configuring kubectl for remote access

each kubeconfig needs a kubernetes api server to connect to. per default this is localhost:8080 - for high availability support the ip address is assigned to the external LoadBalancer fronting kubernetes api servers

commands have to run from ca directory

generate a kubeconfig file suitable for authenticating as the admin user

# set k8s lb_address, set creds and "use-context"
{
  KUBERNETES_LB_ADDRESS=192.168.5.30

  kubectl config set-cluster kubernetes-the-hard-way \
    --certificate-authority=ca.crt \
    --embed-certs=true \
    --server=https://${KUBERNETES_LB_ADDRESS}:6443

  kubectl config set-credentials admin \
    --client-certificate=admin.crt \
    --client-key=admin.key

  kubectl config set-context kubernetes-the-hard-way \
    --cluster=kubernetes-the-hard-way \
    --user=admin

  kubectl config use-context kubernetes-the-hard-way
}
  
# output
  ---
  Cluster "kubernetes-the-hard-way" set.
  User "admin" set.
  Context "kubernetes-the-hard-way" created.
  Switched to context "kubernetes-the-hard-way".

verification

# get components status
> kubectl get componentstatuses
  ---
  NAME                 AGE
  scheduler            <unknown>
  controller-manager   <unknown>
  etcd-0               <unknown>
  etcd-1               <unknown>

# IT SHOULD LOOKS LIKE THIS:
  NAME                 STATUS    MESSAGE             ERROR
  controller-manager   Healthy   ok
  scheduler            Healthy   ok
  etcd-1               Healthy   {"health":"true"}
  etcd-0               Healthy   {"health":"true"}

# i had to use the command on master node to 
# get a valid output - but scheduler is not working
  ---
  NAME                 STATUS      MESSAGE             ERROR
  scheduler            Unhealthy   Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: connect: connection refused   
  controller-manager   Healthy     ok                                                                                          
  etcd-0               Healthy     {"health":"true"}                                                                           
  etcd-1               Healthy     {"health":"true"} 

# kube-scheduler does'nt run
> sudo systemctl status kube-scheduler
  ---
  stat /var/lib/kubernetes/kube-scheduler.kubeconfig: no such file or directory

# copy missing file
> sudo cp kube-controller-manager.kubeconfig /var/lib/kubernetes/

# start scheduler
> sudo systemctl status kube-scheduler

# test again and it works
> kubectl get componentstatuses --kubeconfig admin.kubeconfig                                              
   ---
  NAME                 STATUS    MESSAGE             ERROR
  controller-manager   Healthy   ok
  scheduler            Healthy   ok
  etcd-0               Healthy   {"health":"true"}
  etcd-1               Healthy   {"health":"true"}
# show nodes in kube-system namespace - not ready is fine
> kubectl get nodes
  ---
  NAME       STATUS   ROLES    AGE    VERSION
  worker-1   NotReady    <none>   118s   v1.13.0
  worker-2   NotReady    <none>   118s   v1.13.0

— copyleft —

all commands shown on this page are from mmumshad’s fork of “kubernetes-the-hard-way” by kelseyhightower on github