the name of the anchore account e.g. admin)\n # user: \u003cusername\u003e \u003cOPTIONAL\u003e\n # password: \u003cpassword\u003e \u003cOPTIONAL\u003e\n # namespaces: # Can be a list of explicit namespaces matches or regex patterns\n # - \u003cnamespace\u003e\n # - \u003cregex pattern\u003e\n #\n # Example\n # admin:\n # user: username\n # password: password\n # namespaces:\n # - default\n # - ^kube-*\n```\n\n#### Account routing by namespace label\n\nIn this mode use a label set on a kubernetes namespace to determine which\nAnchore account inventory data for that namespace should be sent to. It is\nassumed that the credentials set in the `anchore` section can post to all\naccounts.\n\n```yaml\n# Route namespaces to anchore accounts by a label on the namespace\naccount-route-by-namespace-label:\n # The name of the namespace label that will be used to route the contents of\n # that namespace to the Anchore account matching the value of the label\n key: # e.g anchore.io/account.name\n # The name of the account to route inventory to for a namespace that is\n # missing the label or if the anchore account is not found.\n # If not set then it will default to the account specified in the anchore credentials\n default-account: # e.g. admin\n # If true will exclude inventorying namespaces that are missing the specified label\n ignore-namespace-missing-label: false\n```\n\n### Kubernetes API Parameters\n\nThis section will allow users to tune the way anchore-k8s-inventory interacts with the kubernetes API server.\n\n```yaml\n# Kubernetes API configuration parameters (should not need tuning)\nkubernetes:\n # Sets the request timeout for kubernetes API requests\n request-timeout-seconds: 60\n\n # Sets the number of objects to iteratively return when listing resources\n request-batch-size: 100\n\n # Worker pool size for collecting pods from namespaces. Adjust this if the api-server gets overwhelmed\n worker-pool-size: 100\n```\n\n### anchore-k8s-inventory mode of operation\n\n```yaml\n# Can be one of adhoc, periodic (defaults to adhoc)\nmode: adhoc\n\n# Only respected if mode is periodic\npolling-interval-seconds: 300\n```\n\n### Missing Tag Policy\n\nThere are cases where images in Kubernetes do not have an associated tag - for\nexample when an image is deployed using the digest.\n\n```sh\nkubectl run python --image=python@sha256:f0a210a37565286ecaaac0529a6749917e8ea58d3dfc72c84acfbfbe1a64a20a\n```\n\nAnchore Enterprise will use the image digest to process an image but it still requires a tag to be\nassociated with the image. The `missing-tag-policy` lets you configure the best way to handle the\nmissing tag edge case in your environment.\n\n**digest** will use the image digest as a dummy tag.\n```json\n{\n \"tag\": \"alpine:4ed1812024ed78962a34727137627e8854a3b414d19e2c35a1dc727a47e16fba\",\n \"repoDigest\": \"sha256:4ed1812024ed78962a34727137627e8854a3b414d19e2c35a1dc727a47e16fba\"\n}\n```\n\n**insert** will use a dummy tag configured by `missing-tag-policy.tag`\n```json\n{\n \"tag\": \"alpine:UNKNOWN\",\n \"repoDigest\": \"sha256:4ed1812024ed78962a34727137627e8854a3b414d19e2c35a1dc727a47e16fba\"\n}\n```\n\n**drop** will simply ignore the images that don't have tags.\n\n\n```yaml\n# Handle cases where a tag is missing. For example - images designated by digest\nmissing-tag-policy:\n # One of the following options [digest, insert, drop]. Default is 'digest'\n #\n # [digest] will use the image's digest as a dummy tag.\n #\n # [insert] will insert a default tag in as a dummy tag. The dummy tag is\n # customizable under missing-tag-policy.tag\n #\n # [drop] will drop images that do not have tags associated with them. Not\n # recommended.\n policy: digest\n\n # Dummy tag to use. Only applicable if policy is 'insert'. Defaults to UNKNOWN\n tag: UNKNOWN\n```\n\n### Ignore images that are not yet in a Running state\n\n```yaml\n# Ignore images out of pods that are not in a Running state\nignore-not-running: true\n```\n\n### Batching Inventory Report Posting\n\nSet upper limits for the content that can be contained in a single inventory report POST\nto Anchore Enterprise. If the inventory data is greater than the limit then the inventory\nreport will be broken into smaller requests up to the limit size specified.\n\n```yaml\ninventory-report-limits:\n namespaces: 0 # default of 0 means no limit\n```\n\n### Metadata configuration\n\nInclude only a subset of annotations/labels for each resource type or disable metadata entirely\n\n```yaml\nmetadata-collection:\n nodes:\n annotations: [] # List of annotations to include (explicit or regex)\n labels: [] # List of labels to include (explicit or regex)\n disable: false # Remove all optional node metadata from the inventory report\n namespaces:\n annotations: [] # List of annotations to include (explicit or regex)\n labels: [] # List of labels to include (explicit or regex)\n disable: false # Remove all optional namespace metadata from the inventory report\n pods:\n annotations: [] # List of annotations to include (explicit or regex)\n labels: [] # List of labels to include (explicit or regex)\n disable: false # Remove all optional pod metadata from the inventory report\n```\n\n### Anchore API configuration\n\nUse this section to configure the Anchore Enterprise API endpoint\n\n```yaml\nanchore:\n url: \u003cyour anchore api url\u003e\n user: \u003canchore-k8s-inventory_inventory_user\u003e\n password: $ANCHORE_K8S_INVENTORY_ANCHORE_PASSWORD\n account: \u003canchore account to send inventory reports\u003e\n http:\n insecure: true\n timeout-seconds: 10\n```\n\n## Support for Integration registration and health reporting (v1.7.0)\nFrom `v1.7.0`, anchore-k8s-inventory will attempt to register as an integration with Enterprise and send health reports\nto allow Enterprise to track its status. This requires Enterprise release `v5.11.0` or later but the agent will work with\nolder versions of Enterprise. However, it will only perform the inventory reporting with those Enterprise deployments.\n\n## Behavior change (v0.5.0) (formerly KAI) \n\nIn versions of anchore-k8s-inventory \u003c v0.5.0 the default behavior was to output the inventory report\nto stdout every time it was generated. anchore-k8s-inventory v0.5.0 changes this so it will not print\nto stdout unless `verbose-inventory-reports: true` is set in the config file or\nanchore-k8s-inventory is called with the `--verbose-inventory-reports` flag.\n\n## Configuration Changes (v0.2.2 -\u003e v0.3.0) (formerly KAI) \n\nThere are a few configurations that were changed from v0.2.2 to v0.3.0\n\n#### `kubernetes-request-timeout-seconds`\n\nThe request timeout for the kubernetes API was changed from\n\n```yaml\nkubernetes-request-timeout-seconds: 60\n```\n\nto\n\n```yaml\nkubernetes:\n request-timeout-seconds: 60\n```\n\nanchore-k8s-inventory will still honor the old configuration. It will prefer the old configuration\nparameter until it is removed from the config entirely. It is safe to remove the\nold configuration in favor of the new config.\n\n#### `namespaces`\n\nThe namespace configuration was changed from\n\n```yaml\nnamespaces:\n- all\n```\n\nto\n\n```yaml\nnamespace-selectors:\n include: []\n exclude: []\n```\n\n`namespace-selectors` was added to eventually replace `namespaces` to allow for both\ninclude and exclude configs. The old `namespaces` array will be honored if\n`namespace-selectors.include` is empty. It is safe to remove `namespaces` entirely\nin favor of `namespace-selectors`\n\n## Developing\n### Build\n**Note:** This will drop the binary in the `./snapshot/` directory\n\n**On Mac**\n```sh\nmake mac-binary\n```\n\n**On Linux**\n```sh\nmake linux-binary\n```\n\n### Testing\n\nThe Makefile has testing built into it. For unit tests simply run\n\n```sh\nmake unit\n```\n\n### Docker\nTo build a docker image, you'll need to provide a kubeconfig.\n\nNote: Docker build requires files to be within the docker build context\n\n```sh\ndocker build -t localhost/anchore-k8s-inventory:latest --build-arg KUBECONFIG=./kubeconfig .\n```\n\n### Shell Completion\nanchore-k8s-inventory comes with shell completion for specifying namespaces, it can be enabled as follows. Run with the `--help` command to get the instructions for the shell of your choice\n\n```sh\nanchore-k8s-inventory completion \u003czsh|bash|fish\u003e\n```\n\n### Using Skaffold\nYou can use skaffold for dev. The 'bootstrap-skaffold' make target will clone the chart into the current directory to wire\nit up for skaffold to use. To trigger redeployments you'll need to run `make linux-binary` and skaffold will rebuild the image\nand update the helm release.\n\n```sh\nmake bootstrap-skaffold\nmake linux-binary\nskaffold dev\n```\n\n## Releasing\nTo create a release of anchore-k8s-inventory, a tag needs to be created that points to a commit in `main`\nthat we want to release. This tag shall be a semver prefixed with a `v`, e.g. `v0.2.7`.\nThis will trigger a GitHub Action that will create the release.\n\nAfter the release has been successfully created, make sure to specify the updated version\nin both Enterprise and the anchore-k8s-inventory Helm Chart in\n[anchore-charts](https://github.com/anchore/anchore-charts).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanchore%2Fk8s-inventory","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanchore%2Fk8s-inventory","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanchore%2Fk8s-inventory/lists"}