diff --git a/docs/index.md b/docs/index.md index 3ec79dd862..648564bc18 100644 --- a/docs/index.md +++ b/docs/index.md @@ -548,6 +548,7 @@ prowler kubernetes --kubeconfig-file path For in-cluster execution, you can use the supplied yaml to run Prowler as a job within a new Prowler namespace: ```console +kubectl apply -f kubernetes/prowler-sa.yaml kubectl apply -f kubernetes/job.yaml kubectl apply -f kubernetes/prowler-role.yaml kubectl apply -f kubernetes/prowler-rolebinding.yaml diff --git a/docs/tutorials/kubernetes/in-cluster.md b/docs/tutorials/kubernetes/in-cluster.md index cf401f1ff6..ae733db84a 100644 --- a/docs/tutorials/kubernetes/in-cluster.md +++ b/docs/tutorials/kubernetes/in-cluster.md @@ -9,6 +9,7 @@ For in-cluster execution, you can use the supplied yaml files inside `/kubernete They can be used to run Prowler as a job within a new Prowler namespace: ```console +kubectl apply -f kubernetes/prowler-sa.yaml kubectl apply -f kubernetes/job.yaml kubectl apply -f kubernetes/prowler-role.yaml kubectl apply -f kubernetes/prowler-rolebinding.yaml diff --git a/docs/tutorials/prowler-app.md b/docs/tutorials/prowler-app.md index 3184d9e958..d4d3d2f890 100644 --- a/docs/tutorials/prowler-app.md +++ b/docs/tutorials/prowler-app.md @@ -99,6 +99,32 @@ By default, the `kubeconfig` file is located at `~/.kube/config`. Kubernetes Credentials +???+ note + If you are adding an **Amazon EKS** cluster, follow these additional steps to ensure proper authentication: + + 1. Apply the necessary Kubernetes resources to your EKS cluster (you can find the files in the [`kubernetes` directory of the Prowler repository](https://github.com/prowler-cloud/prowler/tree/master/kubernetes)): + ```console + kubectl apply -f kubernetes/prowler-sa.yaml + kubectl apply -f kubernetes/prowler-role.yaml + kubectl apply -f kubernetes/prowler-rolebinding.yaml + ``` + + 2. Generate a long-lived token for authentication: + ```console + kubectl create token prowler-sa -n prowler-ns --duration=0 + ``` + - **Security Note:** The `--duration=0` option generates a non-expiring token, which may pose a security risk if not managed properly. Users should decide on an appropriate expiration time based on their security policies. If a limited-time token is preferred, set `--duration=