Kubernetes
- 01 Apr 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
Kubernetes
- Updated on 01 Apr 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Containers
- Compute Images
Parameters
- Host Name or IP Address (required) - The hostname or IP address of the Kubernetes API Server endpoint that Axonius can communicate with via the Required Ports. In order to locate the IP Address of an API Server run the following command (in your K8s cluster):
kubectl config view | grep server
- Port (required, default: 6443) - The port used in the connection.
- Token (required) - A bearer token associated with a service account that has the Required Permissions to fetch assets. For more information: see Accessing Clusters.
- In order to retrieve the token first run the following command (in your K8s cluster) to get the list of secrets:
Then run this command (in your K8s cluster) on the relevant secret name and copy from the output the content of the token field.kubectl get secrets
kubectl describe secret <SecretName>
- Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
APIs
Axonius uses the Kubernetes API Server.
Required Ports
Axonius must be able to communicate with the value supplied in Host Name or IP Address via the provided port (Default: 6443).
Required Permissions
The value supplied in Token must be associated to a service account that has read authorizations in the APIServer. If you use RBAC (Role Based Access Control) please refer to the official docs at https://kubernetes.io/docs/reference/access-authn-authz/rbac/.
- To perform an authorization test you can run the following command (in your K8s cluster):
- If the command outputs no, it means the user doesn't have the necessary permissions.
kubectl auth can-i get pods --all-namespaces --as <USER_NAME>
Troubleshooting
- Make sure the cluster has ApiServer component enabled
- To perform an authentication test you can run the following command (in your K8s cluster):
curl <ApiServerIP>:<Port>/api/v1/pods -H "Authorization: Bearer <MY_TOKEN>"
- Explore the API with token: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/
Was this article helpful?