Overview
Use the Kubernetes Cloud Discovery app to gain visibility into cloud resources such as Namespace, Pods, and more across your AWS cluster endpoints.
Description
The Kubernetes Discovery App discovers virtual assets across your AWS cluster accounts and syncs them into the Freshservice CMDB. It provides a single pane of glass to view and manage your cloud resources. The resources discovered currently include,
Namespace
Node
Job
Service
Deployment
ConfigMap
CronJob
ReplicaSet
StatefulSet
DaemonSet
Pod
Prerequisites
Before installing and authenticating the Kubernetes Cloud Discovery in Freshservice, you will need to provide the following input:
Role Arn
Steps to obtain the Role Arn
1. Login to the AWS Management Console
2. Navigate to Services > IAM > Roles > Create role. For guidance on AWS IAM role chaining, refer to AWS IAM Role Chaining.
3. Now, to assign permissions for the created role to be assumed by the FS Account Role,, navigate to IAM > Roles > Select the created role > Add Permissions > Create Inline policy
4. Click on the Json tab, add the Permissions below, and select Next.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"eks:ListClusters",
"eks:DescribeCluster",
"eks:AccessKubernetesApi",
"eks-auth:AssumeRoleForPodIdentity"
],
"Resource": "*"
}
]
}
5. Enter the name of the policy and click on Create Policy.
6. Now, attach the FS role ARN to the selected role ARN in the trust relationship, click on "Edit Trust Policy," and enter the role ARN provided by Freshservice based on the regions.
For Freshservice accounts in the AU region :
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::521002495713:role/AU-PROD-1-25-node-role",
"arn:aws:iam::521002495713:role/au-prod-eks-1-29-node-role"
]
},
"Action": "sts:AssumeRole"
}
]
}
For Freshservice accounts in the US region :
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::521002495713:role/US-PROD-1-25-node-role",
"arn:aws:iam::521002495713:role/us-prod-eks-1-29-node-role"
]
},
"Action": "sts:AssumeRole"
}
]
}
For Freshservice account in the IND region :
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::521002495713:role/IND-PROD-1-25-node-role",
"arn:aws:iam::521002495713:role/ind-prod-eks-1-29-node-role"
]
},
"Action": "sts:AssumeRole"
}
]
}
For Freshservice account in the EUC region :
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::521002495713:role/euc-prod-eks-1-29-node-role",
"arn:aws:iam::521002495713:role/EUC-PROD-1-25-node-role"
]
},
"Action": "sts:AssumeRole"
}
]
}
7. Finally, click on the Update policy to save it.
Steps to Provide Permission to the Cluster
8. Navigate to the cluster that needs to be discovered and select access.
9. Click on Manage access and ensure the authentication mode is EKS API and Config map.
10. On the same screen, Click on Create access entry and enter the created role ( created in step 2) and then Click Next
11. Enter AmazonEKSClusterAdminPolicy as policy and set the access Scope as Cluster and again click on Next
12. Click on create to save the access entry
13. Make sure to copy the RoleARN for the created role, as you will need it to install the AWS Kubernetes app in Freshservice later.
Steps for Kubernetes Discovery Installation in Freshservice
1. Navigate to your Freshservice portal > Admin > Cloud Management > Kubernetes app
2. Click on Install → Add new and enter the following details
Provider: AWS
Configuration name: As per your reference
Role ARN: Paste the Role ARN that was copied from the “ Obtain the Role ARN step 3”
3. Finally, click on Add to save the configurations.
