Depending on the configuration the following prerequisites are necessary for the scan of a Kubernetes cluster:
•A machine that is either part of a Kubernetes Cluster or a single node cluster (otherwise the machine does not contain any Kubernetes inventory data).
•A user that has root privileges.
•A password for the user or alternatively an SSH-Key.
•The SSH port (only if the used port differs from the default port).
In order to access the infrastructure a .kubeconfig file on the scanned system is needed.
The file location can either be defined using the environment variable KUBECONFIG or by using a specific file name and a specific location.
Example:
When using OpenShift the .kubeconfig file can generally be found at /etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrests/node-kubeconfigs. Usually, this file will be named localhost.kubeconfig.
If this file cannot be found, the folder will be searched for further files ending with .kubeconfig and choosing one of those. If no such file can be found in the folder or if the folder does not exist (standard Kubernetes), then each user folder located underneath /home will be searched for a folder named "kube" containing a file named "config".
Usually it is not possible to perform a Kubernetes scan without such a configuration file.
|
Be aware: Either the kubectl or the oc command needs to be present within the devices PATH variable! |
