Cloud mode
Run KuboScore on your cluster in cloud mode.
Last updated
Run KuboScore on your cluster in cloud mode.
Last updated
The following content assumes you have installed, as well as a privileged access to your cluster.
We recommend to create a specific ServiceAccount object in your cluster to authenticate KuboScore and grant it specific permissions, but nothing prevents you from using an already existing ServiceAccount.
In this example, the ServiceAccount ksa-kuboscore will be created in the default Namespace. You are free to rename the ServiceAccount and/or to create it in another Namespace.
Kubernetes โฅ 1.24
If your cluster version equals or is over 1.24 (or if you have the LegacyServiceAccountTokenNoAutoGeneration feature gate enabled), you will have to manually generate an authentication token for the ServiceAccount.
To get your clusterโs Kubernetes version, you can use this kubectl command:
To generate an authentication token for the ServiceAccount, you need to create a Secret defined by the following YAML. Save its content in a kuboscore-secret.yaml file:
Apply the Secret on your cluster to generate the ServiceAccount token:
References:
KuboScore needs some privileges to be able to perform its analysis, therefore we need to create a ClusterRole and a ClusterRoleBinding object.
You will find below the ClusterRole definition. Create a new file called kuboscore-clusterrole.yaml and paste the content of this definition in it:
Likewise, create a kuboscore-clusterrolebinding.yaml file and paste the content of the following ClusterRoleBinding definition in it:
If you want to use a different ServiceAccount, update the values of subjects[0].name and subjects[0].namespace to match your ServiceAccount name and its Namespace.
References:
If you want to use a different ServiceAccount, update the parameters provided to the script to match your ServiceAccount name and its Namespace.
To score your cluster, we need to be able to reach it. You will find below the network restrictions that we support:
None
โ
Network whitelist
Add the following IP to the list of authorized networks: 34.141.253.143.
SSH bastion
Fully private
Once access to your cluster is configured, scoring it is pretty easy:
Signing to your account
Upload your kubeconfig file
Fill in the form
Launch the scoring!
On the cluster credentials form, we ask you for a bunch of information to be able to connect to your cluster.
Cluster description
This is a description that you can set to quickly find your cluster among other analysis.
Kubeconfig file
Bastion host
This is the IP address or DNS hostname on which your bastion is publicly exposed.
Bastion port
This is the port used for SSH connections by your bastion.
Bastion login
Bastion SSH key
KubeApi address
This is the Kubernetes API endpoint to use from inside your network in the following form:
Example:
Use KuboScore in instead
Go to
This is the kubeconfig file you should have generated for the .
This is the user login that we should use to authenticate on your bastion. If you followed to the letter, it should be kubolabs.
This is the SSH private key that was generated through for the kubolabs user.
