HomeDocumentationProduct UpdatesProduct Roadmap
Website

Kubernetes

Out-of-the-box Kubernetes Integration

Suggest Edits

Introduction

:rocket: General Availability

This integration is generally available. To find more information about the release stages of our integrations, see Release Stages.

The Kubernetes (k8s) Integration helps you understand which version of your services is running on which cluster. It shows how the software package built in your CI/CD pipeline is deployed on your Kubernetes clusters. This integration also provides other key details of k8s objects such as the cluster configuration, jobs, stateful sets, persistent volume claims, and more.

Setup

To use the integration, a simple agent must be deployed to your cluster which scans your k8s objects and sends the information directly to LeanIX VSM.

The integration runs on a schedule. While setting up, you can specify a schedule that works for your requirements. We recommend running a scan once a day or at most every 6 hours.

πŸ“˜

How do we ensure the right k8s services belong to your deployments?

We discover the correct Kubernetes service by comparing the selector labels both of your deployment and your services to see if they have the same key and value.

Configuration in VSM & Kubernetes

The Kubernetes Integration uses a connector running within the k8s cluster to collect the data, and to then create and update information in the VSM workspace.

You can find this integration in your LeanIX VSM workspace by going to your Profile icon (upper right corner of the UI) > Settings > Integrations > Kubernetes . Follow the setup wizard to configure the Kubernetes configuration.

2558

Add cluster configuration

1. Manage or create a configuration

  • For each Kubernetes cluster, create a new "configuration" in the Integration UI in the Admin area.
  • You have to provide the cluster name set in your Kubernetes configuration.

  • Select the preferred discovery mode for your cluster scan.

πŸ“˜

Discovery Mode

  • Choosing between namespace-based and workload-based clusters depends on your specific use case, organizational structure, and requirements.
  • Namespace-based clusters are often used when you want to logically separate workloads within a single cluster, while workload-based clusters are preferred for achieving greater isolation and customization for different types of workloads.

Click "Next" to proceed.

2. Setting up the Kubernetes Connector in a cluster

  • To set up the Kubernetes Connector, deploy the open-source connector as a helm chart to every cluster you wish to scan. Make sure to use the latest version.
  • The LeanIX Kubernetes Connector is deployed via a Helm chart into the Kubernetes cluster as a CronJob.

Before you set up the Kubernetes Connector via the provided Helm chart, you must first add the Helm chart repository as shown here in this image.

2557

Installing the k8s connector

  • Next step is to provide the LeanIX API token. You can either create a new technical user or re-use a previously created token. We recommend using one technical user for all Kubernetes configurations. Please choose an expiry date that is aligned with your company's policy.
  • Once the technical user is created, the generated api-token will be immediately available in the API token field.
  • To create the Kubernetes secret, copy the command, shown in the image below, along with the LeanIX API token, and execute.
2559

Creating the technical user

3. Provision Connector using Helm Chart

  • The Connector provisioning command deploys the connector to the Kubernetes cluster.
  • You can provide a list of Namespaces that are excluded from the scan. Multiple values can be provided, separating each value with a comma, e.g. kube-system,default
    Copy the helm upgrade command from the code snippet and execute it to create a cron-job.
2554

Connector provisioning

For existing users, refer to the release notes and migration docs to upgrade from older versions to the latest version.

🚧

Major version updates

To update to a new major version, e.g. from 6.0.0 to 7.0.0, you have to manually change the command to specify version 7.0.0-latest instead of 6.0.0-latest as shown in the code snippet.

4. Start and test the connector

Trigger the Kubernetes run from the cluster by copying the generated command. Use the connector name (default: leanix-k8s-connector) as name-of-cron-job and define your own name-of-job.

2554

Start k8s run

5. Map the Data to Services

As for all the other integrations, please map the discovered items to new or existing Services, as outlined in the guide for the GitHub integration

Imported Data

The table below gives a high-level overview of the data objects that we scan per namespace in your k8s clusters.

Data Object in K8s

Including properties like

Cluster

  • name
  • k8s versions
  • OS
  • number of nodes

Namespace

  • name

Deployments

  • resource limit
  • resource request
  • corresponding kubernetes service name
  • deployment container image
  • labels
  • creation time
  • update strategy
  • number of replicas

Advanced

Compatibility

Our integration is independent of the k8s distribution you are using - whether it is self-hosted, Amazon EKS, Azure AKS, or OpenShift.

Pinning a version

Using the Helm command allows you to use the version parameter. You can choose any version you want to install by specifying the version as shown below. Alternatively, you can opt for automatic updates by setting the version to -X.0.0-latest. 

helm upgrade --version 6.3.1 --install leanix-k8s-connector leanix/leanix-k8s-connector

Downgrade to an older version

The k8s connector can be downgraded to an older version as follows.

❗️

Connector Version

If you are installing a specific older version of the Kubernetes Connector, you have to use a different URL specifying the version number. 

helm repo add leanix 'https://raw.githubusercontent.com/leanix/leanix-k8s-connector/5.0.0/helm/'

Check the current version of the k8s connector Helm chart installed on your system:

helm search repo leanix

The output of the helm search repo leanix command should look like this:

NAME                            CHART VERSION   APP VERSION     DESCRIPTION                                  
leanix/leanix-k8s-connector     5.0.0           5.0.0           Retrieves information from Kubernetes cluster

The output above shows that the installed version of k8s connector is 5.0.0.
In order to downgrade to version 4.0.0, the helm upgrade command should have version flag set to 4.0.0
For example:

helm upgrade --version 4.0.0 --install leanix-k8s-connector leanix/leanix-k8s-connector \
--set integrationApi.fqdn=app.leanix.net \
--set integrationApi.secretName=api-token \
--set args.configurationName=aks-cluster-k8s-connector \
--set args.enableIris=true \
--set args.lxWorkspace=00000000-0000-0000-0000-000000000000 \
--set args.verbose=true \

Manually upgrade to the latest version

If you want to update your connector manually you can run the helm command without specifying the version, enabling you to manually execute the command whenever a new version has been released.

helm upgrade --install leanix-k8s-connector leanix/leanix-k8s-connector \
--set integrationApi.fqdn=app.leanix.net \
--set integrationApi.secretName=api-token \
--set args.configurationName=aks-cluster-k8s-connector \
--set args.enableIris=true \
--set args.lxWorkspace=00000000-0000-0000-0000-000000000000 \
--set args.verbose=true \
--set args.blacklistNamespaces="{kube-system,default}"

Updated 6 months ago