Skip to content

Kubernetes

Integrating Kubernetes with Escape's Inventory enables discovery of services running on your Kubernetes clusters.

Discovered resources

Escape discovers and monitors: - Services - Ingresses

Discovered services are analyzed to identify APIs and displayed in the services section of the inventory.

Configuration

Enable the Kubernetes integration by setting up a Private Location as a Kubernetes deployment.

Create a Service Account and ClusterRoleBinding to grant access to cluster resources:

Here is the sample YAML to create these authorizations (replace default with your target namespace):

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: escape-repeater
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: escape-repeater
rules:
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "list"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["get", "list"]
  - apiGroups: ["networking.k8s.io"]
    resources: ["ingresses"]
    verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: escape-repeater
subjects:
  - kind: ServiceAccount
    name: escape-repeater
    namespace: default # the namespace where the ServiceAccount is created
roleRef:
  kind: ClusterRole
  name: escape-repeater
  apiGroup: rbac.authorization.k8s.io

Finally, add serviceAccountName: escape-repeater to the spec section of your deployment to bind the Service Account to the pod.