1 of 2

Kubernetes Integrations

Learn how to integrate and manage access to your K8s cluster

If your organization uses Kubernetes for development, Apono's Kubernetes integrations can help you securely manage access to your Kubernetes containers and databases.

By identifying and transforming existing privileges, Apono can shift your management from broad permissions to on-demand access flows. Through our integrations, Apono enables you to perform the following access tasks:

Limit Access: Discover existing cluster privileges and convert them to just-in-time Access Flows.
Enable Self-Service Access: Allow developers to request access to K8s clusters and pods via Slack.
Automate Approval Workflows: Create automatic approval processes for sensitive K8s resources.
Restrict Third-Party Access: Grant third-parties (customers or vendors) time-based access to specific containers with MFA verification.
Review Access: Audit access, permissions granted, and reasons for access across K8s.

Integrate with Self-Managed Kubernetes

Overview

With a connector installed on your Kubernetes platform, the next step is setting permissions for Apono to manage access control.

Prerequisites

Cluster admin access to the cluster you'd like to integrate
Helm
An Apono Kubernetes connector

Please note! If you installed the Apono connector on the cluster, there is no need to provide the secret in the Add Integration form in the UI.

The connector already handles the secret ;)

Integrate Apono with Kubernetes

Select a Connector

Select Kubernetes from the Catalog.
On the next page, select an existing connector from the drop-down list.
Click Next to view the Kubernetes integration form.

Integration Form

Name the integration.
Enter the following Kubernetes parameters, which can be found with kubectl:

Cluster Name

Secret
1. If you installed the Apono connector on the cluster, leave this empty. Otherwise:

With a GCP secret manager:
- Project
- Secret ID
With Kubernetes secret manager:
- Namespace
- Secret Name
With an Azure secret manager:
- Vault URL
- Secret Name

Results

Integration of Apono with self-managed Kubernetes is now complete.

Next Steps

Manage users and groups. If you have and IdP set up, for example Okta or Azure AD, you may want to integrate Apono in order to sync users and groups.
You can now control access to this resource by defining Access Flows.
Make it easy for your users to request access by integrating your Slack or Teams organization with Apono.