Chkk uses multiple methods of Classification to identify cluster resources. If Chkk is unable to determine what a resource is or how the resource has been deployed, the resource is marked as unclassified. Reasons why Chkk may not be able to classify a cluster resource include:
  • The resource deploys a project that is not currently supported by Chkk. Coverage extension may be requested (48hr premium SLA).
  • The resource is part of an internal Application that should be ignored.
  • Custom build processes or packaging may result in Docker image names and tags that Chkk cannot match to its Knowledge Graph

Annotating Resources Manually

Cluster resources can be classified by adding the following annotations: Ignore a resource: Add the annotation chkk.io/classify=ignore to tell Chkk to ignore the resource. Chkk recommends to add this annotation to any internal applications. Package: Use the chkk.io/package annotation to specify a Package identifier. A Package identifier can be a Helm Chart URL, an OCI Repository URI, a source URL to a Kubernetes manifest, a Chkk Package UUID or a Chkk Package Alias. Package Version: Use the chkk.io/package-version annotation to specify a Package Version. For Helm Charts, the package version must be a SemVer2-compatible version string. For Kubernetes manifests use the release tag of the source code project where the manifests are sourced. Project: Use the chkk.io/project annotation to specify a Project Identifier. A Project Identifier can be a Docker/OCI repository URL, source code repository URL, Chkk Project UUID or Chkk Project Alias. Project Version: Use the chkk.io/project-version annotation to specify the Project Version. A Project Version is either the release tag for the Project’s source code or the Docker/OCI image tag associated with the Project’s primary component. As an example, assume you have a custom image build system that has rebuilt the Cert Manager Docker images and pushed tags to your private artifact repository. Chkk is unable to determine which release of Cert Manager your Docker images are associated with and cluster resources are marked unclassified. You can add the following annotations to tell Chkk exactly what version of Cert Manager and the Cert Manager Helm Chart you are using: 
kind: Deployment
metadata:
  annotations:
    chkk.io/package: https://charts.jetstack.io/cert-manager
    chkk.io/package-version: v1.14.4
    chkk.io/project: cert-manager
    chkk.io/project-version: v1.14.4
To tell Chkk to ignore a resource during classification, add the following annotation: 
kind: Deployment
metadata:
  annotations:
    chkk.io/classify=ignore

Annotating Resources via CLI

First run a cluster scan and request an upgrade assessment here
Type chkk cluster classify in your terminal and select the cluster on which to perform custom image mapping 
$ chkk cluster classify

Starting interactive resource classification workflow...

Step 1: Select a Kubernetes cluster
eks-dev-1 (v1.33.1) (EKS)
✔ eks-prod-1 (v1.32.5) (EKS)
eks-stg-1 (v1.32.5) (EKS)

You selected "eks-prod-1 (v1.32.5) (EKS)". Is this correct? Enter 'n' to select again. (Y/n) y
Selected cluster: eks-prod-1 (k8scl_823b4agd-a784-4232-8670-10aple0281af)
Use the arrow keys to select all unclassified resources for classification. Selected resources may also be individually marked as ignored. 
Step 2: Select resources to classify
Fetching unclassified resources...
Found 4 unclassified resources.
Matching unclassified resources with cluster resources...

Select resources to classify:
Use the arrow keys to navigate: ↓ ↑ → ←  and / toggles search
Select unclassified resources to classify. Select "Submit" to submit choices.
  →   Submit 
  ✔   Daemonset/log-collector (ns: monitoring)
    Deployment/auth (ns: app-svc)
  ✔   Deployment/cm-controller (ns: cert) 
  ✔   Deployment/cm-webhook (ns: cert) 
  ✔   Deployment/cm-cainjector (ns: cert) 
    Deployment/login-ui (ns: app-svc) 
    Statefulset/cache (ns: app-db)
    Statefulset/storage (ns: app-db)


You made the following 4 selections:

1: Daemonset/log-collector (ns: monitoring)
2: Deployment/cm-controller (ns: cert) 
3: Deployment/cm-webhook (ns: cert) 
4: Deployment/cm-cainjector (ns: cert) 

Are you sure you want to submit these? Enter 'n' to select again. (Y/n)
(Optional) Mark all remaining resources to be ignored. 
There are 4 remaining unclassified resources that you didn't select.
Would you like to mark these remaining resources as ignored? (y/N)
(Optional) Any resources selected for classification may be individually marked as ignored: 
Step 4: Classify selected resources
───────────────────────────────────────────────────────────────────────────────────
                                RESOURCE 1 OF 4

───────────────────────────────────────────────────────────────────────────────────
   Kind: Daemonset
   Name: log-collector
   Namespace: monitoring
───────────────────────────────────────────────────────────────────────────────────
Do you want to classify this resource? (Daemonset/log-collector) (Y/n) n

Would you like to mark Daemonset/log-collector (ns: monitoring) as ignored? (y/N) y
Marked Daemonset/log-collector as ignored
Any resources marked as ignored will automatically apply the chkk.io/classify=ignore to the resource manifest. This resource will no longer show up as unclassified.
To classify any resource, up to 5 different classification annotations may be applied: 1. Package Package identifier (Helm chart URL, or package source URL) e.g. 
Package
(optional)  Enter value for Package (leave empty to skip)
https://charts.jetstack.io/cert-manager
2. Package Version Package version (Helm Chart’s Chart.Version or, if not a Helm Chart, the release tag/name of the source code project where the package’s artifacts are pulled) 
Package Version
(optional)  Enter value for Package Version (leave empty to skip)
v1.14.4
3. Project Primary Project (Docker/OCI repository URL or source code repository URL) e.g. 
Project
(optional)  Enter value for Project (leave empty to skip)
cert-manager
4. Project Version Primary project version 
Project Version
(optional)  Enter value for Project Version (leave empty to skip)
v1.14.4
5. Deployment System Deployment tool used to deploy this resource e.g. helm., kubectl, argocd, flux 
Deployment System
(optional)  Enter value for Deployment System (leave empty to skip)
helm
Submit the custom annotations to Chkk. 
Summary for Deployment/cm-controller:
   Package Version: v1.14.4
   Deployment System: helm
Submit classification data for Deployment/cm-controller? (Y/n)
  Successfully classifed Deployment/cm-controller
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
✅ CLASSIFICATION COMPLETE!
    Total resources: 4
    Successfully classified: 3
    Ignored: 1
    Skipped: 0
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Successfully classified resources.
Submit the classified resources to Chkk. 
Would you like to submit the classified resources to Chkk for analysis? (This will run 'chkk cluster collect') (Y/n) y
✅ cluster "minikube" resource collection successful. 52 resource groups collected.                                                                                                                                
                                                                                                                                                                                                                   
To view information about your cluster, do:

  chkk cluster get k8scl_823b4abd-a954-4992-8670-10aaee0781af
✅ Cluster resources collected and submitted to Chkk successfully!
Execute chkk upgradeassessment request <cluster_id to request a fresh upgrade assessment for your cluster to observe any newly classified resources: 
chkk upgradeassessment request k8scl_823b4abd-a954-4992-8670-10aaee0781af

It looks like you have active upgrade assessments for Kubernetes Cluster "eks-prod-1":

 - eks-prod-1-ua-1 (ua_26ee1790-0896-4d6a-ba8f-76b85127fcd7)

To view one of those active upgrade assessments, do:

chkk upgradeassessment get <assessment_id>

Would you like to request a new upgrade assessment for this cluster? (y/N) y

(optional) enter the name for the upgrade assessment
eks-prod-1-ua-2
✅ request for upgrade assessement for cluster "k8scl_823b4abd-a954-4992-8670-10aaee0781af" successful.
completed!
Execute chkk upgrade assessment get <assessment_id> to view the upgrade assessment and observe recommendations for any newly classified resources: 
chkk upgradeassessment get ua_548e6f64-b25a-40e4-b868-2146c46489d2

...

## Add-ons & Application Services Marked for Upgrade                                                                                                             
                                                                                                                                                                  
 Name         │ Namespace(s)   │ Current   │ Upgrade  │ Suggested │ Supported                                                                       │ K8s … │ Age < 2yr
──────────────┼────────────────┼───────────┼──────────┼───────────┼─────────────────────────────────────────────────────────────────────────────────┼───────┼───────────
 cert-manager │ cert           │ v1.14.4   │ v1.18.2  │ Optional  │ ❌ (Version 1.14 left upstream maintenance on 3 Oct 2024 and no longer receives │ ✅    │ ✅  

...