Skip to content

Commit

Permalink
update docs
Browse files Browse the repository at this point in the history 
Signed-off-by: Mmadu Manasseh <[email protected]>
  • Loading branch information
@MeNsaaH
MeNsaaH committed Jan 10, 2025
1 parent fa77575 commit 79fb60d
Showing 1 changed file with 58 additions and 55 deletions.
113 changes: 58 additions & 55 deletions docs/usage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,58 +34,61 @@ Refer to [configuration](#configuration) for details about the various options a

The full list of supported environment variables is described below:

| Env Var | Description | Default Value |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| `KUBECHECKS_ADDITIONAL_APPS_NAMESPACES` | Additional namespaces other than the ArgoCDNamespace to monitor for applications. | `[]` |
| `KUBECHECKS_ARGOCD_API_INSECURE` | Enable to use insecure connections over TLS to the ArgoCD API server. | `false` |
| `KUBECHECKS_ARGOCD_API_NAMESPACE` | ArgoCD namespace where the application watcher will read Custom Resource Definitions (CRD) for Application and ApplicationSet resources. | `argocd` |
| `KUBECHECKS_ARGOCD_API_PLAINTEXT` | Enable to use plaintext connections without TLS. | `false` |
| `KUBECHECKS_ARGOCD_API_SERVER_ADDR` | ArgoCD API Server Address. | `argocd-server` |
| `KUBECHECKS_ARGOCD_API_TOKEN` | ArgoCD API token. | |
| `KUBECHECKS_ARGOCD_REPOSITORY_ENDPOINT` | Location of the argocd repository service endpoint. | `argocd-repo-server.argocd:8081` |
| `KUBECHECKS_ARGOCD_REPOSITORY_INSECURE` | True if you need to skip validating the grpc tls certificate. | `true` |
| `KUBECHECKS_ARGOCD_SEND_FULL_REPOSITORY` | Set to true if you want to try to send the full repository to ArgoCD when generating manifests. | `false` |
| `KUBECHECKS_ENABLE_CONFTEST` | Set to true to enable conftest policy checking of manifests. | `false` |
| `KUBECHECKS_ENABLE_HOOKS_RENDERER` | Render hooks. | `true` |
| `KUBECHECKS_ENABLE_KUBECONFORM` | Enable kubeconform checks. | `true` |
| `KUBECHECKS_ENABLE_KYVERNO_CHECKS` | Enable kyverno policy checks. | `false` |
| `KUBECHECKS_ENABLE_PREUPGRADE` | Enable preupgrade checks. | `true` |
| `KUBECHECKS_ENSURE_WEBHOOKS` | Ensure that webhooks are created in repositories referenced by argo. | `false` |
| `KUBECHECKS_FALLBACK_K8S_VERSION` | Fallback target Kubernetes version for schema / upgrade checks. | `1.23.0` |
| `KUBECHECKS_GITHUB_APP_ID` | Github App ID. | `0` |
| `KUBECHECKS_GITHUB_INSTALLATION_ID` | Github Installation ID. | `0` |
| `KUBECHECKS_GITHUB_PRIVATE_KEY` | Github App Private Key. | |
| `KUBECHECKS_KUBERNETES_CLUSTERID` | Kubernetes Cluster ID, must be specified if kubernetes-type is eks. | |
| `KUBECHECKS_KUBERNETES_CONFIG` | Path to your kubernetes config file, used to monitor applications. | |
| `KUBECHECKS_KUBERNETES_TYPE` | Kubernetes Type One of eks, or local. | `local` |
| `KUBECHECKS_KYVERNO_POLICIES_LOCATION` | Sets kyverno policy locations to be used for every check request. This is a git url in either git or http(s) format. | |
| `KUBECHECKS_LABEL_FILTER` | (Optional) If set, The label that must be set on an MR (as "kubechecks:<value>") for kubechecks to process the merge request webhook. | |
| `KUBECHECKS_LOG_LEVEL` | Set the log output level. One of error, warn, info, debug, trace. | `info` |
| `KUBECHECKS_MAX_CONCURRENCT_CHECKS` | Number of concurrent checks to run. | `32` |
| `KUBECHECKS_MAX_QUEUE_SIZE` | Size of app diff check queue. | `1024` |
| `KUBECHECKS_MONITOR_ALL_APPLICATIONS` | Monitor all applications in argocd automatically. | `true` |
| `KUBECHECKS_OPENAI_API_TOKEN` | OpenAI API Token. | |
| `KUBECHECKS_OTEL_COLLECTOR_HOST` | The OpenTelemetry collector host. | |
| `KUBECHECKS_OTEL_COLLECTOR_PORT` | The OpenTelemetry collector port. | |
| `KUBECHECKS_OTEL_ENABLED` | Enable OpenTelemetry. | `false` |
| `KUBECHECKS_PERSIST_LOG_LEVEL` | Persists the set log level down to other module loggers. | `false` |
| `KUBECHECKS_POLICIES_LOCATION` | Sets rego policy locations to be used for every check request. Can be common path inside the repos being checked or git urls in either git or http(s) format. | `[./policies]` |
| `KUBECHECKS_REPLAN_COMMENT_MSG` | comment message which re-triggers kubechecks on PR. | `kubechecks again` |
| `KUBECHECKS_REPO_REFRESH_INTERVAL` | Interval between static repo refreshes (for schemas and policies). | `5m` |
| `KUBECHECKS_SCHEMAS_LOCATION` | Sets schema locations to be used for every check request. Can be a common path on the host or git urls in either git or http(s) format. | `[]` |
| `KUBECHECKS_SHOW_DEBUG_INFO` | Set to true to print debug info to the footer of MR comments. | `false` |
| `KUBECHECKS_TIDY_OUTDATED_COMMENTS_MODE` | Sets the mode to use when tidying outdated comments. One of hide, delete. | `hide` |
| `KUBECHECKS_VCS_BASE_URL` | VCS base url, useful if self hosting gitlab, enterprise github, etc. | |
| `KUBECHECKS_VCS_EMAIL` | VCS Email. | |
| `KUBECHECKS_VCS_TOKEN` | VCS API token. | |
| `KUBECHECKS_VCS_TYPE` | VCS type. One of gitlab or github. | `gitlab` |
| `KUBECHECKS_VCS_UPLOAD_URL` | VCS upload url, required for enterprise github. | |
| `KUBECHECKS_VCS_USERNAME` | VCS Username. | |
| `KUBECHECKS_WEBHOOK_SECRET` | Optional secret key for validating the source of incoming webhooks. | |
| `KUBECHECKS_WEBHOOK_URL_BASE` | The endpoint to listen on for incoming PR/MR event webhooks. For example, 'https://checker.mycompany.com'. | |
| `KUBECHECKS_WEBHOOK_URL_PREFIX` | If your application is running behind a proxy that uses path based routing, set this value to match the path prefix. For example, '/hello/world'. | |
| `KUBECHECKS_WORST_CONFTEST_STATE` | The worst state that can be returned from conftest. | `panic` |
| `KUBECHECKS_WORST_HOOKS_STATE` | The worst state that can be returned from the hooks renderer. | `panic` |
| `KUBECHECKS_WORST_KUBECONFORM_STATE` | The worst state that can be returned from kubeconform. | `panic` |
| `KUBECHECKS_WORST_KYVERNO_STATE` | The worst state that can be returned from the kyverno checks. | `panic` |
| `KUBECHECKS_WORST_PREUPGRADE_STATE` | The worst state that can be returned from preupgrade checks. | `panic` |
|Env Var|Description|Default Value|
|-----------|-------------|------|
|`KUBECHECKS_ADDITIONAL_APPS_NAMESPACES`|Additional namespaces other than the ArgoCDNamespace to monitor for applications.|`[]`|
|`KUBECHECKS_ARGOCD_API_INSECURE`|Enable to use insecure connections over TLS to the ArgoCD API server.|`false`|
|`KUBECHECKS_ARGOCD_API_NAMESPACE`|ArgoCD namespace where the application watcher will read Custom Resource Definitions (CRD) for Application and ApplicationSet resources.|`argocd`|
|`KUBECHECKS_ARGOCD_API_PLAINTEXT`|Enable to use plaintext connections without TLS.|`false`|
|`KUBECHECKS_ARGOCD_API_SERVER_ADDR`|ArgoCD API Server Address.|`argocd-server`|
|`KUBECHECKS_ARGOCD_API_TOKEN`|ArgoCD API token.||
|`KUBECHECKS_ARGOCD_REPOSITORY_ENDPOINT`|Location of the argocd repository service endpoint.|`argocd-repo-server.argocd:8081`|
|`KUBECHECKS_ARGOCD_REPOSITORY_INSECURE`|True if you need to skip validating the grpc tls certificate.|`true`|
|`KUBECHECKS_ARGOCD_SEND_FULL_REPOSITORY`|Set to true if you want to try to send the full repository to ArgoCD when generating manifests.|`false`|
|`KUBECHECKS_ENABLE_CONFTEST`|Set to true to enable conftest policy checking of manifests.|`false`|
|`KUBECHECKS_ENABLE_HOOKS_RENDERER`|Render hooks.|`true`|
|`KUBECHECKS_ENABLE_KUBECONFORM`|Enable kubeconform checks.|`true`|
|`KUBECHECKS_ENABLE_KYVERNO_CHECKS`|Enable kyverno policy checks.|`false`|
|`KUBECHECKS_ENABLE_PREUPGRADE`|Enable preupgrade checks.|`true`|
|`KUBECHECKS_ENSURE_WEBHOOKS`|Ensure that webhooks are created in repositories referenced by argo.|`false`|
|`KUBECHECKS_FALLBACK_K8S_VERSION`|Fallback target Kubernetes version for schema / upgrade checks.|`1.23.0`|
|`KUBECHECKS_GITHUB_APP_ID`|Github App ID.|`0`|
|`KUBECHECKS_GITHUB_INSTALLATION_ID`|Github Installation ID.|`0`|
|`KUBECHECKS_GITHUB_PRIVATE_KEY`|Github App Private Key.||
|`KUBECHECKS_KUBERNETES_CLUSTERID`|Kubernetes Cluster ID, must be specified if kubernetes-type is eks.||
|`KUBECHECKS_KUBERNETES_CONFIG`|Path to your kubernetes config file, used to monitor applications.||
|`KUBECHECKS_KUBERNETES_TYPE`|Kubernetes Type One of eks, or local.|`local`|
|`KUBECHECKS_KYVERNO_POLICIES_LOCATION`|Sets kyverno policy locations to be used for every check request. This is a git url in either git or http(s) format.||
|`KUBECHECKS_LABEL_FILTER`|(Optional) If set, The label that must be set on an MR (as "kubechecks:<value>") for kubechecks to process the merge request webhook.||
|`KUBECHECKS_LOG_LEVEL`|Set the log output level. One of error, warn, info, debug, trace.|`info`|
|`KUBECHECKS_MAX_CONCURRENCT_CHECKS`|Number of concurrent checks to run.|`32`|
|`KUBECHECKS_MAX_QUEUE_SIZE`|Size of app diff check queue.|`1024`|
|`KUBECHECKS_MONITOR_ALL_APPLICATIONS`|Monitor all applications in argocd automatically.|`true`|
|`KUBECHECKS_OPENAI_API_TOKEN`|OpenAI API Token.||
|`KUBECHECKS_OTEL_COLLECTOR_HOST`|The OpenTelemetry collector host.||
|`KUBECHECKS_OTEL_COLLECTOR_PORT`|The OpenTelemetry collector port.||
|`KUBECHECKS_OTEL_ENABLED`|Enable OpenTelemetry.|`false`|
|`KUBECHECKS_PERSIST_LOG_LEVEL`|Persists the set log level down to other module loggers.|`false`|
|`KUBECHECKS_POLICIES_LOCATION`|Sets rego policy locations to be used for every check request. Can be common path inside the repos being checked or git urls in either git or http(s) format.|`[./policies]`|
|`KUBECHECKS_REPLAN_COMMENT_MSG`|comment message which re-triggers kubechecks on PR.|`kubechecks again`|
|`KUBECHECKS_REPO_REFRESH_INTERVAL`|Interval between static repo refreshes (for schemas and policies).|`5m`|
|`KUBECHECKS_SCHEMAS_LOCATION`|Sets schema locations to be used for every check request. Can be a common path on the host or git urls in either git or http(s) format.|`[]`|
|`KUBECHECKS_SHOW_DEBUG_INFO`|Set to true to print debug info to the footer of MR comments.|`false`|
|`KUBECHECKS_TIDY_OUTDATED_COMMENTS_MODE`|Sets the mode to use when tidying outdated comments. One of hide, delete.|`hide`|
|`KUBECHECKS_VCS_BASE_URL`|VCS base url, useful if self hosting gitlab, enterprise github, etc.||
|`KUBECHECKS_VCS_EMAIL`|VCS Email.||
|`KUBECHECKS_VCS_TOKEN`|VCS API token.||
|`KUBECHECKS_VCS_TYPE`|VCS type. One of gitlab or github.|`gitlab`|
|`KUBECHECKS_VCS_UPLOAD_URL`|VCS upload url, required for enterprise github.||
|`KUBECHECKS_VCS_USERNAME`|VCS Username.||
|`KUBECHECKS_WEBHOOK_SECRET`|Optional secret key for validating the source of incoming webhooks.||
|`KUBECHECKS_WEBHOOK_URL_BASE`|The endpoint to listen on for incoming PR/MR event webhooks. For example, 'https://checker.mycompany.com'.||
|`KUBECHECKS_WEBHOOK_URL_PREFIX`|If your application is running behind a proxy that uses path based routing, set this value to match the path prefix. For example, '/hello/world'.||
|`KUBECHECKS_WORST_CONFTEST_STATE`|The worst state that can be returned from conftest.|`panic`|
|`KUBECHECKS_WORST_HOOKS_STATE`|The worst state that can be returned from the hooks renderer.|`panic`|
|`KUBECHECKS_WORST_KUBECONFORM_STATE`|The worst state that can be returned from kubeconform.|`panic`|
|`KUBECHECKS_WORST_KYVERNO_STATE`|The worst state that can be returned from the kyverno checks.|`panic`|
|`KUBECHECKS_WORST_PREUPGRADE_STATE`|The worst state that can be returned from preupgrade checks.|`panic`|


See [integrations](./integrations) for more information on the tools integrated into `kubechecks` .

0 comments on commit 79fb60d

Please sign in to comment.