Adding a Kubernetes Cluster

Adding a Kubernetes cluster will take place in both the Admin UI and on the API server you’re adding to the strongDM network.

  1. Before beginning, ensure that them Kubernetes API server you’re connecting is accessible from one of your strongDM relays or gateways. For more information on setting up relays, see this guide.

  2. Login to the Admin UI at https://app.strongdm.com and choose Servers on the left hand navigation.

  3. In the upper right hand section of the screen, click the ‘add server’ button. Under ‘Server Type’ select Kubernetes.

  4. Type in a Display Name. This is how the server will show up in the Admin UI—in this case, k8s-sandbox

    K8s setup 1

    Note: Some Kubernetes management interfaces, such as Visual Studio Code, do not function properly with cluster names containing spaces. If you run into problems, please choose a name without spaces for this field.

  5. Enter the hostname or IP address of the Kubernetes API server. It’s imperative that the entry you choose for Hostname is one that the relay server can connect to. To verify this, hop on the relay server, and from a command prompt, type: $ nc -z <HOSTNAME> <PORT> If your relay can connect to this hostname, you’ll be able to proceed—in this case, api.kubernetes.strongdm.rocks

  6. Enter the port to connect to the API server: by default, 443.

  7. In the following three fields, enter the Server Certificate, Client Certificate, and Client Key. In each case you can either paste in the certificate or key directly or in Base64 encoding, or upload a file (in PEM format).

    K8s setup 2

    You can either generate these certificates/keys on the API server or get them from your existing Kube config. In ~/.kube/config, you can find the server and client certs and keys in Base64 format. Server certificate:

       - cluster:
           certificate-authority-data: ... SERVER CERT BASE64 ...
    

    The client keys are in another section of the config:

       - name: clusterUser_StrongDM_whatever
         user:
           client-certificate-data: ... CLIENT CERT BASE64...
           client-key-data: ... CLIENT PRIVATE KEY BASE64...
    

    NOTE: When your users connect to this cluster, they will have exactly the rights permitted by this these Kubernetes client keys.

  8. Click the ‘create’ button. Once this is done, the Admin UI will update and show your new server in a green or yellow state. If yellow, click the ‘pencil’ icon to right of the server to re-open the ‘Connection Details’ screen then click ‘Diagnostics’ to determine where the connection is failing.

If any errors occur, please copy them into an email and send to support@strongdm.com.