Onboarding an EKS Cluster
- Print
- PDF
Onboarding an EKS Cluster
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
This article describes the steps involved in onboarding an Amazon Elastic Kubernetes Service (EKS) cluster to Britive.
Britive configuration
- Login to Britive with administrator privileges.
- Click Admin -> Application and Access Profile Management.
- From the Tenant Applications page, click on CREATE APPLICATION.
- On Add Application page, click Add (+) sign inline to the Kubernetes application.
- In the Application tab, enter the following values:
- Enter the Application Name.
- Enter the Application Description, if required.
- Click NEXT. The Settings tab is displayed.
- Check Display programmatic access keys to allow the user to copy the credentials to the clipboard after they check out programmatic access profiles. Users can only access the keys through CLI or scripts if the option is not selected.
- Click SAVE.
- Click the CREATE ENTITY button.
- Enter the following details in the Create Environment/Environment Group page:
- Select Environment in the Entity Type.
- Enter Entity Name.
- Enter Entity Description.
- Click SAVE.
- On the Settings tab, Britive automatically creates OIDC attributes to use when setting up the federation trust with the EKS cluster. In the next steps, you need to add these attributes to the EKS cluster.
- Enter the API server endpoint in the Kubernetes API Server URL. Copy this URL from the EKS Admin portal, Overview tab. For more information about getting this URL, see Amazon EKS cluster endpoint.
- Enter Certificate authority information in the Certificate (CA Cert). You can get the certificate authority information from the EKS admin portal, Overview tab.
Cluster configuration
- On the EKS admin dashboard, click Associate Identity Provider in the OIDC identity provider section on the Access tab.
- Enter the name. For example, britive.
- Copy over the Issuer URL and Client ID attributes from the Britive application configuration.
- The username should map to the “sub” claim from the token and the group memberships will be available on the “groups” claim.
Was this article helpful?