Skip to content

Wiz

Intro

The Wiz Kubernetes Connector is a component of the Wiz cloud security platform designed to provide comprehensive security visibility and risk assessment for Kubernetes environments. It facilitates the integration of Kubernetes clusters with the Wiz platform, enabling the platform to monitor and analyze the security posture of containerized applications and their underlying infrastructure.

The Wiz Kubernetes Connector is typically deployed within the Kubernetes cluster itself, often using Helm charts or other Kubernetes-native deployment methods. It establishes a connection with the Wiz platform, allowing for data ingestion and analysis.

In essence, the Wiz Kubernetes Connector acts as a bridge between your Kubernetes clusters and the Wiz platform, providing the necessary data and context for effective container and Kubernetes security.

This recipe describes how customers can standardize the deployment of the Wiz Kubernetes Connector, giving them valuable insights into their Kubernetes infrastructure.

What Will You Do

In this exercise,

  • You will create the Wiz Kubernetes Connector add-on using Wiz's official Helm chart
  • You will use the add-on in a custom cluster blueprint
  • You will then apply this cluster blueprint to a managed cluster

Assumptions

  • You have already provisioned or imported one or more Kubernetes clusters using the controller.

Step 1: Create the Wiz Kubernetes Connector add-on

1.1: Create Repository

  • Log into the Web Console and navigate to your project as an Org admin or an Infrastructure Admin
  • Under Integrations, select Repositories
  • Create a New Repository
  • Provide a name (e.g. wiz-sec-helm-repo) and select type as Helm, click on Create

Create Repository

Create Repository

1.2: Create Custom Catalog

  • Navigate to the App Catalog section, select Manage Catalogs
  • Create a New Catalog
  • Provide a name (e.g. wiz-sec-catalog) and select the repo (e.g. wiz-sec-helm-repo) created as part of the previous step

Create Catalog

  • Click on Sync Catalog
  • Helm charts are now synced to the Custom Catalog, we will use the Wiz Kubernetes Connector Helm chart for this exercise

Create Catalog

1.3: Create Namespace

You will now create a managed namespace from the controller for the Wiz Kubernetes Connector.

  • Navigate to Infrastructure -> Namespaces
  • Click on New Namespace
  • Provide a name (e.g. wiz) and select type as Wizard
  • Click Save

Create Namespace

  • Click "Save & Go To Placement"
  • Select one of your clusters for placement
  • Click "Save & Go To Publish"
  • Click "Publish"
  • Click "Exit"

Publish Namespace

1.4: Customize Values

The Wiz Kubnernetes Connector Helm chart comes with a very complex values.yaml file with support for a large number of scenarios.

We will be customizing the default with our own override "values.yaml".

  • Copy the details below into a file named "wiz-kubernetes-connector-custom-values.yaml"
  • Replace the wizApiToken settings with your company's values
wizApiToken:
  clientId: "" # Client ID of the Wiz Service Account.
  clientToken: "" # Client secret of the Wiz Service Account.
  clientEndpoint: "" # Defaults to commercial.

1.5: Create custom Add-on

In this step, you will create a custom cluster add-on from the Catalog. The add-on will then be used in a custom cluster blueprint.

  • Navigate to Add-Ons under the Infrastructure section
  • Create a New Add-On, select the Create New Add-On from Catalog option

Create Add-On

  • Search for wiz-kubernetes-connector

Create Add-On

  • Click Create Add-On
  • Provide a name (e.g. wiz-kubernetes-connector) and select the namespace (wiz) created as part of the previous step
  • Click Create

Create Add-On

  • Enter 1.0 for the version name
  • Upload the values file "wiz-kubernetes-connector-custom-values.yaml" from the previous step
  • Click Save Changes

Create Add-On

Step 2: Create Blueprint

In this step, you will create a custom cluster blueprint which contains the previously created add-on.

  • Navigate to Blueprints under the Infrastructure section
  • Click New Blueprint
  • Provide a name (e.g. wiz-blueprint), select type as Custom Blueprint
  • Click Save

Create Blueprint

  • Enter v1 for the version name
  • Select minimal for the base blueprint
  • Click Configure Add-Ons
  • Click the + symbol to add the wiz-kubernetes-connector add-on to the blueprint
  • Click Save Changes

Create Blueprint

  • Click Save Changes

Step 3: Apply Bluprint

In this step, you will apply the previously created blueprint to the cluster. Applying the blueprint will install the Wiz Kubernetes Connector.

  • Navigate to Infrastructure -> Clusters
  • Click the gear icon on your cluster
  • Select Update Blueprint
  • Select the blueprint created as part of the previous step (e.g. wiz-blueprint) and v1 for the version
  • Click Save and Publish
  • Click Exit

Step 4: Validate connectivity to Wiz Platform

4.1 Verify installation of Wiz Kubernetes Connector

  • Navigate to Infrastructure -> Clusters
  • Initiate a KubeCTL session through the web console

kubectl

  • Run the following command
kubectl get pod -n wiz

The output should be similar to below. You can validate the connector is operating properly by navigating to the Kubernetes cluster in your Wiz console.

kubectl get pod -n wiz
NAME                                              READY   STATUS   RESTARTS   AGE
wiz-kubernetes-connector-create-connector-5xqm4   1/1     Running    0          13s

Recap

Congratulations! You have successfully created a custom cluster blueprint with the Wiz Kubernetes Connector as a custom add-on. You can now use this blueprint on as many clusters as you require.