Onboard your Kubernetes clusters with PingSafe

This article summarises steps to link your cloud managed Kubernetes clusters with PingSafe for enabling Kubernetes security.

  1. Navigate to the Containers page and click on Kubernetes Clusters.
    Container_dark mode
  2. PingSafe will list all your Kubernetes cluster across all your cloud accounts. You can choose to filter the listed clusters by Cloud Providers and Cloud Accounts.
  3. Select the cluster you want to onboard by clicking on the toggle button under Connected menu.
    Screenshot 2023-02-17 at 10.29.16 AM
  4. Ensure that you have the following command line tools set up in your system
    1. Cloud Provider CLI (aws/gcloud)
    2. kubectl
    3. Utility tools - jq, sed, grep, awk, base64 and curl.
  5. Ensure that your cloud CLI account has the permissions to list, get and create the following objects for the selected cluster - namespace, clusterrole, serviceaccount, clusterrolebinding, secret and deployment.
  6. Download and Run the Bash script in Terminal/Windows Powershell as mentioned.


    For Powershell scripts if the below command doesn't work then please try changing the extension of the script file from .pwsh to .ps1 - because some operating systems recognise ps1 files as powershell scripts.

    The parameters provided in the below commands are optional. If they're not provided we'll put default values in their place.

    AWS Shell Script    
    sh <script_name>.sh -aws_account_id=<awsAccountId> -aws_profile=<profile>
    AWS Powershell Script    
    pwsh <script_name>.pwsh -aws_account_id <awsAccountId> -aws_profile <profile>
    GCP Shell Script    
    sh <script_name>.sh -gcp_project_id=<googleProjectId>
    GCP Powershell Script    
    pwsh <script_name>.pwsh -gcp_project_id <googleProjectId>
    Azure Shell Script    
    sh <script_name>.sh -azure_subscription_id=<subscription> -azure_resource_group=<resource_group>
    Azure Powershell Script    
    pwsh <script_name>.pwsh -azure_subscription_id <subscription> -azure_resource_group <resource_group>


    1. One example of what a final Shell command looks like:

      sh -aws_account_id=8655019123 -aws_profile=test
    2. One example of what a final Powershell command looks like:

      pwsh sample-cluster_PingSafe.ps1 -aws_account_id 8655019123 -aws_profile test


  7. This Bash script will create a service account in the selected cluster with get, list and watch permissions. Below is the configuration of the service account that will be created.

    service_account (1)
  8. For private clusters, PingSafe will create a deployment to create a reverse proxy for communicating with the cluster's api server. Here is the configuration of the deployment.
  9. The script will generate a file named ${cluster_name}-${cluster_location}-${aws_account_id}-config.yaml for AWS and ${cluster_name}-${cluster_location}-${gcloud_project}-config.yaml got GCP.
  10. Upload this file and click on Submit to complete the process.

    step8 (1)