Step 1: Select the Cloudk8s tab on the left menu.
Step 2: Click on the switcher of the desired cluster.
Step 3: The modal window appears.
Configuring Read-Only Access
Step 4: Configure the read-only access to the cluster.
4.1 Click on "read only" button
4.2 The guide link appears. Click on "Learn more".
You can connect your AKS cluster to Uniskai by allowing direct access to the cluster API.
Check the authentication and authorization method in the cluster configuration and select the appropriate setup manual. Uniskai currently supports these modes:
az role assignment create --assignee-object-id <PRINCIPAL_ID> --assignee-principal-type ServicePrincipal --role "Azure Kubernetes Service Cluster Monitoring User" --scope "<CLUSTER_ID>"
Replace <PRINCIPAL_ID> with the service principal ID (found in the account details on the Account Manager page) and <CLUSTER_ID> with your cluster ID
(/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.ContainerService/managedClusters/<NAME>
)
Alternatively, follow these steps:
On the cluster page in the Azure Portal, select Access Control (IAM) and choose Add → Add role assignment.
Select the role with the desired access level and click Next:
Read-only access (monitoring access) - Azure Kubernetes Service Cluster Monitoring User
Read-write access - Azure Kubernetes Service Cluster User Role
4.3. Search for Uniskai service principles and add them to the member list.
4.4. Create the role assignment.
4.5. Сonnect to cluster on Azure console(Optional).
Go to Cluster and click the "Connect" button
Open cloud shell console
Copy and paste the first command and run it.
Copy and paste the second command and run it.
4.6. Return to Uniskai and click on "I carried out the instruction"
If the state has not changed, wait 5 minutes and press the button "I carried out the instruction" again
and refresh your account in Uniskai to see updated cost reports and recommendations.
Here you can find the button to refresh the account:
The state is changed to read-only.
Configuring Read/Write Access for Uniskai Agent
The Uniskai Agent brings platform features to Kubernetes clusters without compromising security.
To install the agent, establish a reader connection first and launch the installation command provided by the platform for read/write connection.
Find more info about creating a SchedulePolicy Resource in Kubernetes with Kubesitter here.
Step 5: Configure read/write access to the cluster
5.1 Click on the "read/write" button
5.2 The modal window with the connection script appears. Run the command in the command line.
5.3 Return to Uniskai and click on the button "I ran the script".
If the state has not changed, wait 5 minutes and press the button "I ran the script" again
and refresh your account in Uniskai to see updated cost reports and recommendations.
Here you can find the button to refresh the account:
The state is changed to the read-write.
Switch from Read-Write connection to Read only connection
If the AKS cluster is connected via API
Go to the Azure portal and run the following commands in the console
az role assignment delete --assignee <PRINCIPAL_ID> --role "Azure Kubernetes Service Cluster User Role" --scope "<CLUSTER_ID>"