Versions Compared

Old Version 6

changes.mady.by.user Thomas Sileo

Saved on

compared with

New Version 7

changes.mady.by.user Thomas Sileo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Admin access to the Kubernetes cluster.

  • Whitelisting Data Theorem IP’s to allow the analyzer to properly talks to the Kubernetes API.

...

This service account will have read-only permissions and will allow Data Theorem to connect to the Kubernetes cluster API to analyze its configuration.

The script requires:

  • cluster-admin access to the Kubernetes cluster.

  • kubectl.

  • Python 3.7+ on MacOS or Linux.

View file
namedatatheorem_onboarding_script.py

...

  • Create a service account for Data Theorem.

  • Add a security audit role (with read-only access).

  • Link the security audit role to the service account.

  • Generate a kube config file for the previously generated service account.

Note

The script calls kubectl, which must be configured for the cluster you want to onboard.

...

Code Block
languagebash
python3 datatheorem-k8s-onboarding.py -p aws -o <CONFIGdatatheorem_k8s_OUTPUTservice_PATH>account.yaml --rolearn <ROLE_ARN>

Onboarding Kubernetes cluster on Azure (AKS)

...

  1. Kubernetes Services

  2. Search for the name of the cluster you want to onboard and click on it

  3. Under Settings, click on Cluster configuration

  4. Role-based access control (RBAC) must be Enabled

...

Code Block
languagebash
python3 datatheorem-k8s-onboarding.py -p azure -o datatheorem_k8s_service_account.yaml

...