Configuring kubectl for Remote Access

In this lab you will generate a kubeconfig file for the kubectl command line utility based on the admin user credentials.

Run the commands in this lab from the same directory used to generate the admin client certificates.

The Admin Kubernetes Configuration File

Each kubeconfig requires a Kubernetes API Server to connect to. To support high availability the IP address assigned to the external load balancer fronting the Kubernetes API Servers will be used.

Retrieve the kubernetes-the-hard-way static IP address:

  1. KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
  2. --region $(gcloud config get-value compute/region) \
  3. --format 'value(address)')

Generate a kubeconfig file suitable for authenticating as the admin user:

  1. kubectl config set-cluster kubernetes-the-hard-way \
  2. --certificate-authority=ca.pem \
  3. --embed-certs=true \
  4. --server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443
  1. kubectl config set-credentials admin \
  2. --client-certificate=admin.pem \
  3. --client-key=admin-key.pem
  1. kubectl config set-context kubernetes-the-hard-way \
  2. --cluster=kubernetes-the-hard-way \
  3. --user=admin
  1. kubectl config use-context kubernetes-the-hard-way

Verification

Check the health of the remote Kubernetes cluster:

  1. kubectl get componentstatuses

output

  1. NAME STATUS MESSAGE ERROR
  2. controller-manager Healthy ok
  3. scheduler Healthy ok
  4. etcd-2 Healthy {"health": "true"}
  5. etcd-0 Healthy {"health": "true"}
  6. etcd-1 Healthy {"health": "true"}

List the nodes in the remote Kubernetes cluster:

  1. kubectl get nodes

output

  1. NAME STATUS ROLES AGE VERSION
  2. worker-0 Ready <none> 1m v1.9.0
  3. worker-1 Ready <none> 1m v1.9.0
  4. worker-2 Ready <none> 1m v1.9.0

Next: Provisioning Pod Network Routes