Skip to content

Add ConfigMaps discovery and reporting support #754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
achuchev wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Add ConfigMaps discovery and reporting support #754

achuchev wants to merge 7 commits into from

Conversation

@achuchev
Copy link
Contributor

@achuchev achuchev commented Jan 12, 2026
edited
Loading

ConfigMaps Discovery & Label & Annotation Filtering

Business Value

These enhancements provide users with greater control and flexibility over Kubernetes resource discovery:

  • ConfigMap discovery: Discovery of ConfigMap gaining insights into configuration
  • Label & annotation filtering: Apply label and annotation filters to any Kubernetes resource type, such as Pods, Deployments, Secrets, or ConfigMaps. This helps focus on important resources and exclude non-essential ones, reducing unnecessary data collection.

Changes

Feature 1: ConfigMap Discovery

Added ConfigMap resource type to the dynamic data gatherer:

  • Integrated core/v1/configmaps into the informer-based collection pipeline
  • Added ConfigMaps to the native Kubernetes resources map for optimized handling
  • ConfigMaps now benefit from the same caching and deletion tracking mechanisms as other resources

Feature 2: Label & Annotation Filtering of Resources

Implemented filtering for all resource types in the k8sdynamic data gatherer:

  • include-resources-by-labels: Collect only resources matching ALL specified labels
  • exclude-resources-by-labels: Skip resources with ANY of the specified labels
  • include-resources-by-annotations: Collect only resources matching ALL specified annotations
  • exclude-resources-by-annotations: Skip resources with ANY of the specified annotations

Note:

  • Values of labels and annotations are optional - to match only by key, specify an empty string "" as the value
  • Label filters are evaluated first and take precedence over annotation filters during the filtering process
  • Matching is case-sensitive - both keys and values must match exactly, including case (e.g., app: myapp will not match App: myapp or app: MyApp)

Filtering applies to Pods, Deployments, Secrets, ConfigMaps, Services, and any other resource type configured for collection. Validation ensures include/exclude filters of the same type are mutually exclusive.

How to test locally

  • Run the agent one-shot using the example MachineHub config:
    • go run . agent --one-shot --machine-hub -v 6 --agent-config-file ./examples/machinehub.yaml

Add ConfigMaps discovery and reporting support
8fc4343 
- Add ConfigMaps field to Snapshot struct for data upload
- Register ConfigMaps informer in kubernetesNativeResources
- Add ark/configmaps extractor function for data processing
- Update test coverage to include ConfigMaps
- Add ConfigMaps configuration to disco-agent templates
- Update example configurations and test snapshots

This enhancement allows the agent to discover and report ConfigMap
resources alongside existing resources like Pods and Daemonsets.
@achuchev achuchev requested a review from Copilot January 12, 2026 13:59
Copilot AI reviewed Jan 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds support for discovering and reporting Kubernetes ConfigMap resources to the CyberArk Discovery and Context API. The changes follow the existing pattern used for other Kubernetes resources like Pods and DaemonSets.

Changes:

  • Added ConfigMaps field to the Snapshot data structure for data upload
  • Registered ConfigMaps informer in the Kubernetes native resources map
  • Added ark/configmaps extractor function for processing ConfigMap data
  • Updated test coverage, example configurations, and chart templates

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Show a summary per file
File Description
internal/cyberark/dataupload/dataupload.go Added ConfigMaps field to Snapshot struct
pkg/datagatherer/k8s/dynamic.go Registered ConfigMaps informer in kubernetesNativeResources map
pkg/client/client_cyberark.go Added ark/configmaps extractor function to defaultExtractorFunctions map
pkg/client/client_cyberark_test.go Added ark/configmaps to defaultDynamicDatagathererNames test list
examples/machinehub.yaml Added ConfigMaps data gatherer configuration example
examples/machinehub/input.json Added ConfigMaps entry to example input data
deploy/charts/disco-agent/templates/configmap.yaml Added ConfigMaps configuration to helm chart template
deploy/charts/disco-agent/tests/__snapshot__/configmap_test.yaml.snap Updated test snapshots to include ConfigMaps configuration

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@achuchev achuchev self-assigned this Jan 21, 2026
achuchev
achuchev commented Jan 23, 2026
View reviewed changes
pkg/datagatherer/k8sdynamic/dynamic.go
continue
}

// filter by labels
Copy link
Contributor Author

@achuchev achuchev Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The assumption is that labels will be used more broadly, so they are applied for filtering first, followed by annotations. Please share your thoughts if you have a different perspective.

pkg/datagatherer/k8sdynamic/dynamic.go
// If includeFilters is set, all key-value pairs must match for the resource to be included.
// An empty string value means "match any value for this key" (key-only matching).
// If excludeFilters is set, any matching key-value pair will exclude the resource.
func matchesFilter(resourceMetadata, includeFilters, excludeFilters map[string]string) bool {
Copy link
Contributor Author

@achuchev achuchev Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regex support is not available, as I thought it was not required. Please share your thoughts if you have a different opinion.

deploy/charts/disco-agent/templates/configmap.yaml
version: v1
resource: configmaps
include-resources-by-labels:
conjur.org/name: "conjur-connect-configmap"
Copy link
Contributor Author

@achuchev achuchev Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This label uniquely identifies the ConfigMaps used by the Secrets Manager (aka Conjur) components.

@achuchev achuchev requested a review from Copilot January 23, 2026 14:15
Copilot AI reviewed Jan 23, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@achuchev achuchev marked this pull request as ready for review January 23, 2026 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@achuchev achuchev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@achuchev