~ 3 min read

How to onboard Kubernetes to Kloudle

This blog details the steps that are required to onboard a standalone Kubernetes cluster to Kloudle.

Table of Contents

‍

What is Kloudle?

Requirements to get started

Standalone Kubernetes Onboarding steps for Kloudle

    What does the Command do?
Command to Execute

‍

What is Kloudle?

‍

Kloudle is a Digital Assets Security Automation Platform for SREs and DevOps. When integrated with your Cloud or SaaS provider, Kloudle takes periodic security snapshots and provides complete security contextual visibility that allows you to make informed decisions about your infrastructure, the assets and their various configurations.

Kloudle collects metadata about the resources and analyzes them to identify misconfigurations and using a massive research powered knowledgebase, identifies what would go wrong if these misconfigurations were exploited and what you can do to fix them.

As part of making sure the lives of SREs and DevOps become easier, Kloudle offers the ability to create β€œrules” that allow a user to take automated actions against a baseline. These automated actions, which we call Security Processes, allow users to configure a series of steps that kick in when custom events occur to ensure the security of the monitored cloud and SaaS platform.

‍

Requirements to get started

‍

To onboard your standalone Kubernetes cluster to Kloudle, you need to have the following prerequisites ready to create the credentials required to onboard:

‍

  1. A kubernetes administrator or user with the ability to create resources at cluster level, is required to run the shell script as it invokes kubectl with your saved user credentials
  2. Ensure your kubeconfig cluster context is set correctly since the script creates resources in the current context. You can verify this using ***kubectl cluster-info***

 

Standalone Kubernetes Platform Onboarding steps for Kloudle

‍

The credentials required by Kloudle to onboard a standalone Kubernetes cluster is the kubeconfig of a service account with read only access. We have published a script that allows for the generation of the required kubeconfig.yml that needs to be supplied to the Kloudle app.

Command to Execute

  1. Launch a terminal window and run ***kubectl cluster-info*** to ensure you are using the correct target cluster.
  2. If Step 1 shows the correct cluster, run the following command

‍

curl -sS https://raw.githubusercontent.com/Kloudle/kloudle-kubernetes-onboarding/master/kubernetes-readonly-admin-creator.sh | sh

‍

Paste the output in the Kubernetes Onboarding page under β€œManage” > β€œKubernetes”, in the Kloudle app, as shown below

‍

Click on Add Account to complete the onboarding.

What does the Command do?

The command, executed in the previous section, pulls a shell script hosted in the Kloudle kloudle-kubernetes-onboarding GitHub repository and executes it with ***sh***.

The script uses the locally configured Kubernetes credentials to create the following readonly resources in the target cluster and prints a kubeconfig that is used to onboard the Kubernetes cluster to Kloudle.

  • A ReadOnly ClusterRole
  • A ClusterRoleBinding for the ClusterRole
  • A Service Account
  • A Secret Token for the Service Account

‍

***‍

;