Difference between revisions of "ServiceNow Kubernetes discovery"

From wikieduonline
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
== EKS ==
 
== EKS ==
 
1) [[K8s service account]] (<code>[[kind: ServiceAccount]]</code>)
 
1) [[K8s service account]] (<code>[[kind: ServiceAccount]]</code>)
 +
* [[Creating an IAM OIDC provider for your EKS cluster]]: <code>[[aws iam create-open-id-connect-provider]]</code>
 
** AWS IAM role. with policy [[EKSReadOnly]]
 
** AWS IAM role. with policy [[EKSReadOnly]]
** <code>[[eksctl create iamidentitymapping]] --cluster yourClusterName --arnarn:aws:iam::yourAccountID:role/yourIAMRoleName --username read-only-user</code>
+
** <code>[[eksctl create iamidentitymapping]] --cluster yourClusterName --arn arn:aws:iam::yourAccountID:[[role/]][[yourIAMRoleName]] --username read-only-user</code>
 
 
* [[Creating an IAM OIDC provider for your EKS cluster]]
 
 
* [[Configuring a Kubernetes service account to assume an IAM role]]
 
* [[Configuring a Kubernetes service account to assume an IAM role]]
  
2) <code>sn_itom_pattern.k8s_aws_cli_to_generate_token</code>
+
2) <code>[[sn_itom_pattern.k8s_aws_cli_to_generate_token]]</code>
 
*With CLI: <code>[[aws eks get-token --cluster-name]]</code>
 
*With CLI: <code>[[aws eks get-token --cluster-name]]</code>
  
Line 23: Line 22:
 
* <code>[[kubectl cluster-info]]</code>
 
* <code>[[kubectl cluster-info]]</code>
 
* <code>[[kubectl cluster-info]] | grep "Kubernetes control plane"</code>
 
* <code>[[kubectl cluster-info]] | grep "Kubernetes control plane"</code>
 +
 +
== Related activities ==
 +
* [[Enabling IAM principal access to your cluster]]
 +
* [[Access Kubernetes REST API using default token]]
 +
* [[IAM Roles for Service Accounts (IRSA) in EKS]]
 +
* [[How Amazon EKS works with IAM]]
 +
* [[TOI: EKS cluster discovery using STS AssumeRoles (Without AWS CLI)]], <code>[[sn_itom_pattern.k8s_aws_cli_to_generate_token]]</code>
  
 
== Related ==
 
== Related ==
* <code>[[kubectl config view]]</code>
+
* <code>[[kubectl config view]]</code>, <code>[[kubectl cluster-info]] | grep "Kubernetes control plane"</code>
* <code>[[kubectl cluster-info]] | grep "Kubernetes control plane"</code>
 
* [[Enabling IAM principal access to your cluster]]
 
 
* <code>[[kubectl -n kube-system describe secret]]</code>
 
* <code>[[kubectl -n kube-system describe secret]]</code>
* [[Access Kubernetes REST API using default token]]
 
 
* [[Base64]]: <code>[[kubectl get secret]] --namespace default grafana -o jsonpath="{.data.admin-password}" | [[base64 --decode]] ; echo</code>
 
* [[Base64]]: <code>[[kubectl get secret]] --namespace default grafana -o jsonpath="{.data.admin-password}" | [[base64 --decode]] ; echo</code>
* [[IAM Roles for Service Accounts (IRSA) in EKS]]
+
* <code>[[cluster-read-only-role]]</code>
  
 
== See also ==
 
== See also ==

Latest revision as of 09:58, 2 November 2023

EKS[edit]

1) K8s service account (kind: ServiceAccount)

2) sn_itom_pattern.k8s_aws_cli_to_generate_token

3)

  • sn_itom_pattern.k8s_midserver
  • sn_itom_pattern.k8s_create_schedule_enabled

4) XXX

5) ServiceNow AWS Cloud Discovery: https://docs.servicenow.com/en-US/bundle/vancouver-it-operations-management/page/product/discovery/concept/aws-cloud-discovery.html

K8s[edit]

Related activities[edit]

Related[edit]

See also[edit]

Advertising: