This is a work in progress. Do not publish it publicly yet.
Prerequisite
In order to complete the onboarding process, you will need to execute a script on your machine. This script requires:
cluster-admin access to the Kubernetes cluster
Python 3.7+
Instructions
Download the onboarding script
TODO: provide static link to script
The script is written in Python. It works with Python 3.7+ on macOS and Linux.
The script will:
create a service account for Data Theorem
add a security audit role (with read-only access)
link the security audit role to the service account
generate a kube config file which contains a token which never expires
The script calls kubectl, which must be set on the cluster you want to onboard.
Onboarding Kubernetes cluster on Amazon (EKS)
First we need to retrieve the role ARN of the Kubernetes cluster:
Go to the AWS Console
Go to EKS
On the left hand side, click on
Clusters, underAmazon EKSIn the list of clusters, search for the cluster name you want to onboard and click on it
Then click on the
ConfigurationtabFinally copy the
Cluster IAM Role ARN
Then run the script as follows:
python3 datatheorem-k8s-onboarding.py -p aws -o <CONFIG_OUTPUT_PATH> --rolearn <ROLE_ARN>
Onboarding Kubernetes cluster on Azure (AKS)
In order to onboard the cluster, it must have the RBAC setting enabled. You can make sure of that by going to the Azure Console and:
Kubernetes Services
Search for the name of the cluster you want to onboard and click on it
Under
Settings, click onCluster configurationRole-based access control (RBAC)must beEnabled
python3 datatheorem-k8s-onboarding.py -p azure -o <CONFIG_OUTPUT_PATH>
Onboarding Kubernetes cluster on GCP (GKE)
The gcloud user that runs the script must have the Kubernetes Engine Admin role or higher.
python3 datatheorem-k8s-onboarding.py -p gcp -o <CONFIG_OUTPUT_PATH>
Onboarding on-premises Kubernetes cluster
python3 datatheorem-k8s-onboarding.py -p onprem -o <CONFIG_OUTPUT_PATH>