Add your Kubernetes environment

You can add a native Kubernetes cluster to Sophos Cloud Optix by running the script Sophos provides.

Note A native cluster is one that you have installed on servers that you own and manage. It may be hosted in the cloud or on-premises, and differs from Kubernetes services managed by cloud providers (AWS, Microsoft Azure, GCP).
Note Sophos Cloud Optix also supports Amazon Elastic Kubernetes Service (EKS), Microsoft Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE). You can add EKS, AKS, and GKE clusters to Sophos Cloud Optix when you add AWS, Microsoft Azure, and GCP environments. The following instructions are for native Kubernetes deployments only.
To add a Kubernetes cluster, do as follows:
  1. Click Add Environments.
  2. On the Add your cloud environment page, select the K8s tab.

    This shows you the script and other information you need.

  3. Use SSH to access your cluster's master node.

    You need to be an admin for the cluster you want to add.

  4. Download the script shown on the K8s tab in Sophos Cloud Optix.
  5. Run the script using the command shown.
  6. Add the IP addresses shown to your allow list. You do this in the security group of your master node.

    This enables Sophos Cloud Optix to access the Kubernetes API server.

Sophos Cloud Optix will pull the inventory data, perform CIS Benchmark security best practice checks on the environment, and report any potential weaknesses.