Skip to content

added new guide for k8s-exporter's jq env vars option #2910

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 27, 2025
Merged

added new guide for k8s-exporter's jq env vars option #2910

merged 7 commits into from
Oct 27, 2025

Conversation

@matan84
Copy link
Member

@matan84 matan84 commented Oct 19, 2025

Description

Added new page for configuring env vars restriciton to the k8s-exporter

Added docs pages

Please also include the path for the added docs

  • Kubernetes advanced configuration (build-your-software-catalog/sync-data-to-catalog/kubernetes-stack/kubernetes/advanced?current-config-param=jqConfiguration)

@aws-amplify-eu-west-1
Copy link

aws-amplify-eu-west-1 bot commented Oct 19, 2025

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-2910.d2ngvl90zqbob8.amplifyapp.com

MPTG94
MPTG94 approved these changes Oct 19, 2025
View reviewed changes
Copy link
Member

@MPTG94 MPTG94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some small suggestions for better wording.

@MatanHeledPort
Copy link
Contributor

MatanHeledPort commented Oct 20, 2025

/review

@qodo-merge-pro
Copy link
Contributor

qodo-merge-pro bot commented Oct 20, 2025
edited
Loading

PR Reviewer Guide 🔍

(Review updated until commit 6cc8f4b)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Styling/Consistency

Ensure tab label capitalization and terminology match existing docs (e.g., "Kubernetes" vs "K8s", "JQ" vs "jq"); confirm new TabItem value key aligns with sidebar link and anchors.

 
{label: "JQ Configuration", value: "jqConfiguration"},
]} >

<TabItem value="resyncInterval">
Security Wording

The warning block is good, but consider consistent product-sensitive examples and neutral phrasing; verify that listing specific secret names does not encourage exposing them and add guidance to use Kubernetes secrets/values files.

 
:::warning Security Risk
Setting `allowAllEnvironmentVariablesInJQ` to `true` can expose sensitive environment variables to JQ queries. This includes:
- Port credentials (`PORT_CLIENT_ID`, `PORT_CLIENT_SECRET`)
- Kubernetes service account tokens
- Any other environment variables injected into the pod
- Secrets mounted as environment variables

Only enable this setting if you trust all JQ queries in your resource mappings and understand the security implications.
:::
YAML/CLI Examples

Validate quoting/escaping for --set with comma-separated values and arrays; ensure code fences have correct languages and consistent indentation to match CONTRIBUTING style.

 
```bash
--set allowAllEnvironmentVariablesInJQ=true

Example 2: Restrict to specific environment variables (recommended)

--set allowAllEnvironmentVariablesInJQ=false \
--set allowedEnvironmentVariablesInJQ="CLUSTER_NAME,NAMESPACE,REGION"

Example 3: Using values.yaml file

allowAllEnvironmentVariablesInJQ: false
allowedEnvironmentVariablesInJQ: "CLUSTER_NAME,NAMESPACE,REGION"

Example 4: Using patterns to allow groups of variables

--set allowAllEnvironmentVariablesInJQ=false \
--set allowedEnvironmentVariablesInJQ="CLUSTER_*,NAMESPACE,REGION_*"

This configuration allows:

  • All environment variables starting with CLUSTER_ (e.g., CLUSTER_NAME, CLUSTER_ID)
  • Specific variable: NAMESPACE
  • All environment variables starting with REGION_ (e.g., REGION_US, REGION_EU)

Example 5: Using patterns in values.yaml

allowAllEnvironmentVariablesInJQ: false
allowedEnvironmentVariablesInJQ: "CLUSTER_*,NAMESPACE_*,REGION_*"

This configuration allows all environment variables that start with CLUSTER_, NAMESPACE_, or REGION_.


</details>

</td></tr>
</table>

@MatanHeledPort
Copy link
Contributor

MatanHeledPort commented Oct 20, 2025

/review

@qodo-merge-pro
Copy link
Contributor

qodo-merge-pro bot commented Oct 20, 2025

Persistent review updated to latest commit 6cc8f4b

@MatanHeledPort
Copy link
Contributor

MatanHeledPort commented Oct 20, 2025

/review

@qodo-merge-pro
Copy link
Contributor

qodo-merge-pro bot commented Oct 20, 2025

Persistent review updated to latest commit 6cc8f4b

@port-labs port-labs deleted a comment from qodo-merge-pro bot Oct 21, 2025
@port-labs port-labs deleted a comment from qodo-merge-pro bot Oct 21, 2025
kodjomiles
kodjomiles requested changes Oct 27, 2025
View reviewed changes
Copy link
Collaborator

@kodjomiles kodjomiles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good some few suggestions

@hadar-co hadar-co merged commit 499212a into main Oct 27, 2025
5 checks passed
@hadar-co hadar-co deleted the add-option-to-remove-env-vars-access branch October 27, 2025 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kodjomiles kodjomiles kodjomiles requested changes

@MPTG94 MPTG94 MPTG94 approved these changes

@hadar-co hadar-co hadar-co approved these changes

+1 more reviewer

@qodo-merge-pro qodo-merge-pro[bot] qodo-merge-pro[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Possible security concern Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@matan84 @MatanHeledPort @MPTG94 @kodjomiles @hadar-co @sivanel97