Difference between revisions of "ServiceNow Kubernetes discovery"
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
* [[Creating an IAM OIDC provider for your EKS cluster]]: <code>[[aws iam create-open-id-connect-provider]]</code> | * [[Creating an IAM OIDC provider for your EKS cluster]]: <code>[[aws iam create-open-id-connect-provider]]</code> | ||
** AWS IAM role. with policy [[EKSReadOnly]] | ** AWS IAM role. with policy [[EKSReadOnly]] | ||
| − | ** <code>[[eksctl create iamidentitymapping]] --cluster yourClusterName -- | + | ** <code>[[eksctl create iamidentitymapping]] --cluster yourClusterName --arn arn:aws:iam::yourAccountID:[[role/]][[yourIAMRoleName]] --username read-only-user</code> |
* [[Configuring a Kubernetes service account to assume an IAM role]] | * [[Configuring a Kubernetes service account to assume an IAM role]] | ||
| − | 2) <code>sn_itom_pattern.k8s_aws_cli_to_generate_token</code> | + | 2) <code>[[sn_itom_pattern.k8s_aws_cli_to_generate_token]]</code> |
*With CLI: <code>[[aws eks get-token --cluster-name]]</code> | *With CLI: <code>[[aws eks get-token --cluster-name]]</code> | ||
| Line 28: | Line 28: | ||
* [[IAM Roles for Service Accounts (IRSA) in EKS]] | * [[IAM Roles for Service Accounts (IRSA) in EKS]] | ||
* [[How Amazon EKS works with IAM]] | * [[How Amazon EKS works with IAM]] | ||
| − | * [[TOI: EKS cluster discovery using STS AssumeRoles (Without AWS CLI)]] | + | * [[TOI: EKS cluster discovery using STS AssumeRoles (Without AWS CLI)]], <code>[[sn_itom_pattern.k8s_aws_cli_to_generate_token]]</code> |
== Related == | == Related == | ||
| Line 34: | Line 34: | ||
* <code>[[kubectl -n kube-system describe secret]]</code> | * <code>[[kubectl -n kube-system describe secret]]</code> | ||
* [[Base64]]: <code>[[kubectl get secret]] --namespace default grafana -o jsonpath="{.data.admin-password}" | [[base64 --decode]] ; echo</code> | * [[Base64]]: <code>[[kubectl get secret]] --namespace default grafana -o jsonpath="{.data.admin-password}" | [[base64 --decode]] ; echo</code> | ||
| − | |||
* <code>[[cluster-read-only-role]]</code> | * <code>[[cluster-read-only-role]]</code> | ||
Latest revision as of 09:58, 2 November 2023
Contents
EKS[edit]
1) K8s service account (kind: ServiceAccount)
- Creating an IAM OIDC provider for your EKS cluster:
aws iam create-open-id-connect-provider- AWS IAM role. with policy EKSReadOnly
eksctl create iamidentitymapping --cluster yourClusterName --arn arn:aws:iam::yourAccountID:role/yourIAMRoleName --username read-only-user
- Configuring a Kubernetes service account to assume an IAM role
2) sn_itom_pattern.k8s_aws_cli_to_generate_token
- With CLI:
aws eks get-token --cluster-name
3)
- sn_itom_pattern.k8s_midserver
- sn_itom_pattern.k8s_create_schedule_enabled
4) XXX
5) ServiceNow AWS Cloud Discovery: https://docs.servicenow.com/en-US/bundle/vancouver-it-operations-management/page/product/discovery/concept/aws-cloud-discovery.html
K8s[edit]
kubectl cluster-infokubectl cluster-info | grep "Kubernetes control plane"
Related activities[edit]
- Enabling IAM principal access to your cluster
- Access Kubernetes REST API using default token
- IAM Roles for Service Accounts (IRSA) in EKS
- How Amazon EKS works with IAM
- TOI: EKS cluster discovery using STS AssumeRoles (Without AWS CLI),
sn_itom_pattern.k8s_aws_cli_to_generate_token
Related[edit]
kubectl config view,kubectl cluster-info | grep "Kubernetes control plane"kubectl -n kube-system describe secret- Base64:
kubectl get secret --namespace default grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo cluster-read-only-role
See also[edit]
Advertising:
