Kubernetes
  • 2 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Kubernetes

  • Print
  • Share
  • Dark
    Light

Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Host Name or IP Address (required) - The hostname or IP address of the Kubernetes API Server endpoint that Axonius can communicate with via the Required Ports. In order to locate the IP Address of an API Server run the following command (in your K8s cluster):
kubectl config view | grep server 
  1. Port (required, default: 6443) - The port used in the connection.
  2. Token (required) - A bearer token associated with a service account that has the Required Permissions to fetch assets. For more information: see Accessing Clusters.
    • In order to retrieve the token first run the following command (in your K8s cluster) to get the list of secrets:
    kubectl get secrets
    
    Then run this command (in your K8s cluster) on the relevant secret name and copy from the output the content of the token field.
    kubectl describe secret <SecretName>
    
  3. Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Host Name or IP Address. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by the value supplied in Host Name or IP Address will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the value supplied in Host Name or IP Address will not be verified against the CA database inside of Axonius.
  4. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png


APIs

Axonius uses the API Server.

Required Ports

Axonius must be able to communicate with the value supplied in Host Name or IP Address via the provided port (Default: 6443).

Required Permissions

The value supplied in Token must be associated to a service account that has read authorizations in the APIServer. If you use RBAC (Role Based Access Control) please refer to the official docs at https://kubernetes.io/docs/reference/access-authn-authz/rbac/.

  • To perform an authorization test you can run the following command (in your K8s cluster):
    • If the command outputs no, it means the user doesn't have the necessary permissions.
kubectl auth can-i get pods --all-namespaces --as <USER_NAME>


Troubleshooting

  • Make sure the cluster has ApiServer component enabled
  • To perform an authentication test you can run the following command (in your K8s cluster):
curl <ApiServerIP>:<Port>/api/v1/pods -H "Authorization: Bearer <MY_TOKEN>"
Was This Article Helpful?