Login
    Contents x
    Kubernetes
    • 08 Mar 2022
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Kubernetes

    • Updated on 08 Mar 2022
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices
    • Users

    Parameters

    1. Host Name or IP Address (required) - The hostname or IP address of the Kubernetes API Server endpoint that Axonius can communicate with via the Required Ports. In order to locate the IP Address of an API Server run the following command (in your K8s cluster):
    kubectl config view | grep server
    1. Port (required, default: 6443) - The port used in the connection.
    2. Token (required) - A bearer token associated with a service account that has the Required Permissions to fetch assets. For more information: see Accessing Clusters.
      • In order to retrieve the token first run the following command (in your K8s cluster) to get the list of secrets:
      kubectl get secrets
      Then run this command (in your K8s cluster) on the relevant secret name and copy from the output the content of the token field.
      kubectl describe secret <SecretName>
    3. Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Host Name or IP Address. For more details, see SSL Trust & CA Settings.
      • If enabled, the SSL certificate offered by the value supplied in Host Name or IP Address will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
      • If disabled, the SSL certificate offered by the value supplied in Host Name or IP Address will not be verified against the CA database inside of Axonius.
    4. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    image.png


    APIs

    Axonius uses the API Server.

    Required Ports

    Axonius must be able to communicate with the value supplied in Host Name or IP Address via the provided port (Default: 6443).

    Required Permissions

    The value supplied in Token must be associated to a service account that has read authorizations in the APIServer. If you use RBAC (Role Based Access Control) please refer to the official docs at https://kubernetes.io/docs/reference/access-authn-authz/rbac/.

    • To perform an authorization test you can run the following command (in your K8s cluster):
      • If the command outputs no, it means the user doesn't have the necessary permissions.
    kubectl auth can-i get pods --all-namespaces --as <USER_NAME>


    Troubleshooting

    • Make sure the cluster has ApiServer component enabled
    • To perform an authentication test you can run the following command (in your K8s cluster):
    curl <ApiServerIP>:<Port>/api/v1/pods -H "Authorization: Bearer <MY_TOKEN>"
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout