Connect to Kubernetes

Last modified on October 4, 2023

This page provides instructions on how to connect to a Kubernetes cluster and use kubectl via StrongDM.

Prerequisites

Before you begin, ensure that your StrongDM administrator has granted you access to at least one Kubernetes cluster.

The Connection Process

Open the StrongDM Desktop application and log in.
Connect to the Kubernetes cluster by either clicking the cluster’s display name in the desktop app or running sdm connect <KUBERNETES_CLUSTER_NAME> in the CLI.
Note that it is not necessary to run either the sdm connect or sdm disconnect commands for this resource except in specific instances.
Update the kubectl configuration using either the desktop app or the CLI.
- If using the desktop app, go to the Account menu and select Update kubectl configuration.
The Update kubectl configuration option is displayed if cluster resources are available to you. This option adds StrongDM-specific sections to your existing ~/.kube/config file or creates a new one if it does not yet exist. Note that you need kubectl to be in your PATH before starting the desktop app and/or CLI in order for this option to work.
- If using the CLI and you want to update the config file for all clusters to which you are currently connected through StrongDM, run:
```
sdm kubernetes update-config
```
- If using the CLI and you want to add or update the config file for a single cluster, run the same command but additionally specify the cluster name as a parameter:
```
sdm kubernetes update-config <CLUSTER_NAME>
```
If this command fails, see section Manual Configuration Update.

Once you have updated your kubectl configuration and are connected, you should be able to run kubectl commands directly on the StrongDM-managed cluster.

Example:

$ kubectl get pods
NAME                                     READY     STATUS    RESTARTS   AGE
imprecise-bunny-mysql-6b65b5ff54-wflb9   1/1       Running   0          38d
imprecise-bunny-mysql-test               0/1       Pending   0          17d
redis-master-6b464554c8-9w7k8            1/1       Running   0          34d
shell-demo                               1/1       Running   0          39d

Manual Configuration Update

If the Update kubectl configuration option fails, it is likely because you are using a separate Kubernetes configuration manager. In this case, you can manually update your ~/.kube/config file as follows.

For each Kubernetes cluster you wish to configure, record its port as reported in the Admin UI or the CLI after running sdm status.

In your config file for each cluster:

Add a cluster item:

- cluster:
server: http://localhost:port
name: cluster-name

Add a context item:

- context:
cluster: sdm-k8s-1
user: sdm-user
name: StrongDM Kubernetes 1

Add a single user item for the sdm-user name:
```
 - name: sdm-user
user: {}
```

Save and exit the editor.

Now you should be able to switch contexts to a StrongDM-managed cluster and connect normally.

Example

The following is an example of a kubectl configuration file with two StrongDM-managed clusters.

apiVersion: v1
clusters:
- cluster:
  server: http://localhost:<port1>
  name: sdm-k8s-1
- cluster:
  server: http://localhost:<port2>
  name: sdm-k8s-2
contexts:
- context:
  cluster: sdm-k8s-1
  user: sdm-user
  name: StrongDM Kubernetes 1
- context:
  cluster: sdm-k8s-2
  user: sdm-user
  name: StrongDM Kubernetes 2
current-context: StrongDM Kubernetes 1
kind: Config
preferences: {}
users:
- name: sdm-user
  user: {}

Connect to Kubernetes

Prerequisites #

The Connection Process #

Manual Configuration Update #

Example #

Prerequisites

The Connection Process

Manual Configuration Update

Example