Skip to main content

Before you start

To get the most out of this guide, you will need to:

Features

The table below outlines the features available for this type of connection.
  • Native - Indicates the connectivity happens through the Hoop command line (hoop connect <connection-name>) or acessing the protocol port directly on the gateway.
  • One Off - This term refers to accessing the resource from Hoop Web Console.
FeatureNativeOne OffDescription
TLS Termination ProxyThe local proxy terminates the connection with TLS, enabling the connection with the remote server to be TLS encrypted.
AuditThe gateway stores and audits the queries being issued by the client.
Data Masking (Google DLP)A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.
Data Masking (MS Presidio)A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.
GuardrailsAn intelligent layer of protection with smart access controls and monitoring mechanisms.
Credentials OffloadThe user authenticates via SSO instead of using database credentials.
Interactive AccessInteractive access is available when using an IDE or connecting via a terminal to perform analysis exploration.

Service Account Setup

  1. Generate an service account
kubectl create serviceaccount mysa -n hoopdev
  1. Create a new token
kubectl create token mysa -n hoopdev
  1. Assign RBAC permissions
kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: mysa-role
  namespace: hoopdev
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: mysa-binding
  namespace: hoopdev
subjects:
  - kind: ServiceAccount
    name: mysa
    namespace: hoopdev
roleRef:
  kind: Role
  name: mysa-role
  apiGroup: rbac.authorization.k8s.io
EOF
Now the Hoop resource will have access to:
  • List Pods
  • Get Pods
  • Watch Pods