Overview
JupiterOne provides a managed integration with Openshift. The integration connects directly to Openshift APIs to obtain cluster metadata and analyze resource relationships.
Integration Instance Configuration
Authentication is currently designed to use a Service Account.
Login as admin:
oc login -u system:admin
Create service account:
oc create sa jupiterone oc adm policy add-cluster-role-to-user cluster-reader -z jupiterone
Get service account token:
oc serviceaccounts get-token jupiterone
The integration instance configuration requires the cluster address and service account token.
Entities
The following entity resources are ingested when the integration runs:
Openshift Resource | _type of the Entity | _class of the Entity |
---|---|---|
Account | openshift_account |
Account |
Container | openshift_container |
Task |
Group | openshift_user_group |
UserGroup |
Pod | openshift_pod |
Task |
Project | openshift_project |
Project |
Route | openshift_route |
Domain |
Service Account | openshift_service_account |
User |
Service | openshift_service |
Task |
User | openshift_user |
User |
Relationships
The following relationships are created/mapped:
From | Edge | To |
---|---|---|
openshift_account |
HAS | openshift_user_group |
openshift_account |
HAS | openshift_project |
openshift_project |
HAS | openshift_route |
openshift_project |
HAS | openshift_service_account |
openshift_project |
HAS | openshift_service |
openshift_pod |
HAS | openshift_container |
openshift_route |
EXTENDS | openshift_service |
openshift_service |
HAS | openshift_pod |
openshift_user |
ASSIGNED | openshift_user_group |
Comments
0 comments
Please sign in to leave a comment.