Apono Connector for Kubernetes
How to install a Connector on a Kubernetes cluster to integrate Kubernetes with Apono
Overview
To integrate with Kubernetes and start managing JIT access to Kubernetes resources, you must first install a connector in your Kubernetes cluster.
This is can be done by one of the following methods:
- Helm
- Terraform
What's a connector? What makes it so secure?
The Apono Connector is an on-prem connection that can be used to connect resources to Apono and separate the Apono web app from the environment for maximal security.
With Helm
An Apono connector is installed in the cloud platform managing your Kubernetes resource. The installation is made by running a Helm command with the necessary parameters.
Prerequisites
- An existing Kubernetes project on one of the following platforms:
- Google Kubernetes Engine (GKE)
- Elastic Kubernetes Service (EKS)
- Azure Kubernetes Engine (AKS)
- Kubernetes (self-managed)
- Helm
- kubectl
Step-by-step guide
Find Your Integration Token
- Select any Kubernetes integration in the Catalog.
You can install a new connector from any Kubernetes New Integration form. Pick the one relevant to your network.
Connectors for EKS, GKE, AKS and self-managed Kubernetes work in the same way.
- From the drop-down list on the next page select Add a New Connector, and then select Help.
- Copy the token displayed toward the bottom of the page.
Install the Connector
Run the following Helm command in a terminal:
Without permissions
- If you would like to install the connector in Kubernetes, but not grant Apono access to read or manage access to Kubernetes resources, use this code:
helm install apono-connector apono-connector --repo https://apono-io.github.io/apono-helm-charts \
--set-string apono.token=[APONO_TOKEN] \
--set-string apono.connectorId=[CONNECTOR_NAME] \
--set serviceAccount.manageClusterRoles=false \
--namespace apono-connector \
--create-namespace
With permissions
- If you would like to install the connector in Kubernetes and grant Apono access to read and manage access to Kubernetes resources, use this code:
helm install apono-connector apono-connector --repo https://apono-io.github.io/apono-helm-charts \
--set-string apono.token=[APONO_TOKEN] \
--set-string apono.connectorId=[CONNECTOR_NAME] \
--set serviceAccount.manageClusterRoles=true \
--namespace apono-connector \
--create-namespace
Where:
- [APONO_TOKEN] is the token copied from the integration page in the previous step.
- [CONNECTOR_NAME] is any name you choose to give the connector.
Helm will finish with a message that the apono-connector has been installed.
Results and next steps
The Kubernetes Connector is now installed.
- Return to the Add new integration form from step 1 for EKS, GKE, AKS or self-managed Kubernetes.
- The Connector is found by the form, marked by a green checkmark
You can now integrate Apono with your Kubernetes instance
Complete the integration with EKS, GKE, AKS or self-managed Kubernetes.
Troubleshooting
- If you are managing more than one Kubernetes cluster, you must be certain that the current context points to the cluster into which the Apono connector is to be added.
- Get the current context with
kubectl config current-context - Set the current context with
kubectl config use-context [clustername]
- Get the current context with
With Terraform
An Apono connector is installed in the cloud platform managing your Kubernetes resource. The installation is made by adding an Apono module to your Terraform configuration.
Prerequisites
- A Kubernetes project on one of the following platforms:
- Google Kubernetes Engine (GKE)
- Elastic Kubernetes Service (EKS)
- Azure Kubernetes Engine (AKS)
- Kubernetes (self-managed)
- Terraform with the following providers:
- Helm
- Kubernetes
- AWS
Step-by-step guide
Find Your Integration Token
- Select any Kubernetes integration in the Catalog.
You can install a new connector from any Kubernetes New Integration form. Pick the one relevant to your network.
Connectors for EKS, GKE, AKS and self-managed Kubernetes work in the same way.
- From the drop-down list on the next page select Add a New Connector, and then select Terraform.
- Copy the token displayed toward the bottom of the page.
Edit the Terraform Configuration
- Add the following to your Terraform module.
Without permissions
- If you would like to install the connector in Kubernetes, but not grant Apono access to read or manage access to Kubernetes resources, use this code:
module "connector" {
source = "github.com/apono-io/terraform-modules/k8s/connector-without-permissions/stacks/apono-connector"
aponoToken = [APONO_TOKEN]
connectorId = [CONNECTOR_NAME] // choose connector name
}
With permissions
- If you would like to install the connector in Kubernetes and grant Apono access to read and manage access to Kubernetes resources, use this code:
module "connector" {
source = "github.com/apono-io/terraform-modules/k8s/connector-without-permissions/stacks/apono-connector"
aponoToken = [APONO_TOKEN]
connectorId = [CONNECTOR_NAME] // choose connector name
}
Where:
- [APONO_TOKEN] is the token copied from the integration page in the previous step.
- [CONNECTOR_NAME] is any name you choose to give the connector.
- Run
terraform init. It will finish with the message:
"Terraform has been successfully initialized!" - Run
terraform apply. It will finish with the message:
"Apply complete! Resources: (N) added.."
Results and next steps
The Kubernetes Connector is now installed.
- Return to the Add new integration form from step 1 for EKS, GKE, AKS or self-managed Kubernetes.
- The Connector is found by the form, marked by a green checkmark
You can now integrate Apono with your Kubernetes instance
Complete the integration with EKS, GKE, AKS or self-managed Kubernetes.
Next Steps
Return to the Catalog, and select one of the following Kubernetes integrations:
Updated about 2 months ago