# Apono Connector for Kubernetes
## Overview
To integrate with Kubernetes and start managing JIT access to Kubernetes resources, you must **first install a connector in your Kubernetes cluster**.
This is can be done by one of the following methods:
1. Helm
2. Terraform
{% hint style="info" %}
**What's a connector? What makes it so secure?**
The Apono Connector is an on-prem connection that can be used to connect resources to Apono and separate the Apono web app from the environment for maximal [security](https://docs.apono.io/docs/about-apono/security-and-architecture).
{% endhint %}
## With Helm
An Apono connector is installed in the cloud platform managing your Kubernetes resource. The installation is made by running a Helm command with the necessary parameters.
### Prerequisites
* An existing Kubernetes project on one of the following platforms:
* Google Kubernetes Engine (GKE)
* Elastic Kubernetes Service (EKS)
* Azure Kubernetes Engine (AKS)
* Kubernetes (self-managed)
* Helm
* kubectl
### Step-by-step guide
#### Find Your Integration Token
1. Select any Kubernetes integration in the Catalog.
{% hint style="info" %}
You can install a new connector from any Kubernetes New Integration form. Pick the one relevant to your network.
Connectors for EKS, GKE, AKS and self-managed Kubernetes work in the same way.
{% endhint %}
2. From the drop-down list on the next page select **Add a New Connector**, and then select Help.
3. Copy the **token** displayed toward the bottom of the page.
#### Install the Connector
Run the following Helm command in a terminal:
**Without permissions**
* If you would like to install the connector in Kubernetes, but not grant Apono access to read or manage access to Kubernetes resources, use this code:
```curl
helm install apono-connector apono-connector --repo https://apono-io.github.io/apono-helm-charts \
--set-string apono.token=[APONO_TOKEN] \
--set-string apono.connectorId=[CONNECTOR_NAME] \
--set serviceAccount.manageClusterRoles=false \
--namespace apono-connector \
--create-namespace
```
**With permissions**
* If you would like to install the connector in Kubernetes and grant Apono access to read and manage access to Kubernetes resources, use this code:
```curl
helm install apono-connector apono-connector --repo https://apono-io.github.io/apono-helm-charts \
--set-string apono.token=[APONO_TOKEN] \
--set-string apono.connectorId=[CONNECTOR_NAME] \
--set serviceAccount.manageClusterRoles=true \
--namespace apono-connector \
--create-namespace
```
Where:
* \[APONO\_TOKEN] is the token copied from the integration page in the previous step.
* \[CONNECTOR\_NAME] is any name you choose to give the connector.
Helm will finish with a message that the **apono-connector** has been installed.
{% hint style="success" %}
Interested in HA for the connector?
Add this variable to the Helm chart to create one or more replicas of the Apono connector instance:
`--set-string replicaCount=`
Read more [here](https://docs.apono.io/docs/connectors-and-secrets/high-availability-for-connectors).
{% endhint %}
### Results and next steps
The Kubernetes Connector is now installed.
1. Return to the Add new integration form from step 1 for EKS, GKE, AKS or self-managed Kubernetes.
2. The Connector is found by the form, marked by a green checkmark
{% hint style="success" %}
You can now integrate Apono with your Kubernetes instance
Complete the integration with [EKS](https://docs.apono.io/docs/aws-environment/aws-integrations/integrate-with-eks), [GKE](https://docs.apono.io/docs/gcp-environment/gcp-integrations/integrate-with-gke), [AKS](https://docs.apono.io/docs/azure-environment/azure-integrations/integrate-with-aks) or [self-managed Kubernetes](https://docs.apono.io/docs/integrate-with-self-managed-kubernetes).
{% endhint %}
### Troubleshooting
* If you are managing more than one Kubernetes cluster, you must be certain that the current context points to the cluster into which the Apono connector is to be added.
* Get the current context with `kubectl config current-context`
* Set the current context with `kubectl config use-context [clustername]`
## With Terraform
An Apono connector is installed in the cloud platform managing your Kubernetes resource. The installation is made by adding an Apono module to your Terraform configuration.
### Prerequisites
* A Kubernetes project on one of the following platforms:
* Google Kubernetes Engine (GKE)
* Elastic Kubernetes Service (EKS)
* Azure Kubernetes Engine (AKS)
* Kubernetes (self-managed)
* Terraform with the following providers:
* Helm
* Kubernetes
* AWS
### Step-by-step guide
#### Find Your Integration Token
1. Select any Kubernetes integration in the Catalog.
{% hint style="info" %}
You can install a new connector from any Kubernetes New Integration form. Pick the one relevant to your network.
Connectors for EKS, GKE, AKS and self-managed Kubernetes work in the same way.
{% endhint %}
2. From the drop-down list on the next page select **Add a New Connector**, and then select Terraform.
3. Copy the **token** displayed toward the bottom of the page.
#### Edit the Terraform Configuration
1. Add the following to your Terraform module.
#### [**Without permissions**](#without-permissions)
* If you would like to install the connector in Kubernetes, but not grant Apono access to read or manage access to Kubernetes resources, use this code:
```
module "connector" {
source = "github.com/apono-io/terraform-modules/k8s/connector-without-permissions/stacks/apono-connector"
aponoToken = [APONO_TOKEN]
connectorId = [CONNECTOR_NAME] // choose connector name
}
```
#### [**With permissions**](#with-permissions)
* If you would like to install the connector in Kubernetes and grant Apono access to read and manage access to Kubernetes resources, use this code:
```
module "connector" {
source = "github.com/apono-io/terraform-modules/k8s/connector-with-permissions/stacks/apono-connector"
aponoToken = [APONO_TOKEN]
connectorId = [CONNECTOR_NAME] // choose connector name
}
```
Where:
* \[APONO\_TOKEN] is the token copied from the integration page in the previous step.
* \[CONNECTOR\_NAME] is any name you choose to give the connector.
2. Run `terraform init`. It will finish with the message:\
"Terraform has been successfully initialized!"
3. Run `terraform apply`. It will finish with the message:\
"Apply complete! Resources: (N) added.."
### Results and next steps
The Kubernetes Connector is now installed.
1. Return to the Add new integration form from step 1 for EKS, GKE, AKS or self-managed Kubernetes.
2. The Connector is found by the form, marked by a green checkmark
{% hint style="success" %}
You can now integrate Apono with your Kubernetes instance
Complete the integration with [EKS](https://docs.apono.io/docs/integrate-eks), [GKE](https://docs.apono.io/docs/integrate-with-gke), [AKS](https://docs.apono.io/docs/integrate-with-aks) or [self-managed Kubernetes](https://docs.apono.io/docs/integrate-with-self-managed-kubernetes).
{% endhint %}
## Next Steps
Return to the [Catalog](https://app.apono.io/catalog), and select one of the following Kubernetes integrations:
* [Google Kubernetes Engine (GKE)](https://app.apono.io/catalog/connect-integration/gcp-gke)
* [Elastic Kubernetes Service (EKS)](https://app.apono.io/catalog/connect-integration/aws-eks)
* [Azure Kubernetes Engine (AKS)](https://app.apono.io/catalog/connect-integration/azure-aks)
* [Kubernetes (self-managed)](https://app.apono.io/catalog/connect-integration/k8s-roles)
