Installing a GCP connector on GKE using CLI (Helm)
Deploy the Apono connector with Helm
Integrating a cloud account with Apono allows you to sync and manage your resources:
Discover existing privileges and identities
Manage employee and application provisioning to cloud assets and data repositories with delegated approval workflows
Provide granular permissions to customer-sensitive data
This article explains how to set up an Apono connector for Google Cloud with Helm.
Prerequisites
Apono Token
Account-specific Apono authentication value Use the following steps to obtain your token:
Click Cloud installation.
Click Cloud installation > GCP > Install and Connect GCP Project > CLI (Cloud Run).
Copy the token listed on the page in step 1.
Kubernetes Command Line Tool (kubectl)
Google Cloud Command Line Interface (Google Cloud CLI)
Google Cloud Information
Information for your Google Cloud instance:
GKE Cluster Namespace
Service Account Name
Owner Role
Create an IAM service account
Use the following sections to create an IAM service account user for either your Google Project or Google Organization.
Project
Follow these steps to create a service account for a Google Project:
In your shell environment, log in to Google Cloud and enable the API.
Set the environment variables.
Create the service account.
Assign the following roles to the service account.
RolePermissions Grantedrole/secretmanager.secretAccessor
Access secret versions
Read the secret data
roles/iam.securityAdmin
Manage IAM policies, roles, and service accounts
Set and update IAM policies
Grant, modify, and revoke IAM roles for users and service accounts
Organization
Follow these steps to create a service account for a Google Organization:
In your shell environment, log in to Google Cloud and enable the API.
Set the environment variables.
Create the service account.
Assign the following roles to the service account.
RolePermissions Grantedrole/secretmanager.secretAccessor
Access secret versions
Read the secret data
roles/iam.securityAdmin
Manage IAM policies, roles, and service accounts
Set and update IAM policies
Grant, modify, and revoke IAM roles for users and service accounts
roles/browser
List resources within the organization
View metadata
Deploy the connector
Follow these steps to deploy the Apono connector:
Deploy the Apono connector on a GKE cluster.
Create a new GKE cluster
Connect the GKE cluster.
Verify the GKE cluster is selected as the default cluster. The default cluster is denoted with
\*
.
Bind the IAM Service Account to the GKE Service Account.
Deploy Apono connector on your GKE cluster using Helm Chart.
Last updated