You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/build-your-software-catalog/sync-data-to-catalog/kubernetes-stack/kubernetes/advanced.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -138,7 +138,7 @@ For more information how to use the `crdsToDiscover` parameter, please refer to
138
138
139
139
The K8s exporter supports configuration options to control access to environment variables within JQ queries used in resource mappings.
140
140
141
-
###`allowAllEnvironmentVariablesInJQ`
141
+
<h3> `allowAllEnvironmentVariablesInJQ` </h3>
142
142
143
143
The `allowAllEnvironmentVariablesInJQ` parameter controls whether all environment variables are accessible in JQ queries.
144
144
@@ -148,26 +148,26 @@ The `allowAllEnvironmentVariablesInJQ` parameter controls whether all environmen
148
148
:::warning Security Risk
149
149
Setting `allowAllEnvironmentVariablesInJQ` to `true` can expose sensitive environment variables to JQ queries. This includes:
150
150
- Port credentials (`PORT_CLIENT_ID`, `PORT_CLIENT_SECRET`)
151
-
- Kubernetes service account tokens
152
-
- Any other environment variables injected into the pod
153
-
- Secrets mounted as environment variables
151
+
- Kubernetes service account tokens.
152
+
- Any other environment variables injected into the pod.
153
+
- Secrets mounted as environment variables.
154
154
155
155
Due to the potential security implication, if you have a need to limit the exposure of environment variables in the exporter's JQ, please set this parameter to `false` and explicitly specify the variables that need to be accessed using JQ through the `allowedEnvironmentVariablesInJQ` parameter.
156
156
:::
157
157
158
-
###`allowedEnvironmentVariablesInJQ`
158
+
<h3> `allowedEnvironmentVariablesInJQ` </h3>
159
159
160
160
The `allowedEnvironmentVariablesInJQ` parameter specifies which environment variables are allowed in JQ queries when `allowAllEnvironmentVariablesInJQ` is set to `false`. This parameter accepts a list of JQ expressions that evaluate to environment variable names or patterns.
161
161
162
162
Each entry in the list is a JQ expression that should return:
163
163
- A specific environment variable name (e.g., `"CLUSTER_NAME"`)
164
164
- A pattern for matching multiple variables (e.g., `"^CLUSTER_"` to match all cluster-related environment variables)
165
-
- An array of environment variable names or patterns
165
+
- An array of environment variable names or patterns.
166
166
167
167
-**Default value**: `^PORT_, CLUSTER_NAME`
168
168
-**Use case**: Restrict access to only specific, safe environment variables in JQ queries for enhanced security. Use JQ expressions to dynamically determine which environment variables should be accessible.
0 commit comments