search

GKE Agentless Setup

Learn how to connect your Google Kubernetes Engine workloads to Sedai without an agent.

Sedai independently connects to each Google Kubernetes Engine (GKE) cluster within an AWS account. GKE uses Identity and Access management (IAM) Service Accounts for authentication and Kubernetes Role Based Access Control (RBAC) for authorization.

To connect a GKE cluster to Sedai, follow these steps:

  1. Set up Cloud IAM Service Account

  2. Set up Kubernetes RBAC

  3. Fetch GKE cluster details

hashtag
Step 1: Set up Cloud IAM Service Account

GKE and the Kubernetes API call require the requesting account to have sufficient permissions. You can use Google Cloud IAM to authenticate.

The following are required in order to set up a Cloud IAM Service Account:

hashtag
Select a method to set up the Service Account:

  1. Log in to the GCP Consolearrow-up-right and select your project.

  2. Go to IAM & Admin console and select Service Account. Enter the following details and select Create.

    • Service Account Name: service-account-sedai-integration

    • Service Account ID (leave the default generated value)

    • Service Account Description

  3. Grant access to the project via the Role:

    • For Autonomous Sedai: Kubernetes Engine Developer

    • For Read-only Sedai: Kubernetes Engine Cluster Viewer

  4. Skip the optional step to grant users access to this service account.

  5. Select Done to finish setup.

  6. Click the IAM Service Account's actions menu and select Manage Keys > Add Keys > JSON. Download and save the key (this will be used to add your cluster within Sedai).

While IAM has a stronger focus on permissions at the project and organization level, it does provide several predefined roles specific to GKE:

LogoCreate IAM allow policies  |  GKE security  |  Google Cloud DocumentationGoogle Cloud Documentationchevron-right

hashtag
Step 2: Set up Kubernetes RBAC

circle-exclamation

This step requires kubectl access.

IAM and Kubernetes RBAC work together to help manage access to your cluster. RBAC controls access on a cluster and namespace level, while IAM works on the project level. An entity must have sufficient permissions at either level to work with resources in your cluster.

Download the manifest based on your preferred cloud access for setting up Kubernetes RBAC and apply it in your cluster:

circle-info

You can control whether Sedai can make changes on your behalf from the Settings page.

  1. Download the Kubernetes Resource Manifest YAML file:

2. Edit the YAML file and update the ClusterRoleBinding Name with the IAM Service Account Name created in the previous step.

3. Apply the updated manifests in your GKE Cluster (this will create the ClusterRole and ClusterRoleBindings in your cluster):

hashtag
Step 3: Fetch GKE Cluster Details

  1. Log in to the GCP Console and select Project.

  2. Navigate to the GKE Dashboard and select the cluster.

  3. Go to the Cluster basics tab. Copy the Name, Endpoint URL, and Cluster Certificate.

When you're done, navigate to Settings > Integrations and select the Add Cloud button. Follow the prompts to add a GKE cluster.

circle-info

In the cluster integration screens, Sedai automatically generates Helm and kubectl commands to deploy the Smart Agent within your cluster. Underneath the commands is an option to switch to agentless setup.

Last updated

Was this helpful?