Apono Connector for Kubernetes

How to install a Connector on a Kubernetes cluster to integrate Kubernetes with Apono

Overview

To integrate with Kubernetes and start managing JIT access to Kubernetes resources, you must first install a connector in your Kubernetes cluster.

This is can be done by one of the following methods:

  1. Helm

  2. Terraform

With Helm

An Apono connector is installed in the cloud platform managing your Kubernetes resource. The installation is made by running a Helm command with the necessary parameters.

Prerequisites

  • An existing Kubernetes project on one of the following platforms:

    • Google Kubernetes Engine (GKE)

    • Elastic Kubernetes Service (EKS)

    • Azure Kubernetes Engine (AKS)

    • Kubernetes (self-managed)

  • Helm

  • kubectl

Step-by-step guide

Find Your Integration Token

  1. Select any Kubernetes integration in the Catalog.

  1. From the drop-down list on the next page select Add a New Connector, and then select Help.

  2. Copy the token displayed toward the bottom of the page.

Install the Connector

Run the following Helm command in a terminal:

Without permissions

  • If you would like to install the connector in Kubernetes, but not grant Apono access to read or manage access to Kubernetes resources, use this code:

helm install apono-connector apono-connector --repo https://apono-io.github.io/apono-helm-charts \
    --set-string apono.token=[APONO_TOKEN] \
    --set-string apono.connectorId=[CONNECTOR_NAME] \
    --set serviceAccount.manageClusterRoles=false \
    --namespace apono-connector \
    --create-namespace

With permissions

  • If you would like to install the connector in Kubernetes and grant Apono access to read and manage access to Kubernetes resources, use this code:

helm install apono-connector apono-connector --repo https://apono-io.github.io/apono-helm-charts \
    --set-string apono.token=[APONO_TOKEN] \
    --set-string apono.connectorId=[CONNECTOR_NAME] \
    --set serviceAccount.manageClusterRoles=true \
    --namespace apono-connector \
    --create-namespace

Where:

  • [APONO_TOKEN] is the token copied from the integration page in the previous step.

  • [CONNECTOR_NAME] is any name you choose to give the connector.

Helm will finish with a message that the apono-connector has been installed.

Interested in HA for the connector?

Add this variable to the Helm chart to create one or more replicas of the Apono connector instance:

--set-string replicaCount=<number_of_replicas>

Read more here.

Results and next steps

The Kubernetes Connector is now installed.

  1. Return to the Add new integration form from step 1 for EKS, GKE, AKS or self-managed Kubernetes.

  2. The Connector is found by the form, marked by a green checkmark

You can now integrate Apono with your Kubernetes instance

Complete the integration with EKS, GKE, AKS or self-managed Kubernetes.

Troubleshooting

  • If you are managing more than one Kubernetes cluster, you must be certain that the current context points to the cluster into which the Apono connector is to be added.

    • Get the current context with kubectl config current-context

    • Set the current context with kubectl config use-context [clustername]

With Terraform

An Apono connector is installed in the cloud platform managing your Kubernetes resource. The installation is made by adding an Apono module to your Terraform configuration.

Prerequisites

  • A Kubernetes project on one of the following platforms:

    • Google Kubernetes Engine (GKE)

    • Elastic Kubernetes Service (EKS)

    • Azure Kubernetes Engine (AKS)

    • Kubernetes (self-managed)

  • Terraform with the following providers:

    • Helm

    • Kubernetes

    • AWS

Step-by-step guide

Find Your Integration Token

  1. Select any Kubernetes integration in the Catalog.

  1. From the drop-down list on the next page select Add a New Connector, and then select Terraform.

  2. Copy the token displayed toward the bottom of the page.

Edit the Terraform Configuration

  1. Add the following to your Terraform module.

  • If you would like to install the connector in Kubernetes, but not grant Apono access to read or manage access to Kubernetes resources, use this code:

module "connector" {
    source = "github.com/apono-io/terraform-modules/k8s/connector-without-permissions/stacks/apono-connector"
    aponoToken = [APONO_TOKEN]
    connectorId = [CONNECTOR_NAME] // choose connector name
}

  • If you would like to install the connector in Kubernetes and grant Apono access to read and manage access to Kubernetes resources, use this code:

module "connector" {  
    source = "github.com/apono-io/terraform-modules/k8s/connector-with-permissions/stacks/apono-connector"  
    aponoToken = [APONO_TOKEN]  
    connectorId = [CONNECTOR_NAME] // choose connector name  
}

Where:

  • [APONO_TOKEN] is the token copied from the integration page in the previous step.

  • [CONNECTOR_NAME] is any name you choose to give the connector.

  1. Run terraform init. It will finish with the message: "Terraform has been successfully initialized!"

  2. Run terraform apply. It will finish with the message: "Apply complete! Resources: (N) added.."

Results and next steps

The Kubernetes Connector is now installed.

  1. Return to the Add new integration form from step 1 for EKS, GKE, AKS or self-managed Kubernetes.

  2. The Connector is found by the form, marked by a green checkmark

You can now integrate Apono with your Kubernetes instance

Complete the integration with EKS, GKE, AKS or self-managed Kubernetes.

Next Steps

Return to the Catalog, and select one of the following Kubernetes integrations:

Last updated

Was this helpful?