Kubernetes (Native) Setup

Overview

Heeler can automatically harvest Kubernetes resources and model them as services linked to your existing code base. To do so, three pieces must be in place:

Access Granted to Heeler IPs

Heeler must have connectivity to reach your Kubernetes clusters. Their networking configurations must allow control-plane access from Heeler's two IPs. Specifically:

  1. 44.221.229.40/32

  2. 52.73.231.96/32

Read-Only Setup

The Kubernetes cluster must have a read-only setup file applied to it in order for Heeler to have access. The steps are:

  1. Download the file heeler-readonly.yaml.

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: heeler-readonly
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind:       ClusterRole
metadata:
  name: heeler-readonly-role
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - get
  - list
- nonResourceURLs:
  - '*'
  verbs:
  - get
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: heeler-readonly
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: heeler-readonly-role
subjects:
- kind: ServiceAccount
  name: heeler-readonly
  namespace: kube-system
---
apiVersion: v1
kind: Secret
metadata:
  name: heeler-readonly
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: heeler-readonly
type: kubernetes.io/service-account-token
---

  1. Create a new service account with read-only permission

kubectl apply -f heeler-readonly.yaml

Read-Only Token

Heeler must use a read-only provided by the Kubernetes cluster for access. To create the token:

kubectl -n kube-system describe secret heeler-readonly

Save the token to use as part of the Configuration entry when adding the Kubernetes cluster in Heeler.

Heeler Connection Setup

With the prerequisites in place, you now have the information required to add the Kubernetes cluster to Heeler.

  1. Select the icon from the top navigation

  2. Navigate to the Connections tab

  3. Select Kubernetes Clusters

  4. Click Add Cluster

  1. Enter the information requested in the modal

    1. Cluster Name: A name that is unique and readily identifies the cluster. It can be human-friendly and does not need to match the name field in the Configuration.

    2. Cluster FQDN: The fully qualified domain name of the Kubernetes cluster. This value matches the value of server in the Configuration.

    3. Configuration: A YAML-structured entry that follows the format below

    apiVersion: v1
kind: Config
clusters:
- name: <enter name of Kubernetes cluster, e.g., acme-k8s-dev-cluster>
  cluster:
    certificate-authority-data: <enter Certificate Authority Data as a single block>
    server: <enter FQDN/URL, e.g., https://k8s-dev.acme.com>
contexts:
- name: <enter [email protected], e.g., heeler-readonly@acme-k8s-dev-cluster>
  context:
    cluster: <enter name of cluster, e.g., acme-k8s-dev-cluster>
    user: <enter the name of the service account for accessing cluster, e.g., heeler-readonly>
current-context: <repeat contexts name of cluster, e.g., heeler-readonly@acme-k8s-dev-cluster>
users:
- name: <enter the name of the service account for accessing cluster, e.g., heeler-readonly>
  user:
    token: <enter Bearer Token as a single block>

  2. Enter Save. Upon saving, you should see a healthy status indicator.

PreviousGCP Event CollectionNextEnvironment Boundaries

Last updated

Was this helpful?