PortalRequest proposal
Directory › Connections › Kubernetes

How to Add a Kubernetes Connection in CyberVision

Purpose

Create a Kubernetes connection to access workloads (pods/containers) through the cluster API in a controlled way.

Prerequisites

  • Permission to create connections in the Connections module.
  • Kubernetes API server endpoint.
  • API port (commonly 6443).
  • Defined authentication method (client certificate/key, depending on environment).
  • Target namespace/pod/container (when applicable).
  • (Optional) Proxy/jump host.

Step-by-step

1) Create the connection

1. Open Connections.

2. Click Add.

2) Set general connection details

In the Connection section:

  • Name: define a clear name (example: K8s - Production Cluster).
  • Protocol: select Kubernetes.

Why?

  • Name improves operational clarity and ownership.
  • Protocol switches the form/engine to Kubernetes-specific parameters.

3) Configure Proxy

In the Proxy section:

  • Hostname
  • Port

Why?

  • Many cluster APIs are internal-only.
  • Proxy/jump keeps access controlled without broad network exposure.

4) (Optional) Apply usage restrictions

Configure:

  • Date/time usage windows.
  • Allowed/blocked schedules.
  • Allowed/blocked source hosts.

Why?

  • Limits unauthorized access opportunities.
  • Supports governance and compliance controls.

5) Configure Kubernetes protocol parameters

In kubernetes: Protocol Parameters:

Network

  • Hostname: API server IP/DNS.
  • Port: usually 6443.
  • Use SSL/TLS: enable.
  • Ignore server certificate: only if strictly necessary.

Container

  • Namespace
  • Pod name
  • Container name
  • Command (exec)

Authentication

  • Client certificate
  • Client key

Why?

  • Hostname/Port define the control-plane endpoint.
  • SSL/TLS protects confidentiality/integrity.
  • Ignore server certificate reduces trust validation and should be exceptional.
  • Namespace/Pod/Container define exact execution scope.
  • Command (exec) defines initial shell/command behavior.
  • Client cert/key enables strong mTLS-based identity.

6) (Optional) Enable recordings

In the Recordings section:

  • Enable session recording
  • Enable keystroke recording (if available in your setup)

Why?

  • Creates an auditable trail of interactive operational actions.

7) Save

  • Click Save.

Post-creation validation

1. Confirm the connection appears in the Connections list.

2. Start the session and validate:

  • API connectivity,
  • authentication success,
  • access to expected namespace/pod/container,
  • TLS/certificate behavior,
  • recording behavior (if enabled).

Best practices

  • Use naming standard: K8s - <Environment> - <Cluster>.
  • Do not use Ignore server certificate in production unless formally justified.
  • Scope access to required namespaces only.
  • Apply time/source restrictions for high-sensitivity clusters.
  • Periodically review and retire stale connections.
Was this helpful?
Yes: 0 · No: 0