LogoLogo
HomePricingSelf-hosted docsAPI docsLogin
  • Home
  • Login to hava
  • Developer
  • Getting Started
    • Quickstart
      • Create New Account
      • Import Demo Data
      • Creating Environments
      • Exporting Diagrams
  • AWS Marketplace
  • Using Hava
    • Providers & Sources
    • Environments
      • Creating Environments
      • Filtering Environments
  • Importing Data
    • Demo Data
    • AWS
      • Getting Started with AWS
        • Cross Account Role
        • Read Only IAM User
        • Minimum Access IAM User
      • AWS Supported Resources
      • AWS Views
        • Infrastructure
        • Security
        • Container - ECS
        • List
    • Azure
      • Getting Started with Azure
        • Powershell
        • Azure Portal
      • Azure Supported Resources
      • Azure Views
        • Infrastructure
        • Azure Security View
        • List
    • Google Cloud
      • Getting Started with GCP
        • Service Account
        • Import Multiple Projects
        • Enabling APIs
      • GCP Supported Resources
      • GCP Views
        • Infrastructure
        • List
    • Kubernetes
      • Getting Started with Kubernetes
        • Read Only Kubeconfig
        • Automatic Import of Managed Kubernetes
          • AWS EKS Cluster Configuration
        • Converting certificate files to certificate data fields
      • Kubernetes Supported Resources
      • Kubernetes Views
        • Container
        • List
    • Import Errors
  • Discover
    • Importing
    • Searching
      • Search Overview
      • Search Syntax
        • VPC Search
        • Wildcard Search
        • Tag Search
        • Deep Search
      • Search Examples
        • Discover Resources From Regions
        • Create a multiple VPC diagram
        • Defining Custom Environments
    • Versioning
      • Tracking Changes in Cloud Architecture
    • Manual Sync
  • Diagram
    • Listing Environments
      • Filtering Environments
      • Favouriting Environments
    • Viewing Environments
      • Diagram Controls
      • Diagram Layout
      • Switch Between Views
      • Diagram Canvas Resource Filters
    • Draw Custom Connections
  • Diagnose
    • Architectural Monitoring Alerts
    • Attributes
    • Cost Estimation
    • Diff View - Comparing Diagrams
    • Infrastructure
      • View Route Tables
      • View ACLs
      • View Security Groups
    • Reports
      • AWS Compliance Reports
  • Document
    • Environment Notes
    • Embed
    • Exporting Diagrams
    • Edit
      • Draw.io
  • Collaboration
    • Teams
    • Inviting Users
    • Disabling users
    • SSO/SAML
      • Overview
      • Azure AD - SAML Setup
      • Azure AD - OIDC Setup
      • Okta - SAML Setup
      • Okta - OIDC Setup
      • Trouble Shooting SSO
    • Project folders
  • Integrations
    • AWS Control Tower
    • CLI
    • Confluence Cloud
    • GitHub
    • Terraform
  • API
    • API Docs
  • Account & Billing
    • Types Of Hava Accounts
    • Change Subscription
    • Switch to AWS marketplace
    • Change Password
    • MFA
    • Download Invoice
    • Cancel Account
    • Account Audit Log
  • Quick Look
    • Quick AWS Overview
    • Security Overview
    • Customize the Hava Dashboard
Powered by GitBook
On this page
  • 1. Create a read-only cluster role
  • 2. Update cluster auth configuration
  • 3. Trigger sync on your source

Was this helpful?

  1. Importing Data
  2. Kubernetes
  3. Getting Started with Kubernetes
  4. Automatic Import of Managed Kubernetes

AWS EKS Cluster Configuration

Guide for configuring AWS EKS for Hava

PreviousAutomatic Import of Managed KubernetesNextConverting certificate files to certificate data fields

Last updated 2 years ago

Was this helpful?

Unfortunately AWS IAM does not support giving a role or user access to the EKS clusters from the parent account, so a config change has to be added to each cluster. This guide will step you through setting up a clusterrole with the appropriate access, binding it to a Kubernetes group, and connecting it to an AWS role for access using AWS IAM.

In this guide we use eksctl to apply changes to the aws-auth config map, you can do this directly as well if you don't have eksutil installed. See for more information about modifying aws-auth

1. Create a read-only cluster role

First we will create a new read-only cluster role and bind it to a group called hava-ro, which we will use later.

The below yaml manifest will set up the role and the binding, download it and apply it to your kubernetes cluster using kubectl

kubectl apply -f <file name>

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
  name: hava-ro
rules:
  - apiGroups:
      - ""
    resources: ["*"]
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources: ["*"]
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - apps
    resources: ["*"]
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - networking.k8s.io
    resources: ["*"]
    verbs:
      - get
      - list
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: hava-ro
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: hava-ro
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: hava-ro

2. Update cluster auth configuration

Next we will use eksctl to update the aws-auth config map to allow your role used for cross account access to the cluster.

Make sure you are logged in to an AWS user that has access to the cluster, and run the following command.

eksctl create iamidentitymapping --cluster <cluster name> --region=<region name> --arn <cross account role arn> --group hava-ro --username hava-ro

Replace:

<cluster name> with the name of the cluster you are updating

<cross account role arn> is the ARN of the role you provide to Hava to import your data

<region name> with the name of the cluster

3. Trigger sync on your source

Last thing to do is to trigger the synchronization for the source in the hava UI, to import your Kubernetes information and draw a container diagram for your EKS cluster

Enabling IAM user and role access to your cluster