Skip to main content
Skip table of contents

Kubernetes Cluster

A Kubernetes cluster is a set of nodes that run containerized applications. This guide explains how to integrate on-prem Kubernetes clusters with Cloudaware.

Kubernetes Cluster - CA_logo_black.png To see how Cloudaware seamlessly integrates with Kubernetes Cluster in action, request a demo.

Prerequisites

If the Kubernetes cluster is private, configure the TunHub gateway first. Use the TunHub route URL, e.g., https://tunhub.cloudaware.com:12345 as Cluster URL.

Add a Kubernetes cluster

  1. Log in to Cloudaware → Admin.

    Kubernetes cluster - admin.png

  2. Find Kubernetes in integrations. Click +ADD.

    Kubernetes cluster - admin - add Kubernetes integration.png

  3. Fill out the form:

    Kubernetes cluster - Kubernetes integration details.png

    WHERE
    Cluster Name – the cluster name
    Cluster URL – the cluster URL*

*If Kubernetes cluster is public, use the direct web link.

If Kubernetes cluster is private, install the Breeze agent, set up TunHub gateway and use the TunHub route URL, e.g., https://tunhub.cloudaware.com:12345.

  1. Select one of the following authentication methods:

Option 1: Kubernetes certificate

1) Select Using Kubernetes Certificate. Click GET NEW CERTIFICATE REQUEST.

2) Enter the username that will be utilized in Kubernetes. Click Generate. The certificate in .csr format is generated.

3) Sign the Cloudaware certificate request that will be used by Kubernetes control plane node. For example:

CODE
openssl x509 -req -in cloudaware_test.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out cloudaware_test.crt -days 3650

4) Configure RBAC authorization for the user. Create a custom Cluster role node-reader to allow Cloudaware to fetch cluster node data:

CODE
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-reader
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "watch", "list"]

Create a role binding. For example:

CODE
kubectl create -f cloudaware-user.yaml

Two bindings are in use. The first binds the default view role; the second binds the custom node-reader role:

CODE
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cloudaware_test-binding
subjects:
- kind: User
  name: cloudaware_test
  namespace: default
  apiGroup: ""
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: ""
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cloudaware_test-binding2
subjects:
- kind: User
  name: cloudaware_test
  namespace: default
  apiGroup: ""
roleRef:
  kind: ClusterRole
  name: node-reader
  apiGroup: ""

5) Once the certificate is signed, go back to Cloudaware. Click UPLOAD SIGNED CERTIFICATE and upload the certificate file. Click Save.

Option 2: Kubernetes service account

Ensure kubectl is installed and configured.

1) Select Using Kubernetes Service Account.

2) Launch kubectl to access the cluster that will be added to Cloudaware. Create required Kubernetes objects with the following manifest:

CODE
apiVersion: v1
kind: ServiceAccount
metadata:
 name: cloudaware-sa
 namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
 name: cloudaware-node-reader
rules:
- apiGroups: [""]
 resources: ["nodes"]
 verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: cloudaware-node-reader-binding
subjects:
- kind: ServiceAccount
 name: cloudaware-sa
 namespace: default
 apiGroup: ""
roleRef:
 kind: ClusterRole
 name: cloudaware-node-reader
 apiGroup: ""
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: cloudaware-view-binding
subjects:
- kind: ServiceAccount
 name: cloudaware-sa
 namespace: default
 apiGroup: ""
roleRef:
 kind: ClusterRole
 name: view
 apiGroup: ""

The manifest creates a service account cloudaware-sa and grants it with the cluster-wide read-only access, along with the permissions to get/list/watch cluster nodes. Learn more on Kubernetes RBAC here.

2) Save the manifest to a file, e.g. cloudaware-sa.yaml, and apply it:

CODE
kubectl create -f cloudaware-sa.yaml

3) Retrieve the service account token:

CODE
kubectl get secret $(kubectl get secret | awk '/cloudaware-sa/{print $1}') -o jsonpath={.data.token} | base64 -d 

The token is stored as a Kubernetes secret. This command reads and decodes it. Learn more on Service Account Tokens here.

4) Go back to Cloudaware. Paste the service account token in the integration form. Click SAVE.

  1. A green light in the ‘Status’ column indicates a successful configuration. If the light is red, contact support@cloudaware.com.

    Kubernetes cluster - integration status.png

  2. To view Kubernetes-related data, go to Cloudaware CMDB Navigator. Select KUBERNETES in the left-hand menu.

    Kubernetes cluster - Kubernetes objects in CMDB.png

List of Kubernetes objects

Cloudaware supports the following Kubernetes objects:

Kubernetes Cluster
Kubernetes Cluster Config Map
Kubernetes Cluster Daemon Set
Kubernetes Cluster Deployment
Kubernetes Cluster Endpoint
Kubernetes Cluster HPA
Kubernetes Cluster Ingress
Kubernetes Cluster Limit Range
Kubernetes Cluster Namespace
Kubernetes Cluster Network Policy
Kubernetes Cluster Network Policy Rule
Kubernetes Cluster Node
Kubernetes Cluster Node Address
Kubernetes Cluster Pod
Kubernetes Cluster Pod Container
Kubernetes Cluster Pod Disruption Budget
Kubernetes Cluster Replica Set
Kubernetes Cluster Resource Quota
Kubernetes Cluster Role
Kubernetes Cluster Role Binding
Kubernetes Cluster Secret
Kubernetes Cluster Service
Kubernetes Cluster Service Account
Kubernetes Cluster Service Account Secret
Kubernetes Cluster Stateful Set
Kubernetes Cluster Storage Class

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.