ConfigMap
It is possible to configure Vaticy to connect to your Kubernetes cluster with an additional ConfigMap.
The Auth ConfigMap is a Kubernetes ConfigMap that contains the authentication configuration for the cluster.
This configuration is used to authenticate the configured IAM roles and users which are attached to RBAC groups within the cluster.
If your EKS cluster is configured to use the Auth ConfigMap,
you can view the configuration by running the following command:
Connecting Vaticy to the EKS cluster
Start by choosing the Auth ConfigMap only option:
Now please follow the general instructions about Creating a CloudFormation Stack. Continue from here when you are done.
You should see a dialog explaining how to create the required ClusterRole and ClusterRoleBinding.
Then how to connect them to the IAM role:
To allow Vaticy's agentless collector to access the cluster,
you will first need to create a ClusterRole and ClusterRoleBinding that allows the agentless collector to view the resources in the cluster:
kubectl apply -f https://raw.githubusercontent.com/vaticyai/integrations-resources/refs/heads/main/eks/iam-role/clusterrole.yaml
Then,
create the ClusterRoleBinding binding the ClusterRole to a defined group:
kubectl apply -f https://raw.githubusercontent.com/vaticyai/integrations-resources/refs/heads/main/eks/iam-role/crb.yaml
Finally,
you will need to add the following block to the mapRoles section of the Auth ConfigMap:
mapRoles: |
- userarn: arn:aws:iam::<account-id>:role/Vaticy-EKS-Viewer-<cluster-name>-<region>
groups:
- vaticy
Note: Deleting the
IAMwill makeVaticylose the ability to communicate with the cluster.
The ClusterRole and ClusterRoleBinding can be changed to have the rules that you want the agent to have.
When you are done,
press the Create Data Source button.
Now please read the Status page to check the status of the new deployed agentless collector.