Kubernetes (Native) Setup

Overview

Heeler can automatically harvest Kubernetes resources and model them as services linked to your existing code base. To do so, three pieces must be in place:

Access granted to Heeler IPs (the same IPs noted under Getting Started)
Apply a read-only setup file to the Kubernetes cluster
Provide Heeler a read-only token to the Kubernetes cluster

Access Granted to Heeler IPs

Heeler must have connectivity to reach your Kubernetes clusters. Their networking configurations must allow control-plane access from Heeler's two IPs. Specifically:

44.221.229.40/32
52.73.231.96/32

Read-Only Setup

The Kubernetes cluster must have a read-only setup file applied to it in order for Heeler to have access. The steps are:

Download the file heeler-readonly.yaml.
Replace the namespace in the file, <kube-system>, with your namespace. This must be done in three places:
1. ServiceAccount > metadata > namespace
2. ClusterRoleBinding > subjects > metadata > namespace
3. Secret > metadata > namespace

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: heeler-readonly
  namespace: <kube-system>
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: heeler-readonly-role
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - get
  - list
- nonResourceURLs:
  - '*'
  verbs:
  - get
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: heeler-readonly
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: heeler-readonly-role
subjects:
- kind: ServiceAccount
  name: heeler-readonly
  namespace: <kube-system>
---
apiVersion: v1
kind: Secret
metadata:
  name: heeler-readonly
  namespace: <kube-system>
  annotations:
    kubernetes.io/service-account.name: heeler-readonly
type: kubernetes.io/service-account-token
---

Create a new service account with read-only permission

kubectl apply -f heeler-readonly.yaml

Read-Only Token

Heeler must use a read-only token provided by the Kubernetes cluster for access. To create the token:

kubectl -n kube-system describe secret heeler-readonly

Save the token to use as part of the Configuration entry when adding the Kubernetes cluster in Heeler under users > user > token.

Heeler Connection Setup

With the prerequisites in place, you now have the information required to add the Kubernetes cluster to Heeler.

Select the icon from the top navigation
Navigate to the Connections tab
Select Kubernetes Clusters
Click Add Cluster

Enter the information requested in the modal

Cluster Name: A name that is unique and readily identifies the cluster. It can be human-friendly and does not need to match the name field in the Configuration.
Cluster FQDN: The fully qualified domain name of the Kubernetes cluster. This value matches the value of server in the Configuration.
Configuration: A YAML-structured entry that follows the format below

apiVersion: v1
kind: Config
clusters:
- name: <enter name of Kubernetes cluster, e.g., acme-k8s-dev-cluster>
  cluster:
    certificate-authority-data: <enter Certificate Authority Data as a single block>
    server: <enter FQDN/URL, e.g., https://k8s-dev.acme.com:443>
contexts:
- name: <enter [email protected], e.g., heeler-readonly@acme-k8s-dev-cluster>
  context:
    cluster: <enter name of cluster, e.g., acme-k8s-dev-cluster>
    user: <enter the name of the service account for accessing cluster, e.g., heeler-readonly>
current-context: <repeat contexts name of cluster, e.g., heeler-readonly@acme-k8s-dev-cluster>
users:
- name: <enter the name of the service account for accessing cluster, e.g., heeler-readonly>
  user:
    token: <enter Bearer Token as a single block>

Enter Save. Upon saving, you should see a healthy status indicator.

PreviousKubernetes on AKS (Azure) Setup NextEnvironment Boundaries

Last updated 1 month ago

Was this helpful?