Skip to main content
Skip table of contents

Kubernetes Cluster

A Kubernetes cluster is a set of nodes that run containerized applications. This guide explains how to integrate on-prem Kubernetes clusters with Cloudaware.

Kubernetes Cluster - CA_logo_black.png To see how Cloudaware seamlessly integrates with Kubernetes Cluster in action, request a demo.

Prerequisites

If the Kubernetes cluster is private, configure the TunHub gateway first. Use the TunHub route URL, e.g., https://tunhub.cloudaware.com:12345 as Cluster URL.

Add a Kubernetes cluster

  1. Log in to Cloudaware → Admin.

    Kubernetes cluster - admin.png

  2. Find Kubernetes in integrations. Click +ADD.

    Kubernetes cluster - admin - add Kubernetes integration.png

  3. Fill out the form:

    Kubernetes cluster - Kubernetes integration details.png

    WHERE
    Cluster Name – the cluster name
    Cluster URL – the cluster URL*

*If Kubernetes cluster is public, use the direct web link.

If Kubernetes cluster is private, install the Breeze agent, set up TunHub gateway and use the TunHub route URL, e.g., https://tunhub.cloudaware.com:12345.

  1. Select one of the following authentication methods:

Option 1: Kubernetes certificate

1) Select Using Kubernetes Certificate. Click GET NEW CERTIFICATE REQUEST.

2) Enter the username that will be utilized in Kubernetes. Click Generate. The certificate in .csr format is generated.

3) Sign the Cloudaware certificate request that will be used by Kubernetes control plane node. For example:

CODE
openssl x509 -req -in cloudaware_test.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out cloudaware_test.crt -days 3650

4) Configure RBAC authorization for the user. Create a custom Cluster role node-reader to allow Cloudaware to fetch cluster node data:

CODE
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-reader
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "watch", "list"]

Create a role binding. For example:

CODE
kubectl create -f cloudaware-user.yaml

Two bindings are in use. The first binds the default view role; the second binds the custom node-reader role:

CODE
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cloudaware_test-binding
subjects:
- kind: User
  name: cloudaware_test
  namespace: default
  apiGroup: ""
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: ""
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cloudaware_test-binding2
subjects:
- kind: User
  name: cloudaware_test
  namespace: default
  apiGroup: ""
roleRef:
  kind: ClusterRole
  name: node-reader
  apiGroup: ""

5) Once the certificate is signed, go back to Cloudaware. Click UPLOAD SIGNED CERTIFICATE and upload the certificate file. Click Save.

Option 2: Kubernetes service account

Ensure kubectl is installed and configured.

1) Select Using Kubernetes Service Account.

2) Launch kubectl to access the cluster that will be added to Cloudaware. Create required Kubernetes objects with the following manifest:

CODE
apiVersion: v1
kind: ServiceAccount
metadata:
 name: cloudaware-sa
 namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
 name: cloudaware-node-reader
rules:
- apiGroups: [""]
 resources: ["nodes"]
 verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: cloudaware-node-reader-binding
subjects:
- kind: ServiceAccount
 name: cloudaware-sa
 namespace: default
 apiGroup: ""
roleRef:
 kind: ClusterRole
 name: cloudaware-node-reader
 apiGroup: ""
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: cloudaware-view-binding
subjects:
- kind: ServiceAccount
 name: cloudaware-sa
 namespace: default
 apiGroup: ""
roleRef:
 kind: ClusterRole
 name: view
 apiGroup: ""

The manifest creates a service account cloudaware-sa and grants it with the cluster-wide read-only access, along with the permissions to get/list/watch cluster nodes. Learn more on Kubernetes RBAC here.

2) Save the manifest to a file, e.g. cloudaware-sa.yaml, and apply it:

CODE
kubectl create -f cloudaware-sa.yaml

3) Retrieve the service account token:

CODE
kubectl get secret $(kubectl get secret | awk '/cloudaware-sa/{print $1}') -o jsonpath={.data.token} | base64 -d 

The token is stored as a Kubernetes secret. This command reads and decodes it. Learn more on Service Account Tokens here.

4) Go back to Cloudaware. Paste the service account token in the integration form. Click SAVE.

  1. A green light in the ‘Status’ column indicates a successful configuration. If the light is red, contact support@cloudaware.com.

    Kubernetes cluster - integration status.png

  2. To view Kubernetes-related data, go to Cloudaware CMDB Navigator. Select KUBERNETES in the left-hand menu.

    Kubernetes cluster - Kubernetes objects in CMDB.png

List of Kubernetes objects

Cloudaware supports the following Kubernetes objects:

  • Kubernetes Cluster CA10K__CaKubernetesCluster__c

  • Kubernetes Cluster Config Map CA10K__CaKubernetesClusterConfigMap__c

  • Kubernetes Cluster Daemon Set CA10K__CaKubernetesClusterDaemonSet__c

  • Kubernetes Cluster Deployment CA10K__CaKubernetesClusterDeployment__c

  • Kubernetes Cluster Endpoint CA10K__CaKubernetesClusterEndpoint__c

  • Kubernetes Cluster HPA CA10K__CaKubernetesClusterHpa__c

  • Kubernetes Cluster Ingress CA10K__CaKubernetesClusterIngress__c

  • Kubernetes Cluster Limit Range CA10K__CaKubernetesClusterLimitRange__c

  • Kubernetes Cluster Namespace CA10K__CaKubernetesClusterNamespace__c

  • Kubernetes Cluster Network Policy CA10K__CaKubernetesClusterNetworkPolicy__c

  • Kubernetes Cluster Network Policy Rule CA10K__CaKubernetesClusterNetworkPolicyRule__c

  • Kubernetes Cluster Node CA10K__CaKubernetesClusterNode__c

  • Kubernetes Cluster Node Address CA10K__CaKubernetesClusterNodeAddress__c

  • Kubernetes Cluster Pod CA10K__CaKubernetesClusterPod__c

  • Kubernetes Cluster Pod Container CA10K__CaKubernetesClusterPodContainer__c

  • Kubernetes Cluster Pod Disruption Budget CA10K__CaKubernetesClusterPodDisruptionBudget__c

  • Kubernetes Cluster Replica Set CA10K__CaKubernetesClusterReplicaSet__c

  • Kubernetes Cluster Resource Quota CA10K__CaKubernetesClusterResourceQuota__c

  • Kubernetes Cluster Role CA10K__CaKubernetesClusterRole__c

  • Kubernetes Cluster Role Binding CA10K__CaKubernetesClusterRoleBinding__c

  • Kubernetes Cluster Secret CA10K__CaKubernetesClusterSecret__c

  • Kubernetes Cluster Service CA10K__CaKubernetesClusterService__c

  • Kubernetes Cluster Service Account CA10K__CaKubernetesClusterServiceAccount__c

  • Kubernetes Cluster Service Account Secret CA10K__CaKubernetesClusterServiceAccSecret__c

  • Kubernetes Cluster Stateful Set CA10K__CaKubernetesClusterStatefulSet__c

  • Kubernetes Cluster Storage Class CA10K__CaKubernetesClusterStorageClass__c

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.