This module is an alpha integration and still work in progress!!
Kubernetes Setup
Architecture
Cloud ex Machina only requires access to the cluster API to crawl metadata about objects in the cluster such as pods, services and applications / deployments.
You need to create a user and share a kubeconfig file that contains access to the different K8s clusters and contexts taht CxM needs to access. The below file is an example for a single cluster:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1C.....CBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://cxm-b6d7af53a7bcf75c-yde1qyjl.hcp.eastus.azmk8s.io:443
name: cxm-b6d7af53a7bcf75c-aks
contexts:
- context:
cluster: cxm-b6d7af53a7bcf75c-aks
user: cxm-cluster-crawler
name: cxm-b6d7af53a7bcf75c-aks
current-context: cxm-b6d7af53a7bcf75c-aks
kind: Config
preferences: {}
users:
- name: cxm-cluster-crawler
user:
client-certificate-data: LS0tLS1C.....S0tLS0tCg==
client-key-data: LS0tL.......SSVZBVEUgS0VZLS0tLS0K
token: <SuperToken>
You can create users the way you prefer. This blog presents a universal method that will work in all clusters regardless of how they were installed.
Permissions
In order for Cloud ex Machina to integrate with your Kubernetes clusters, the user you create needs the following permissions:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cxm-cluster-crawler-role
rules:
- apiGroups:
- ""
resources:
- "*"
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- "*"
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- "*"
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cxm-cluster-crawler-role-binding
subjects:
- kind: User
name: cxm-cluster-crawler
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: cxm-cluster-crawler-role
apiGroup: rbac.authorization.k8s.io
Sharing the configuration
Share the Kube Config file or files with Cloud ex Machina to enable access to your clusters.