Kubescape CLI integration with cloud providers

AWS - EKS

CLI

Kubescape EKS integration is based on the official AWS Go SDK and it supports authentication based on the local execution context of the CLI:

  • ~/.aws/credentials file or
  • AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables or
  • in case of EC2 instances, access to IAM role through EC2 metadata service

The way EKS authentication is constructed, Kubescape EKS integration should work automatically from any shell where from you are accessing your cluster.

Troubleshooting

Make sure that you have cluster access through:

kubectl get nodes

Make sure you have the proper EKS related IAM roles in AWS CLI itself:

aws eks describe-cluster --name <cluster name> --region <cluster region>

Cluster component

Cluster component is based on the CLI and therefore expects the same mechanisms in its execution context.

We are going to add an example of authorization via EKS IAM roles for service account, stay tuned!

GCP - GKE

CLI

Kubescape GKE is based on the official GCP SDK and it supports authentication based on the local execution context of the CLI:

  • GOOGLE_APPLICATION_CREDENTIALS environment variable or
  • ~/.config/gcloud/application_default_credentials.json file

Make sure that one of them is defined properly in the execution context of Kubescape.

If you're missing the application_default_credentials.json, but you do have GCP access from the shell, run the following command to create it:

gcloud auth application-default login

Troubleshooting

Make sure that this command works

gcloud container clusters describe <cluster name> --zone <cluster zone> --project <GCP project>

Cluster component

Cluster component is based on the CLI and therefore expects the same mechanisms in its execution context.

We are going to add an example of authorization via service account, stay tuned!

Azure - AKS

Kubescape does not yet support integration with AKS, stay tuned!


Did this page help you?