unSkript Documentation
Free SandboxBlogGitHubSlack Community
  • What is unSkript?
  • Guides
    • Contribute to Open Source
    • Getting started
      • Sign Up/Install
      • Authentication
        • Okta configuration
          • Okta Groups Sync
      • Create a Proxy
      • Add Credentials to Connect your Resources
      • Key Terms
  • RunBooks
    • Prebuilt xRunBooks
      • xRunBooks for CloudOps
      • xRunBooks for Cost Optimization
      • xRunBooks for DevOps
      • xRunBooks for IAM
      • xRunBooks for SecOps
      • xRunBooks for SRE
      • xRunBooks for Troubleshooting
    • Creating RunBooks
      • Importing unSkript xRunBooks
      • Create a xRunBook
      • Add an Action
      • Connecting Actions
      • Create a RunBook Input Parameter
      • Create a Credential
      • Writing Notes
      • Running XRunBooks
        • Running RunBooks with Approvals
      • Schedules
      • xRunBook Executions
      • Alarms
        • Create an Alarm Webhook
          • Webhooks for onprem installations
        • Create a Grafana Alert
        • Attaching runbooks to alarms
      • Folders
      • RunBook Outputs
  • Actions
    • What is an Action?
    • Create Custom Actions
    • Create Actions with AI
    • Actions
      • Action Configuration
        • Configure Action Inputs
        • Add Action Inputs
        • Action Output
        • Action Iterator
          • Using Iterators
        • Action Poll
        • Action Start Condition
      • Anatomy of an Action
    • Prebuilt Actions
  • Healthchecks
    • What is a HealthCheck?
    • Create a HealthCheck
      • Create a HealthCheck Folder
      • Adding Checks
    • HealthCheck Parameters
    • Running HealthChecks
    • HealthCheck Remediation
  • Workflows
    • What is a Workflow?
  • Connnecting
    • Connectors
      • Airflow
        • Airflow Actions
      • AWS
        • AWS Actions
          • AWS Cloudwatch Actions
          • AWS EC2 Actions
          • AWS ECS Actions
          • AWS EKS Actions
          • AWS ELB Actions
          • AWS IAM Actions
          • AWS Postgres Actions
          • AWS RDS Actions
          • AWS RedShift Actions
          • AWS S3 Actions
          • AWS VPC Actions
      • Azure
        • Azure Actions
      • ChatGPT
        • ChatGPT Actions
      • Datadog
        • Configuring webhook in Datadog
        • Datadog Actions
          • Datadog Alert Actions
          • Datadog Metrics Actions
          • Datadog Monitor Actions
      • Elasticsearch
        • Elasticsearch Actions
      • GCP
        • GCP Actions
          • GCP Bucket Actions
          • GCP GKE Actions
          • GCP IAM Actions
          • GCP VM Actions
      • Github
        • Github Actions
      • Grafana
        • Grafana Actions
      • Hadoop
        • Hadoop Actions
      • Jenkins
        • Jenkins Actions
      • Jira
        • Jira Actions
      • Kafka
        • Kafka Actions
      • Kubernetes
        • K8s Actions
      • MongoDB
        • MongoDB Actions
      • MS SQL
        • MSSQL Actions
      • MySQL
        • MySQL Actions
      • Netbox
        • Netbox Actions
      • Nomad
        • Nomad Actions
      • OpenSearch
        • opensearch Actions
      • Pingdom
        • Pingdom Actions
      • Postgres
        • Postgres Actions
      • Prometheus
        • Prometheus Actions
      • Redis
        • Redis Actions
      • REST
        • REST Actions
      • SalesForce
        • SalesForce Actions
      • Slack
        • Slack Actions
      • Snowflake
        • Snowflake Actions
      • Splunk
        • Splunk Actions
      • SSH
        • SSH Actions
      • Stripe
        • Stripe Actions
      • Terraform
        • Terraform Actions
      • Zabbix
    • Proxies
      • Environment
        • RunBooks Across Environments: ServiceIDs
      • unSkript Proxy
      • AWS Proxy
      • GCP Proxy
    • Secret store
      • Vault
  • Tooling
    • Role Based Access Control
      • RBAC Roles
    • API reference
      • Authentication
      • Endpoints
        • Executions
        • RunBooks
        • Schedules
    • Command Line Tool
    • Notifications
  • Fundamentals
    • Jupyter Notebook 101
  • Use Cases
    • DevOps
    • SRE
  • Open source
    • Runbooks.sh
    • Contribute to Open Source
  • Lists
    • AWS Service Quota list
Powered by GitBook
On this page
  • List of Kubernetes xRunBooks
  • List of Kubernetes Actions
  • Authentication

Was this helpful?

  1. Connnecting
  2. Connectors

Kubernetes

PreviousKafka ActionsNextK8s Actions

Last updated 1 year ago

Was this helpful?

Authentication

Name
Description

Name

This credential will be listed using the name you provide

Kubeconfig

Contents of the kubeconfig file, typically found in the .kube directory of your cluster.

Authentication in Kubeconfig

The authentication of the command used to call an EKS cluster is done using the role assigned during SSO login of the AWS console. unSkript's proxy also has a role assigned to it which needs to have access to the client's EKS cluster.

We can specify the IAM Instance Role for an EC2 instance to enable authentication which is used by the unSkript proxy to talk to the client cluster.

Ensuring Connectivity for Amazon EKS VPC

As shown below for the unskript-dev cluster, the public access source allowlist is open to all traffic-

To do so, edit the aws-auth ConfigMap. You can use a tool such as eksctl to update the ConfigMap or you can update it manually by editing it. You can read for detailed steps to enabling user and role access.

In order to ensure connectivity to unSkript's proxy from a private cluster, the VPC cluster security group should allow traffic from the proxy security group. Since traffic goes out with public IP as source, the source whitelist should include the public(outgoing) IP of NAT.

Refer to the security group requirements for updating the same.

You can read for further details on Amazon EKS cluster endpoint access control.

here
NAT
here
here
List of Kubernetes xRunBooks
List of Kubernetes Actions
Information needed to onboard kubernetes connector