Skip to content

Service Account Token

The agentless collector can use a token to communicate with the cluster. It would have the permissions of the ServiceAccount configured.

Connecting Vaticy to the EKS cluster

Start by choosing the Service Account Token option:

choosing-service-account-token-auth-mode

Now please follow the general instructions about Creating a CloudFormation Stack. Continue from here when you are done.

You should see a dialog explaining how to configure the ClusterRole, ClusterRoleBinding and the ServiceAccount:

configure-sa-token

The first kubectl command will deploy the 3 objects from above onto your Kubernetes cluster:

kubectl apply -f https://raw.githubusercontent.com/vaticyai/integrations-resources/main/eks/service-account-token/rbac.yaml

Then you will create an initial token for Vaticy to integrate with:

kubectl create token vaticy-cluster-viewer --duration 1h -n default

Note: The token will be used to re-create tokens in the future to maintain a steady connection to the cluster. Deleting the ServiceAccount will make the tokens not usable, thus Vaticy loosing the ability to communicate with the cluster.

Fill the token in the placeholder:

generating-token-from-sa

When you are done, press the Create Data Source button.

Now please read the Status page to check the status of the new deployed agentless collector.