Kubectl: Connect to Cluster from Windows
source link: https://www.shellhacks.com/kubectl-connect-to-cluster-from-windows/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
A kubectl
is the official Kubernetes command-line tool used to connect to and execute commands on Kubernetes clusters.
As the kubectl
executable can be installed on Windows, it can also be used to connect to the remote Kubernetes clusters from Windows machines.
This post shows how to connect to the remote Kubernetes clusters using the kubectl
command from Windows.
Cool Tip: How to install a kubectl
command on Windows! Read more →
Connect to Cluster using Kubectl
To connect to a remote Kubernetes cluster from Windows, it is required to know the Kubernetes API server URL, credentials (e.g. service account token), namespace and cluster CA certificates (optional).
This information is required to create a Kubernetes context that will be saved to a %HOME%\.kube\conf
file on Windows and will be used by the kubectl
command to connect to the remote Kubernetes cluster.
Prepare Environment Variables
To simplify the Kubernetes context creation on a Windows machine, open PowerShell and create the environment variables as follows:
# Kubernetes API server URL PS C:\> $env:clusterServer="https://k8s-cluster-0.infra:443" # Kubernetes cluster entry name in '.kube/config' file (can be any) PS C:\> $env:clusterName="k8s-cluster-0" # Context name that defines a group of cluster access parameters (can be any) PS C:\> $env:contextName="svcaccount@k8s-cluster-0" # Credentials entry name in '.kube/config' file (can be any) PS C:\> $env:contextUser="svcaccount@k8s-cluster-0" # Kubernetes cluster namespace to connect to PS C:\> $env:contextNamespace="default" # Service account token that will be used for authentication PS C:\> $env:userToken="sjd8dhK8dai8..." # Path to a certificate authority (CA) file for the cluster entry # Can be ignored if '--insecure-skip-tls-verify=true' option is used PS C:\> $env:clusterCAFilePath="C:\Temp\clusterCA.crt"
You can get the Kubernetes API URL, for example, by running the following command from one of the already configured kubectl
clients:
PS C:\> kubectl cluster-info - sample output - Kubernetes control plane is running at https://k8s-cluster-0.infra:443
To get the service account token, execute:
PS C:\> kubectl get serviceAccount --namespace default - sample output - NAME SECRETS AGE default 1 147d svcaccount 1 147d PS C:\> kubectl get serviceAccount svcaccount ` -o jsonpath='{.secrets[0].name}' ` --namespace default - sample output - svcaccount-token-qssgf PS C:\> $env:s = kubectl get secret svcaccount-token-qssgf ` -o jsonpath='{.data.token}' ` --namespace default PS C:\> [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($env:s)) - sample output - sjd8dhK8dai8...
The Kubernetes cluster CA certificate is stored in a /var/run/secrets/kubernetes.io/sericeaccount/ca.crt
file that can be found inside any container running on the cluster:
PS C:\> kubect exec -it <podName> -- /bin/sh ` -c "cat /var/run/secrets/kubernetes.io/sericeaccount/ca.crt" - sample output - -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
Create K8s Context & Connect to Cluster
Once the PowerShell environment variables are created we can use them to configure the Kubernetes context and connect to the cluster using the kubectl
command from Windows.
Add the Kubernetes cluster:
PS C:\> kubectl config set-cluster $env:clusterName ` --server $env:clusterServer ` --certificate-authority=$env:clusterCAFilePath
If you don’t have the cluster CA certificate, you can skip the TLS verification as follows:
PS C:\> kubectl config set-cluster $env:clusterName ` --server $env:clusterServer ` --insecure-skip-tls-verify=true
Add the credentials:
PS C:\> kubectl config set-credentials $env:contextUser --token=$env:userToken
Create the context:
PS C:\> kubectl config set-context $env:contextName ` --cluster=$env:clusterName ` --user=$env:contextUser ` --namespace=$env:contextNamespace
Switch to the context:
PS C:\> kubectl config use-context $env:contextName
To verify the current context, execute:
PS C:\> kubectl config get-contexts - sample output - CURRENT NAME CLUSTER AUTHINFO NAMESPACE * svcaccount@k8s-cluster-0 k8s-cluster-0 svcaccount@k8s-cluster-0 default
To test a connectivity to the remote cluster, execute:
PS C:\> kubectl get nodes - sample output - NAME STATUS ROLES AGE VERSION node0 Ready control-plane,master 173d v1.22.9 node1 Ready <none> 173d v1.22.9 node2 Ready <none> 173d v1.22.9
Once the above steps are done, you should be able to connect to the remote Kubernetes cluster using the kubectl
command from Windows.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK