Kubernetes

Kubernetes connections enable integration with Kubernetes clusters for health checks, configuration scraping, and playbook automation.

Used By

Kubernetes Config Scraper - Scrape Kubernetes resource configurations
Pod Exec Action - Execute commands in pods
Playbook Actions - Execute Kubernetes automation

Field	Description	Scheme
`cnrm`	CNRM connection details	CNRM
`connection`	The connection url to use, mutually exclusive with `kubeconfig`	Connection
`eks`	EKS connection details	EKS
`gke`	GKE connection details	GKE
`kubeconfig`	Source for kubeconfig	EnvVar

note

One of the connection types must be provided: kubeconfig, EKS, GKE, or CNRM.

Connection Types

Kubeconfig

Connect using a kubeconfig file:

kubeconfig-connection.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Connection
metadata:
  name: remote-cluster
spec:
  kubernetes:
    kubeconfig:
      valueFrom:
        secretKeyRef:
          name: cluster-credentials
          key: kubeconfig

EKS Connection

Connect to Amazon EKS clusters:

Field	Description	Scheme
`cluster*`	Name of the EKS cluster	`string`
`accessKey`	Access Key ID	EnvVar
`connection`	The connection url to use, mutually exclusive with `accessKey` and `secretKey`	Connection
`endpoint`	Custom AWS Endpoint to use	`string`
`region`	The AWS region	`string`
`secretKey`	Secret Access Key	EnvVar
`skipTLSVerify`	Skip TLS verify when connecting to AWS	`boolean`

eks-connection.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Connection
metadata:
  name: eks-production
spec:
  kubernetes:
    eks:
      cluster: my-eks-cluster
      region: us-east-1
      accessKey:
        valueFrom:
          secretKeyRef:
            name: aws-credentials
            key: AWS_ACCESS_KEY_ID
      secretKey:
        valueFrom:
          secretKeyRef:
            name: aws-credentials
            key: AWS_SECRET_ACCESS_KEY

GKE Connection

Connect to Google Kubernetes Engine clusters:

Field	Description	Scheme
`cluster*`	Name of the GKE cluster	`string`
`project*`	GCP project ID	`string`
`zone*`	GCP zone where the cluster is located	`string`
`connection`	The connection url to use, mutually exclusive with `credentials`	Connection
`credentials`	The credentials to use for authentication	EnvVar
`endpoint`	Custom GCP Endpoint to use	`string`
`skipTLSVerify`	Skip TLS verification when connecting to GCP	`boolean`

gke-connection.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Connection
metadata:
  name: gke-production
spec:
  kubernetes:
    gke:
      project: my-gcp-project
      zone: us-central1-a
      cluster: my-gke-cluster
      credentials:
        valueFrom:
          secretKeyRef:
            name: gcp-credentials
            key: service-account.json

CNRM Connection

Connect via Config Connector for GCP-managed clusters:

Field	Description	Scheme
`clusterResource*`	Name of the ContainerCluster resource managed by Config Connector	`string`
`clusterResourceNamespace*`	Namespace containing the ContainerCluster resource	`string`
`gke.cluster*`	Name of the management GKE cluster	`string`
`gke.projectID*`	Google Cloud project ID containing the management GKE cluster	`string`
`gke.zone*`	Zone or region where the management GKE cluster is located	`string`
`clusterResource`	Name of the cluster resource in Config Connector	`string`
`clusterResourceNamespace`	Namespace of the cluster resource	`string`
`gke`	GKE connection details	GKE

Used By​

Connection Types​

Kubeconfig​

EKS Connection​

GKE Connection​

CNRM Connection​