Integrate with GKE

Create an integration to manage access to Kubernetes clusters on Google Cloud

Overview

With a Kubernetes cluster in GKE on Google Cloud, GKE handles the complexities of Kubernetes management. Google Cloud provides a reliable, scalable database service.

Through this integration, Apono helps you securely manage access to your Google Cloud Kubernetes cluster.



Prerequisites

Before starting this integration, create the items listed in the following table.

ItemDescription
Apono ConnectorOn-prem connection installed on the GKE cluster that serves as a bridge between a Kubernetes cluster and Apono
Kubernetes Engine Cluster RoleGoogle Cloud role that grants the Apono connector's service account access to retrieve and list GKE clusters

Apono does not require admin permissions to the Kubernetes environment.


Integrate with Google Kubernetes Engine (GKE)

Follow these steps to complete the integration:

  1. On the Catalog tab, click Google Kubernetes Engine (GKE). The Connect Integration page appears.
  2. Under Discovery, click one or more resource types and cloud services to sync with Apono.

    ℹ️

    Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage Access Flows to these resources.

  3. Click Next. The Apono connector section expands.
  4. From the dropdown menu, select a connector.

    💡

    If the desired connector is not listed, click + Add new connector and follow the instructions for creating a Kubernetes connector.

  5. Click Next. The Integration Config section expands.
  6. Define the Integration Config settings.
    Setting Description
    Integration Name Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
    Server URL (Optional) URL of the server where the cluster is deployed

    Leave this field blank to connect the cluster where the Apono connector is deployed.
    Certificate Authority (Optional) Ensures that the Kubernetes API server you are communicating with is trusted and authentic

    Leave this field blank to connect the cluster where the Apono connector is deployed.
    Project ID (Optional) ID of the GCP project where the cluster is deployed
    Region (Optional) Location where the cluster is deployed
    Cluster Name (Optional) Name of the cluster to connect

    The cluster name should be the same as it appears in GKE.

  1. Click Next. The Secret Store section expands.
  2. (User/Password only) Associate the secret or credentials:
    • GCP
    • Kubernetes
    • Apono

      ℹ️

      When the Apono connector is installed on the GKE cluster, you do not need to enter values for the optional fields or to provide a secret.

  3. Click Next. The Custom Access Details section expands.
  4. (Optional) Enter Access Details Instructions to explain how to access this integration's resources.
  5. Click Confirm.

Now that you have completed this integration, you can create access flows that grant permission to your Google Cloud Kubernetes cluster.