-
Notifications
You must be signed in to change notification settings - Fork 0
/
ab435124.e2b7f757.js
1 lines (1 loc) · 7.28 KB
/
ab435124.e2b7f757.js
1
(window.webpackJsonp=window.webpackJsonp||[]).push([[27],{160:function(e,t,n){"use strict";n.r(t),n.d(t,"frontMatter",(function(){return o})),n.d(t,"metadata",(function(){return l})),n.d(t,"rightToc",(function(){return i})),n.d(t,"default",(function(){return u}));var r=n(2),a=n(9),c=(n(0),n(173)),o={id:"remote_kubectl_access",title:"Remote Kubectl Access"},l={id:"remote_kubectl_access",title:"Remote Kubectl Access",description:"!Remote Kubectl Access",source:"@site/docs/access.md",permalink:"/docs/remote_kubectl_access",editUrl:"https://github.com/raspbernetes/docs/edit/master/website/docs/access.md",sidebar:"someSidebar",previous:{title:"Installation",permalink:"/docs/installation"},next:{title:"Encrypt Secrets",permalink:"/docs/encrypt_secrets"}},i=[{value:"Connect from a client machine",id:"connect-from-a-client-machine",children:[{value:"Install The Cloudflare Daemon On The Client Machine",id:"install-the-cloudflare-daemon-on-the-client-machine",children:[]},{value:"Connect To The Resource",id:"connect-to-the-resource",children:[]},{value:"Additional Information",id:"additional-information",children:[]}]}],s={rightToc:i};function u(e){var t=e.components,n=Object(a.a)(e,["components"]);return Object(c.b)("wrapper",Object(r.a)({},s,n,{components:t,mdxType:"MDXLayout"}),Object(c.b)("p",null,Object(c.b)("img",Object(r.a)({parentName:"p"},{src:"https://github.com/raspbernetes/raspbernetes.github.io/raw/master/img/kubectl.png",alt:"Remote Kubectl Access",title:"Remote Kubectl Access"}))),Object(c.b)("h2",{id:"connect-from-a-client-machine"},"Connect from a client machine"),Object(c.b)("p",null,"The following instructions will setup remote kubectl access to the Kubernetes cluster."),Object(c.b)("blockquote",null,Object(c.b)("p",{parentName:"blockquote"},Object(c.b)("em",{parentName:"p"},"Note: This will only work if you're part of the Raspbernetes project and have been granted access by an admin."))),Object(c.b)("h3",{id:"install-the-cloudflare-daemon-on-the-client-machine"},"Install The Cloudflare Daemon On The Client Machine"),Object(c.b)("p",null,"Download and install ",Object(c.b)("inlineCode",{parentName:"p"},"cloudflared")," on the client desktop that will connect to the resource using these following ",Object(c.b)("a",Object(r.a)({parentName:"p"},{href:"https://developers.cloudflare.com/argo-tunnel/downloads"}),"instructions"),"."),Object(c.b)("blockquote",null,Object(c.b)("p",{parentName:"blockquote"},Object(c.b)("em",{parentName:"p"},Object(c.b)("inlineCode",{parentName:"em"},"Cloudflared")," will need to be installed on each user device that will connect to the kube-apiserver."))),Object(c.b)("h3",{id:"connect-to-the-resource"},"Connect To The Resource"),Object(c.b)("p",null,"Run the following command to create a connection from the device to Cloudflare. Any available port can be specified."),Object(c.b)("pre",null,Object(c.b)("code",Object(r.a)({parentName:"pre"},{className:"language-bash"}),"$ cloudflared access tcp --hostname api.raspbernetes.com --url 127.0.0.1:1234\n")),Object(c.b)("p",null,"With this service running, you can run a ",Object(c.b)("inlineCode",{parentName:"p"},"kubectl")," command and ",Object(c.b)("inlineCode",{parentName:"p"},"cloudflared")," will launch a browser window and prompt the user to authenticate with the Github SSO provider. Once authenticated, ",Object(c.b)("inlineCode",{parentName:"p"},"cloudflared")," will expose the connection to the client machine at the local URL specified in the command."),Object(c.b)("p",null,Object(c.b)("inlineCode",{parentName:"p"},"kubeconfig")," does not support proxy command configurations at this time, though the community has submitted plans to do so. In the interim, users can alias the cluster's API server to save time."),Object(c.b)("pre",null,Object(c.b)("code",Object(r.a)({parentName:"pre"},{className:"language-bash"}),'$ alias kubeone="env HTTPS_PROXY=socks5://127.0.0.1:1234 kubectl"\n')),Object(c.b)("p",null,"To test that the connection is working correctly, check the alias with a simple command to see if it returns the appropriate information."),Object(c.b)("p",null,"EG:"),Object(c.b)("pre",null,Object(c.b)("code",Object(r.a)({parentName:"pre"},{className:"language-bash"}),"kubeone get nodes\n")),Object(c.b)("p",null,"Result:"),Object(c.b)("pre",null,Object(c.b)("code",Object(r.a)({parentName:"pre"},{className:"language-bash"}),"NAME STATUS ROLES AGE VERSION\nk8s-master-01 Ready master 8h v1.18.6\nk8s-master-02 Ready master 8h v1.18.6\nk8s-master-03 Ready master 8h v1.18.6\nk8s-worker-01 Ready <none> 8h v1.18.6\n")),Object(c.b)("p",null,"If successful you should now have complete access to the cluster using the alias set. Additionally, the cluster has RBAC enabled and the correct user permissions ",Object(c.b)("strong",{parentName:"p"},"must")," be granted by an admin."),Object(c.b)("h3",{id:"additional-information"},"Additional Information"),Object(c.b)("p",null,"How to configure SOCK5 proxy using cloudflare argo tunnel to connect the cluster to Cloudflare can be found ",Object(c.b)("a",Object(r.a)({parentName:"p"},{href:"https://developers.cloudflare.com/access/other-protocols/kubectl/"}),"here")))}u.isMDXComponent=!0},173:function(e,t,n){"use strict";n.d(t,"a",(function(){return b})),n.d(t,"b",(function(){return m}));var r=n(0),a=n.n(r);function c(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?o(Object(n),!0).forEach((function(t){c(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):o(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function i(e,t){if(null==e)return{};var n,r,a=function(e,t){if(null==e)return{};var n,r,a={},c=Object.keys(e);for(r=0;r<c.length;r++)n=c[r],t.indexOf(n)>=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var c=Object.getOwnPropertySymbols(e);for(r=0;r<c.length;r++)n=c[r],t.indexOf(n)>=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=a.a.createContext({}),u=function(e){var t=a.a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},b=function(e){var t=u(e.components);return a.a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.a.createElement(a.a.Fragment,{},t)}},d=a.a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,c=e.originalType,o=e.parentName,s=i(e,["components","mdxType","originalType","parentName"]),b=u(n),d=r,m=b["".concat(o,".").concat(d)]||b[d]||p[d]||c;return n?a.a.createElement(m,l(l({ref:t},s),{},{components:n})):a.a.createElement(m,l({ref:t},s))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var c=n.length,o=new Array(c);o[0]=d;var l={};for(var i in t)hasOwnProperty.call(t,i)&&(l[i]=t[i]);l.originalType=e,l.mdxType="string"==typeof e?e:r,o[1]=l;for(var s=2;s<c;s++)o[s]=n[s];return a.a.createElement.apply(null,o)}return a.a.createElement.apply(null,n)}d.displayName="MDXCreateElement"}}]);