# Apono Connector for Kubernetes
## Overview
To integrate with Kubernetes and start managing JIT access to Kubernetes resources, you must **first install a connector in your Kubernetes cluster**.
This is can be done by one of the following methods:
1. Helm
2. Terraform
{% hint style="info" %}
**What's a connector? What makes it so secure?**
The Apono Connector is an on-prem connection that can be used to connect resources to Apono and separate the Apono web app from the environment for maximal [security](/docs/about-apono/security-and-architecture.md).
{% endhint %}
## With Helm
An Apono connector is installed in the cloud platform managing your Kubernetes resource. The installation is made by running a Helm command with the necessary parameters.
### Prerequisites
* An existing Kubernetes project on one of the following platforms:
* Google Kubernetes Engine (GKE)
* Elastic Kubernetes Service (EKS)
* Azure Kubernetes Engine (AKS)
* Kubernetes (self-managed)
* Helm
* kubectl
### Step-by-step guide
#### Find Your Integration Token
1. Select any Kubernetes integration in the Catalog.
{% hint style="info" %}
You can install a new connector from any Kubernetes New Integration form. Pick the one relevant to your network.
Connectors for EKS, GKE, AKS and self-managed Kubernetes work in the same way.
{% endhint %}
2. From the drop-down list on the next page select **Add a New Connector**, and then select Help.
3. Copy the **token** displayed toward the bottom of the page.
#### Install the Connector
Run the following Helm command in a terminal:
**Without permissions**
* If you would like to install the connector in Kubernetes, but not grant Apono access to read or manage access to Kubernetes resources, use this code:
```curl
helm install apono-connector apono-connector --repo https://apono-io.github.io/apono-helm-charts \
--set-string apono.token=[APONO_TOKEN] \
--set-string apono.connectorId=[CONNECTOR_NAME] \
--set serviceAccount.manageClusterRoles=false \
--namespace apono-connector \
--create-namespace
```
**With permissions**
* If you would like to install the connector in Kubernetes and grant Apono access to read and manage access to Kubernetes resources, use this code:
```curl
helm install apono-connector apono-connector --repo https://apono-io.github.io/apono-helm-charts \
--set-string apono.token=[APONO_TOKEN] \
--set-string apono.connectorId=[CONNECTOR_NAME] \
--set serviceAccount.manageClusterRoles=true \
--namespace apono-connector \
--create-namespace
```
Where:
* \[APONO\_TOKEN] is the token copied from the integration page in the previous step.
* \[CONNECTOR\_NAME] is any name you choose to give the connector.
Helm will finish with a message that the **apono-connector** has been installed.
{% hint style="success" %}
Interested in HA for the connector?
Add this variable to the Helm chart to create one or more replicas of the Apono connector instance:
`--set-string replicaCount=`
Read more [here](/docs/connectors-and-secrets/high-availability-for-connectors.md).
{% endhint %}
### Results and next steps
The Kubernetes Connector is now installed.
1. Return to the Add new integration form from step 1 for EKS, GKE, AKS or self-managed Kubernetes.
2. The Connector is found by the form, marked by a green checkmark
{% hint style="success" %}
You can now integrate Apono with your Kubernetes instance
Complete the integration with [EKS](/docs/aws-environment/aws-integrations/integrate-with-eks.md), [GKE](/docs/gcp-environment/gcp-integrations/integrate-with-gke.md), [AKS](/docs/azure-environment/azure-integrations/integrate-with-aks.md) or [self-managed Kubernetes](https://docs.apono.io/docs/integrate-with-self-managed-kubernetes).
{% endhint %}
### Troubleshooting
* If you are managing more than one Kubernetes cluster, you must be certain that the current context points to the cluster into which the Apono connector is to be added.
* Get the current context with `kubectl config current-context`
* Set the current context with `kubectl config use-context [clustername]`
## With Terraform
An Apono connector is installed in the cloud platform managing your Kubernetes resource. The installation is made by adding an Apono module to your Terraform configuration.
### Prerequisites
* A Kubernetes project on one of the following platforms:
* Google Kubernetes Engine (GKE)
* Elastic Kubernetes Service (EKS)
* Azure Kubernetes Engine (AKS)
* Kubernetes (self-managed)
* Terraform with the following providers:
* Helm
* Kubernetes
* AWS
### Step-by-step guide
#### Find Your Integration Token
1. Select any Kubernetes integration in the Catalog.
{% hint style="info" %}
You can install a new connector from any Kubernetes New Integration form. Pick the one relevant to your network.
Connectors for EKS, GKE, AKS and self-managed Kubernetes work in the same way.
{% endhint %}
2. From the drop-down list on the next page select **Add a New Connector**, and then select Terraform.
3. Copy the **token** displayed toward the bottom of the page.
#### Edit the Terraform Configuration
1. Add the following to your Terraform module.
#### [**Without permissions**](#without-permissions)
* If you would like to install the connector in Kubernetes, but not grant Apono access to read or manage access to Kubernetes resources, use this code:
```
module "connector" {
source = "github.com/apono-io/terraform-modules/k8s/connector-without-permissions/stacks/apono-connector"
aponoToken = [APONO_TOKEN]
connectorId = [CONNECTOR_NAME] // choose connector name
}
```
#### [**With permissions**](#with-permissions)
* If you would like to install the connector in Kubernetes and grant Apono access to read and manage access to Kubernetes resources, use this code:
```
module "connector" {
source = "github.com/apono-io/terraform-modules/k8s/connector-with-permissions/stacks/apono-connector"
aponoToken = [APONO_TOKEN]
connectorId = [CONNECTOR_NAME] // choose connector name
}
```
Where:
* \[APONO\_TOKEN] is the token copied from the integration page in the previous step.
* \[CONNECTOR\_NAME] is any name you choose to give the connector.
2. Run `terraform init`. It will finish with the message:\
"Terraform has been successfully initialized!"
3. Run `terraform apply`. It will finish with the message:\
"Apply complete! Resources: (N) added.."
### Results and next steps
The Kubernetes Connector is now installed.
1. Return to the Add new integration form from step 1 for EKS, GKE, AKS or self-managed Kubernetes.
2. The Connector is found by the form, marked by a green checkmark
{% hint style="success" %}
You can now integrate Apono with your Kubernetes instance
Complete the integration with [EKS](https://docs.apono.io/docs/integrate-eks), [GKE](https://docs.apono.io/docs/integrate-with-gke), [AKS](https://docs.apono.io/docs/integrate-with-aks) or [self-managed Kubernetes](https://docs.apono.io/docs/integrate-with-self-managed-kubernetes).
{% endhint %}
## Next Steps
Return to the [Catalog](https://app.apono.io/catalog), and select one of the following Kubernetes integrations:
* [Google Kubernetes Engine (GKE)](https://app.apono.io/catalog/connect-integration/gcp-gke)
* [Elastic Kubernetes Service (EKS)](https://app.apono.io/catalog/connect-integration/aws-eks)
* [Azure Kubernetes Engine (AKS)](https://app.apono.io/catalog/connect-integration/azure-aks)
* [Kubernetes (self-managed)](https://app.apono.io/catalog/connect-integration/k8s-roles)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.apono.io/docs/kubernetes-environment/apono-connector-for-kubernetes.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.