The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

K8s Cluster Access

You can enable secure remote access to a K8s cluster based on the dynamic secret that generates ephemeral credentials for K8s cluster. Users can then access K8s cluster from the Secure Remote Access Portal, either over the web or using K8s native CLI.

Prerequisite

Set Up Remote Access to a K8s cluster from the Akeyless CLI

Let's set up remote access to a K8s cluster using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Console instead.

  1. Run the update-item command to define the following fields on the dynamic secret that specifies the K8s cluster details and access credentials:
$ akeyless update-item --name <K8s dynamic secret name> /
--secure-access-enable true /
--secure-access-bastion-issuer <Path to SSH Certificate Issuer>
--secure-access-cluster-endpoint < K8s cluster endpoint URL> /
--secure-access-allow-port-forwading <true/false>

where:

  • secure-access-bastion-issuer: Required to enable CLI access. The path to the SSH certificate issuer that should be used for certificate authentication.
  • secure-access-cluster-endpoint: The K8s cluster endpoint URL.
  • secure-access-allow-port-forwading: Optional, enable Port forwarding while using CLI access.

For Kubernetes Generic Dynamic Secrets you can have secure remote access for your K8s dashboard URL:

  • secure-access-dashboard-url: The K8s dashboard URL available only for Generic K8s.
  • secure-access-web-browsing : Optional, secure web browsing over isolated web browser available only for clients with Web Access Bastion.

Set Up Remote Access to a K8s Cluster from the Akeyless Console

Let's set up remote access to a K8s cluster from the Akeyless Console. If you'd prefer, see how to do this from the Akeyless CLI instead.

  1. Log in to the Akeyless Console and go to Secrets & Keys.

  2. Select the dynamic secret that specifies the K8s cluster details and access credentials.

  3. Expend the Secure Remote Access menu, select the pencil icon and enable the Secure Remote Access ,then fill the following fields:

For GKE Dynamic Secrets or EKS Dynamic Secrets:

  • Cluster Endpoint URL: Required, your K8s cluster URL.
  • bastion-issuer: Required to enable CLI access. The path to the SSH certificate issuer that should be used for certificate authentication.
  • Allow Port Forwarding: Optional, enable port forwarding via kubectl.

For Kubernetes Generic Dynamic Secrets:

  • Cluster Endpoint URL: Required, your K8s cluster URL.

For Web Access:

  • Dashboard URL: Required, to enable secure remote access to your K8s dashboard.

  • Secure Web Browsing: Optional, secure web browsing over isolated web browser available only for clients with Web Access Bastion.
    For CLI Access:

  • bastion-issuer: Required to enable CLI access. The path to the SSH certificate issuer that should be used for certificate authentication.

  • Allow Port Forwarding: Optional, enable port forwarding via kubectl.

From any terminal which have Akeyless Connect configured, you can run the following command:

akeyless connect -t <cluster endpoint without https:// > -n <dynamic-secret-name> -v <professional-bastion-address:port>

Updated about a month ago

K8s Cluster Access


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.