How to Onboard Kubernetes Account

Modified on Thu, 5 Sep at 7:29 PM

CloudDefense.Al can scan and visualize your Kubernetes cluster objects, including workloads and pods, through the use of a view-only Role-Based Access Control (RBAC) policy.



 kubectl edit -n kube-system configmap/aws-auth 
 


Add the lines below to the mapRoles section:


data: 
    mapRoles: | 
        - rolearn: arn:aws:iam::: 407638845061: role/Cdefense-us-east-1-407638845061-role_cross_account_1008358623
    groups: 
        - system:masters



create a cluster role binding to grant the role view-only access:

cat << EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: system:masters
subjects:
 - kind: Group
 name: system:masters-view-only
 apiGroup: rbac.authorization.k8s.io
roleRef:
 kind: ClusterRole
 name: view
 apiGroup: rbac.authorization.k8s.io
EOF

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article