To create a least-privileged user (LPU) for the management pack, you must complete the following tasks for the Kubernetes cluster you plan to monitor:

  • Enable Role-Based Access Control (RBAC) authorization mode
  • Install the LPU role
  • Obtain the Bearer Token

Enable Role-Based Access Control (RBAC) authorization mode

Before you can install the bluemedora-k8s-lpu.tar.gz file, your cluster must have RBAC authorization enabled.

To enable RBAC authorization mode on your cluster, start your apiserver with the following command:

Caution: In some cases, RBAC is enabled by default. If it is already enabled, continue without running this command. If it is not, proceed only after running the command.

--authorization-mode=RBAC

Install the LPU Role

Next, install the LPU role by running the following commands:

kubectl apply -f https://raw.githubusercontent.com/BlueMedoraPublic/bm-kube-lpu/master/bluemedora-lpu/bm-clusterrole.yaml
kubectl apply -f https://raw.githubusercontent.com/BlueMedoraPublic/bm-kube-lpu/master/bluemedora-lpu/bm-clusterrolebinding.yaml
kubectl apply -f https://raw.githubusercontent.com/BlueMedoraPublic/bm-kube-lpu/master/bluemedora-lpu/bm-role.yaml
kubectl apply -f https://raw.githubusercontent.com/BlueMedoraPublic/bm-kube-lpu/master/bluemedora-lpu/bm-rolebinding.yaml
kubectl apply -f https://raw.githubusercontent.com/BlueMedoraPublic/bm-kube-lpu/master/bluemedora-lpu/bm-serviceaccount.yaml

Obtain the Bearer Token

Finally, after the LPU role has been installed, you can get the Bearer Token needed when Creating a Credential (Kubernetes) by running the following command:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep bluemedora | awk '{print $1}')

What to do next

Installing the Management Pack (Kubernetes)