Skip to main content

Discovering Services with Kubernetes

Some environments use Kubernetes to orchestrate service deployment. CxIAST uses the Kubernetes API to fetch the deployed service details.

Connecting to a Kubernetes Cluster with IAST

Use the following steps to connect to a Kubernetes cluster from IAST:

1. Browse to the Service Discovery page in the IAST portal to configure the Kubernetes endpoint.

6436323447.png

2. Click Edit. The Edit Connection dialog opens.

3. Use one of following methods to connect to the Kubernetes cluster:

  • Credentials

    Specify the following parameters:

    • Namespace - a Kubernetes namespace to get services from. Leave empty to get services from all namespaces

    • Cluster URL - Kubernetes API server URL

    • Username - a user with sufficient permissions to access the Kubernetes API server

    • Password - a password for that user.

  • API Key

    Specify the following parameters:

    • Namespace - Enter a specific Kubernetes namespace to get services from, or leave empty to get services from all namespaces

    • Cluster URL - Kubernetes API server URL

    • API Key- an API key with sufficient permissions to access the Kubernetes API server.

  • Kube Config - This is the default option. CxIAST automatically uses the connection configuration from the Kubernetes configuration file in the file system (in ~/.kube/config, or $HOME/.kube/config), for example the following location in the local Windows installation:

    C:\Users\Lenovo\.kube\config.

Notice

  • Connecting using Kube Config requires the HOME environment variable to be configured. If it is missing, the following environment variables will be used: HOMEDRIVE, HOMEPATH, USERPROFILE. If these variables are missing as well, the user.home Java system property will be used.

  • If the credentials or API key connection fails, CxIAST Manager will automatically revert to the Kube Config option.

  • If the Cluster URL uses HTTPS without a signed certificate, set KUBERNETES_TRUST_CERTIFICATES=true environment variable and restart CxIAST Manager.

4. Click Test, if you want to test the connection before saving it.

5. Click Save.

Service Discovery Table

The deployed services are listed in the Service Discovery page of CxIAST, as shown below:

6436421657.png
  • Name specifies the name of the Kubernetes service as named in Kubernetes.

  • Namespace specifies the Kubernetes namespace in which this service is deployed.

  • Monitored Project specifies the IAST project with an attached agent) that was deployed using Kubernetes. The auto-matching mechanism compares the Name column to all monitored IAST projects to create a match. To manually match projects click the arrow in this field and select a project from the list (to un-match, select None.

  • Type specifies the Kubernetes service type (ClusterIP, LoadBalancer, etc.).

  • Cluster IP specifies the internal Kubernetes cluster IP adress of this service.

  • External IPs specifies the external IP addresses for this service.

  • Ports specifies the exposed ports for this service.