Skip to main content
All CollectionsUniskai and Kubernetes
Step-by-step connecting Kubernetes Cluster for Azure
Step-by-step connecting Kubernetes Cluster for Azure

You can connect the AKS cluster to Uniskai by installing the agent or allowing direct access to the cluster API

Updated over 2 weeks ago

Configuring Read-Only Access

The Uniskai Agent brings platform features to Kubernetes clusters without compromising security. With the “Read-only” connection you can get the:

1. K8s architecture view in Cloudmap and Cloudnet;

2. K8s Billing;

3. View rightsizing recommendations;

4. View Cloudsitter recommendations;

Step 1.

Select the Cloudk8s tab on the left menu.

Step 2.

Click on the switcher of the desired cluster.

Step 3.

The modal window appears.

Step 4.

Click on "Read only" button

The modal window with the connection script appears. The mode reader corresponds to Read-only access. Copy the command.

Step 5.

Go to Azure portal and connect to the cluster.

Go to Kubernetes services and click the “Connect” button.

Follow these steps to connect to the cluster using Cloud shell.

When the cluster is connected, paste and run the command from the modal window (Step 4).

Step 6.

Return to Uniskai. To set up the cost model, click on the link “installation guide” and follow the instructions.

If you already have a cost model (Kubecost or Opencost) installed, you do not need to install it again.


Click on the button "I ran the script".

Wait until all pods in the Uniskai namespace are running

When you are completely sure that all pods in the Uniskai namespace are running just refresh your account in Uniskai to see updated cost reports and recommendations.

Here you can find the button to refresh the account:

The state is changed to read-only.

Configuring Read/Write Access for Uniskai Agent

With a “Read/write” connection you can get:

1. K8s architecture view in Cloudmap and Cloudnet;

2. K8s Billing;

3. K8s Rightsizing;

4. Kubesitter;

5. K8s Cloudsitter.

Step 1:

Click on the "Read/write" button.

The modal window with the connection script appears. The mode editor corresponds to Read/write access. Copy the command.

Step 2.

Go to the Azure portal and connect to the cluster.

Go to Kubernetes services and click the “Connect” button.

Follow these steps to connect to the cluster using Cloud shell.

When the cluster is connected, paste and run the command from the modal window (Step 1).

Step 3.

Return to Uniskai. To set up the cost model, click on the link “installation guide” and follow the instructions.

If you already have a cost model (Kubecost or Opencost) installed, you do not need to install it again.

Step 4.


Click on the button "I ran the script".

Wait until all pods in the Uniskai namespace are running

When you are completely sure that all pods in the Uniskai namespace are running just refresh your account in Uniskai to see updated cost reports and recommendations.

The state is changed to the read-write.

Switch from Read-Write connection to Read only connection

  1. Go to cluster with Read-Write connection and click on the blue button 'Switch to read-only'

  2. Refresh your account on the platform

  3. The state is changed to the read-only

Azure AKS Cluster with Public API Access

You can connect your AKS cluster to Uniskai by allowing direct access to cluster API.

With “Read only” connection you can get:

1. K8s architecture view in Cloudmap and Cloudnet;

2. K8s Billing;

3. View rightsizing recommendations;

4. View Cloudsitter recommendations


With “Read/write” connection you can get:

1. K8s architecture view in Cloudmap and Cloudnet;

2. K8s Billing;

3. K8s Rightsizing;

4. K8s Cloudsitter.

Check the authentication and authorization method in the cluster configuration and select the appropriate setup manual. Uniskai currently supports these modes:

Local accounts with Kubernetes RBAC.

1.1. To connect the AKS cluster with K8s RBAC authorization, provide permissions for Uniskai to list cluster user credentials. You can either run this command in Azure CloudShell:

az role assignment create --assignee-object-id <PRINCIPAL_ID> --role "<ROLE>" --scope "<CLUSTER_ID>"

where:

  • CLUSTER_ID - your cluster ID (/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.ContainerService/managedClusters/<NAME>)

  • ROLE:

    a) Read-only access (monitoring access) - Azure Kubernetes Service Cluster Monitoring User;

    b) Read-write access - Azure Kubernetes Service Cluster User Role;

  • PRINCIPAL_ID - service principal ID, which was created during subscription onboarding. You can find it in the account details on the Account Manager page:

1.2. Return to Uniskai and refresh the account.

Or you can follow these steps:

1.1. On the cluster page in the Azure Portal, select Access Control (IAM) and choose Add → Add role assignment.

1.2. Select the role with the desired access level and click Next:

a) Read-only access (monitoring access) - Azure Kubernetes Service Cluster Monitoring User;

b) Read-write access - Azure Kubernetes Service Cluster User Role

1.3. Search for Uniskai service principles and them to the member list.

1.4. Create role assignment.

1.5. Return to Uniskai and refresh the account.

Related Articles
Uniskai and Kubernetes
Step-by-step connecting Kubernetes Cluster — AWS
Switch cluster from Read/Write to Read only connection
Supported resource types per provider
Onboarding process
Did this answer your question?