2

Kubectl: Connect to Cluster from Windows

 1 year ago
source link: https://www.shellhacks.com/kubectl-connect-to-cluster-from-windows/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

A kubectl is the official Kubernetes command-line tool used to connect to and execute commands on Kubernetes clusters.

As the kubectl executable can be installed on Windows, it can also be used to connect to the remote Kubernetes clusters from Windows machines.

This post shows how to connect to the remote Kubernetes clusters using the kubectl command from Windows.

Cool Tip: How to install a kubectl command on Windows! Read more →

Connect to Cluster using Kubectl

To connect to a remote Kubernetes cluster from Windows, it is required to know the Kubernetes API server URL, credentials (e.g. service account token), namespace and cluster CA certificates (optional).

This information is required to create a Kubernetes context that will be saved to a %HOME%\.kube\conf file on Windows and will be used by the kubectl command to connect to the remote Kubernetes cluster.

Prepare Environment Variables

To simplify the Kubernetes context creation on a Windows machine, open PowerShell and create the environment variables as follows: 

# Kubernetes API server URL
PS C:\> $env:clusterServer="https://k8s-cluster-0.infra:443"

# Kubernetes cluster entry name in '.kube/config' file (can be any)
PS C:\> $env:clusterName="k8s-cluster-0"

# Context name that defines a group of cluster access parameters (can be any)
PS C:\> $env:contextName="svcaccount@k8s-cluster-0"

# Credentials entry name in '.kube/config' file (can be any)
PS C:\> $env:contextUser="svcaccount@k8s-cluster-0"

# Kubernetes cluster namespace to connect to
PS C:\> $env:contextNamespace="default"

# Service account token that will be used for authentication
PS C:\> $env:userToken="sjd8dhK8dai8..."

# Path to a certificate authority (CA) file for the cluster entry
# Can be ignored if '--insecure-skip-tls-verify=true' option is used
PS C:\> $env:clusterCAFilePath="C:\Temp\clusterCA.crt"

You can get the Kubernetes API URL, for example, by running the following command from one of the already configured kubectl clients:

PS C:\> kubectl cluster-info
- sample output -
Kubernetes control plane is running at https://k8s-cluster-0.infra:443

To get the service account token, execute:

PS C:\> kubectl get serviceAccount --namespace default
- sample output -
NAME        SECRETS  AGE
default     1        147d
svcaccount  1        147d

PS C:\> kubectl get serviceAccount svcaccount `
                                   -o jsonpath='{.secrets[0].name}' `
                                   --namespace default
- sample output -
svcaccount-token-qssgf

PS C:\> $env:s = kubectl get secret svcaccount-token-qssgf `
                                    -o jsonpath='{.data.token}' `
                                    --namespace default

PS C:\> [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($env:s))
- sample output -
sjd8dhK8dai8...

The Kubernetes cluster CA certificate is stored in a /var/run/secrets/kubernetes.io/sericeaccount/ca.crt file that can be found inside any container running on the cluster:

PS C:\> kubect exec -it <podName> -- /bin/sh `
                    -c "cat /var/run/secrets/kubernetes.io/sericeaccount/ca.crt"
- sample output -
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Create K8s Context & Connect to Cluster

Once the PowerShell environment variables are created we can use them to configure the Kubernetes context and connect to the cluster using the kubectl command from Windows.

Add the Kubernetes cluster:

PS C:\> kubectl config set-cluster $env:clusterName `
                                   --server $env:clusterServer `
                                   --certificate-authority=$env:clusterCAFilePath

If you don’t have the cluster CA certificate, you can skip the TLS verification as follows:

PS C:\> kubectl config set-cluster $env:clusterName `
                                   --server $env:clusterServer `
                                   --insecure-skip-tls-verify=true

Add the credentials:

PS C:\> kubectl config set-credentials $env:contextUser --token=$env:userToken

Create the context:

PS C:\> kubectl config set-context $env:contextName `
                                   --cluster=$env:clusterName `
                                   --user=$env:contextUser `
                                   --namespace=$env:contextNamespace

Switch to the context:

PS C:\> kubectl config use-context $env:contextName

To verify the current context, execute:

PS C:\> kubectl config get-contexts
- sample output -
CURRENT  NAME                      CLUSTER        AUTHINFO                  NAMESPACE
*        svcaccount@k8s-cluster-0  k8s-cluster-0  svcaccount@k8s-cluster-0  default

To test a connectivity to the remote cluster, execute:

PS C:\> kubectl get nodes
- sample output -
NAME   STATUS  ROLES                 AGE   VERSION
node0  Ready   control-plane,master  173d  v1.22.9
node1  Ready   <none>                173d  v1.22.9
node2  Ready   <none>                173d  v1.22.9

Once the above steps are done, you should be able to connect to the remote Kubernetes cluster using the kubectl command from Windows.

Was it useful? Share this post with the world!

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK