Kubernetes

To get started quickly, please follow the quickstart guide.

Connect

Infra supports multiple configuration methods for connecting Kubernetes clusters, and can be installed via Helm.

Adding Infra Helm repository:

helm repo add infrahq https://helm.infrahq.com
helm repo update

To make changes for the different ways to configure Infra, please modify the helm values file as instructed below.

Remember to fill in the Infra Access Keys in the values file.

External Load Balancer (Default)

service:
  type: LoadBalancer

Apply the updated helm values file:

helm upgrade --install infra-connector infrahq/infra -f values.yaml

Internal Load Balancer

Infra can be configured to use an internal load balancer for Kubernetes clusters inside private networks.

Please download the example helm values file, and make the following modifications within the file.

service:
  type: LoadBalancer
  annotations:
    # If using Google GKE
    cloud.google.com/load-balancer-type: Internal

    # If using AWS EKS
    service.beta.kubernetes.io/aws-load-balancer-scheme: internal

    # If using Azure AKS
    service.beta.kubernetes.io/azure-load-balancer-internal: true

Apply the updated helm values file:

helm upgrade --install infra-connector infrahq/infra -f values.yaml

Node Port

service:
  type: NodePort

Apply the updated helm values file:

helm upgrade --install infra-connector infrahq/infra -f values.yaml

Authentication

Infra automatically generates the current user's Kubernetes Kubeconfig for all the connected clusters when running infra login:

infra login

infra login also respects the KUBECONFIG variable.

KUBECONFIG=~/.kube/custom-config infra login

Switching Kubernetes clusters

Infra supports Kubernetes natively, and all existing tools that work with Kubernetes will continue to work.

Run kubectl to switch to a connected Kubernetes cluster:

kubectl config use-context infra:example

Lastly, run a command against the cluster:

kubectl get pods -A

Access control

To grant access, run infra grant:

infra grants add --group Engineering my-cluster --role cluster-admin

Namespaces

Use Infra's resource notation to grant access to a namespace in the format:

<cluster>.<namespace>

For example, to grant view access to the kube-system namespace:

infra grants add --group Engineering my-cluster.kube-system --role view

Roles

RoleDescription
cluster-adminAccess to any resource
adminAccess to most resources, including roles and role bindings, but does not grant access to cluster-level resources such as cluster roles or cluster role bindings
editAccess to most resources in the namespace but does not grant access to roles or role bindings
viewAccess to read most resources in the namespace but does not grant write access nor does it grant read access to secrets
logsAccess to pod logs
execAccess to kubectl exec
port-forwardAccess to kubectl port-forward

Custom Kubernetes Roles

If the provided roles are not sufficient, additional roles can be configured to integrate with Infra. To add a new role, create a ClusterRole in a connected cluster with label app.infrahq.com/include-role=true.

kubectl create clusterrole example --verb=get --resource=pods
kubectl label clusterrole/example app.infrahq.com/include-role=true