Kubernetes
- 08 Mar 2022
- 2 Minutes to read
- Print
- DarkLight
- PDF
Kubernetes
- Updated on 08 Mar 2022
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
Parameters
- Host Name or IP Address (required) - The hostname or IP address of the Kubernetes API Server endpoint that Axonius can communicate with via the Required Ports. In order to locate the IP Address of an API Server run the following command (in your K8s cluster):
kubectl config view | grep server
- Port (required, default: 6443) - The port used in the connection.
- Token (required) - A bearer token associated with a service account that has the Required Permissions to fetch assets. For more information: see Accessing Clusters.
- In order to retrieve the token first run the following command (in your K8s cluster) to get the list of secrets:
Then run this command (in your K8s cluster) on the relevant secret name and copy from the output the content of the token field.kubectl get secrets
kubectl describe secret <SecretName>
- Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Host Name or IP Address. For more details, see SSL Trust & CA Settings.
- If enabled, the SSL certificate offered by the value supplied in Host Name or IP Address will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
- If disabled, the SSL certificate offered by the value supplied in Host Name or IP Address will not be verified against the CA database inside of Axonius.
- For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.
APIs
Axonius uses the API Server.
Required Ports
Axonius must be able to communicate with the value supplied in Host Name or IP Address via the provided port (Default: 6443).
Required Permissions
The value supplied in Token must be associated to a service account that has read authorizations in the APIServer. If you use RBAC (Role Based Access Control) please refer to the official docs at https://kubernetes.io/docs/reference/access-authn-authz/rbac/.
- To perform an authorization test you can run the following command (in your K8s cluster):
- If the command outputs no, it means the user doesn't have the necessary permissions.
kubectl auth can-i get pods --all-namespaces --as <USER_NAME>
Troubleshooting
- Make sure the cluster has ApiServer component enabled
- To perform an authentication test you can run the following command (in your K8s cluster):
curl <ApiServerIP>:<Port>/api/v1/pods -H "Authorization: Bearer <MY_TOKEN>"
- Explore the API with token: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/
Was this article helpful?