Skip to main content
After your Kubernetes Clusters have been discovered, you onboard the clusters from the Cloud Resources > Cloud Assets > Kubernetes Clusters tab.
The Kubernetes Clusters tab is only visible if Distributed Cloud Firewall is enabled, and you have also discovered your Kubernetes resources.
You can onboard Azure clusters manually; via a preconfigured kubeconfig file; or with RBAC authentication in your Azure cloud account. You can onboard AWS clusters manually or via an authentication method.
Automatic onboarding supports only publicly available Kubernetes clusters and does not support private clusters. Private clusters need connectivity from the controller to the private K8s management IP address.

Onboarding a Cluster Manually

Onboard a Kubernetes cluster manually if you built it without using AKS or EKS. These clusters are not discoverable at the cloud service provider and are therefore not displayed on the Kubernetes Clusters tab until you onboard them.
You cannot manually onboard non-cloud based Kubernetes clusters.Ensure that the necessary permissions are configured in your kubeconfig file before onboarding.
  1. On the Cloud Resources > Cloud Assets > Kubernetes Clusters tab, click Manually Onboard a Cluster.
  2. In the Manually Onboard a Cluster dialog, enter the following information:
FieldDescription
NameA custom name for the Cluster.
CloudAWS or Azure
Cloud AccountSelect the AWS or Azure cloud account where Kubernetes clusters were discovered.
RegionSelect the region related to the above.
VPC/VNetSelect the VPC/VNet related to the above.
Kubeconfig fileSelect the kubeconfig file that provides access to the cluster. If the kubeconfig is not configured correctly you will be unable to manually onboard the cluster. Proper configuration of a kubeconfig file
  1. Click Onboard.

Onboarding a Cluster via Authentication Method (AWS only)

Select this option to onboard clusters created with AWS (EKS) and managed by your cloud provider. Onboarding via authentication method gives the Controller permissions to query the status of the cluster. Since these clusters were created with AWS (EKS) they are displayed on the Kubernetes Clusters tab after you onboard an AWS account that contains Kubernetes clusters. To onboard an AWS (EKS) cluster using an authentication method:
  1. On the Cloud Assets > Kubernetes Clusters tab, click Onboard next to a discovered AWS (EKS) Kubernetes cluster.
  2. In the Onboard Cluster dialog, select one of the following onboarding methods:
  • Terraform
  • Command Line
  • Kubeconfig File See below for the configuration steps for each method.
  1. Click Onboard.

Terraform

The Terraform prerequisites must be met before attempting to onboard clusters using Terraform.
After selecting the Terraform option in the Onboard Cluster dialog, the Terraform script is generated and shown in the Onboard Cluster dialog.
  1. Copy the Terraform script text to your clipboard.
  2. Paste the Terraform script into the main.tf file.
  3. Edit the script to point to the credentials in the providers.tf file.? Provider information for AWS (EKS) and Kubernetes must be in this file.
  4. Run terraform.init within the Terraform directory.
  5. Run terraform apply within the Terraform directory.
  6. Go back to Onboarding a Cluster via Authentication Method (AWS only) to complete the onboarding process.
  7. Check AWS to see creation/updating of resources for Kubernetes.

Command Line

The eksctl and kubectl tools must be installed before attempting to onboard clusters using Command Line.
After selecting the Command Line option, the Command Line script is generated and shown in the Onboard Cluster dialog.
  1. In the Onboard Cluster dialog, copy the first section of the command to the clipboard. k8s onboarding command line1
  2. Paste the command into eksctl.
  3. Apply the configuration in eksctl to create the accessentry.yaml file (you can copy this from the Onboard Cluster dialog): eksctl create accessentry -f accessentry.yaml
  4. In the Onboard Cluster dialog, copy the cluster-role.yaml command. k8s onboarding command line2
  5. Paste the command into kubectl. If desired, you can run the kubectl config command now to make sure you are in the correct cluster before applying the configuration.
  6. Apply the configuration in kubectl to create the cluster-role.yaml file (you can copy this from the Onboard Cluster dialog). This gives the Controller permission to view the individual nodes in the cluster. kubectl apply -f cluster.role.yaml
  7. Go back to Onboarding a Cluster via Authentication Method (AWS only) to complete the onboarding process.

Upload Kubeconfig File

Ensure that the kubeconfig file has the proper permissions before attempting to onboard the cluster.
  1. In the Onboard Cluster dialog, select the kubeconfig file to upload.
  2. Click Onboard.

Azure

If you are onboarding an Azure (AKS) cluster, you authenticate its configuration by uploading a kubeconfig file.

Onboarding an Azure (AKS) Cluster

  1. On the Cloud Assets > Kubernetes Clusters tab, click Onboard next to a discovered Azure (AKS) Kubernetes cluster.
  2. In the Onboard Cluster dialog, select one of the following:
  • Permissions on Cloud Account: Select if you have already configured RBAC authentication for your AKS cluster in your Azure cloud account.
  • Kubeconfig File: Select a kubeconfig file to upload. Ensure that the kubeconfig file has the proper permissions before attempting to onboard the cluster.
  1. Click Onboard.
You can now create Kubernetes SmartGroups.

Editing a Kubernetes Cluster

You can only edit the name of manually onboarded Kubernetes clusters.