Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

The article instructs on how to provide access to AKS Cluster with enabled AD integration for Cloudaware to discover AKS resources automatically.

If Active Directory integration is enabled for AKS cluster, Azure allows to get access to AKS cluster resources (pods, nodes, etc) automatically using authorization via AD.

Set up the cluster role binding in AKS cluster for the Azure Application that has been added into Cloudaware.

Access Setup

1. Locate the service principal ID of the Azure App added to Cloudaware. Log in to Azure Portal → Azure Active Directory → Enterprise applications → select the app. Copy the Object ID. This which is the unique ID of the service principal object associated with this application.

2. In your AKS cluster create cloudaware-rbac.yaml using the section below:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cloudaware-reader
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["get", "watch", "list"]
---
kind: ClusterRoleBinding
metadata:
  name: sp-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: <service-principal-object-id>

WHERE

in ClusterRoleBinding:

name: sp-role-binding in metadata should be replaced by your binding name

name: cluster-admin in roleRef should be replaced by your cluster role name

3. Run the following command:

kubectl create -f cloudaware-rbac.yaml

Further Configuration

If your Amazon EKS Cluster is running in a private network, check this guide to install Cloudaware Breeze agent for secure connection.

Please allow up to 24 hours for the AKS resources to be collected and displayed in Cloudaware CMDB. 

List of AKS Objects

Cloudaware supports the following AKS cluster objects:

  • No labels