Kubernetes
Keeper Connections - Kubernetes
Overview
KeeperPAM enabled zero-trust privileged session management for Kubernetes containers using Kubernetes' REST API. This guide shows how to configure Kubernetes connections on your PAM Machine Records in the Keeper Vault. Secure Kubernetes sessions are established from the Vault, through the Keeper Gateway, and directly to the target container.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
The PAM Configuration contains information of your target infrastructure
The PAM Machine record contains information of the endpoint you want to establish a Kubernetes REST API connection to.
The PAM User record contains the user credentials that will be used to connect to the endpoint
PAM Settings - Configuring Kubernetes Protocol
Accessing Connection Settings
After creating a PAM Record Type (PAM Machine, PAM Database, or PAM Directory) with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the Kubernetes protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
The following table lists all the configurable connection settings for the Kubernetes protocol on the PAM Settings:
Protocol
Required The protocol to be configured on the record. The protocol settings will be populated based on the selected protocol. In this guide, the Kubernetes protocol should be selected
Enable Connection
Required To enable connection for this record, this toggle needs to be enabled
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record
Text Session Recording (Typescript)
When enabled, text session recordings (typescript) will be enabled for this record
Include Key Events
Connection Port
The port used to establish the selected protocol connection. By default, this will be the port value defined on the PAM Machine record. The port specified here will override the default port. For Kubernetes, the port is 8080.
Namespace
The name of the Kubernetes namespace of the pod containing the container being attached to. If omitted, the namespace "default" will be used.
Pod Name
The name of the Kubernetes pod with the container being attached to.
Container Name
The name of the container to attach to. If omitted, the first container in the pod will be used.
Ignore Server Certificate
If checked, the validity of the SSL/TLS certificate used by the Kubernetes server will be ignored if it cannot be validated. By default, SSL/TLS certificates are validated.
Certificate Authority Certificate
Client Certificate
The certificate to use if performing SSL/TLS client authentication to authenticate with the Kubernetes server, in PEM format. If omitted, SSL client authentication will not be performed.
Client Key
The key to use if performing SSL/TLS client authentication to authenticate with the Kubernetes server, in PEM format. If omitted, SSL client authentication will not be performed.
Color Scheme
The color scheme to use for the terminal emulator used by Kubernetes connections. Each color scheme dictates the default foreground and background color of the terminal. Programs which specify colors when printing text will override these defaults.
Font Size
The size of the font to use, in points. By default, the size of rendered text will be 12 point.
Session Recordings - Kubernetes Protocol
Last updated
Was this helpful?