For K8S container filing system deployed in the cloud, you can log in to the host K8S located remotely over SSH and run the command kubectl tool to control K8S service system. However, the first two stages SSH to log in to remote access to the desktop using a Linux desktop or macOS students who, Kubectl operating environment from the local desktop environment, feel inconvenient to use, feel uncomfortable.
Here's a method directly from a local desktop remote access and control cloud K8S server, helps restore a good mood. This method is also applicable for the Windows desktop, but in different local file path, you need to make appropriate changes.
A, kubectl remote access control principle
K8S is great emphasis based cloud computing platform security, communications between nodes or components have been encrypted transmission, the sender to encrypt a communication message, the recipient decrypts the plaintext. Inter-node communication by the public key, private key and digital certificate security mechanisms, to identify nodes or user, and to ensure communication and access security.
Figure kubectl remote access and control K8S works
When K8S initialization, kubeadm command automatically creates an administrator user kubernetes-admin, user and generate a public key, private key and digital certificate, the certificate information stored in the configuration file of the master node /etc/kubernetes/admin.conf.
The user holds a certificate file, no matter where, as long as the network interconnection, will be able to remotely access K8S server. Because digital certificates K8S server sent by the client to identify the identity of remote users, remote access authentication by the server as if the local user access.
Kubectl default command reads the configuration file from the machine where $ HOME / .kube / config files, and also supports the environment variable $ KUBECONFIG specify a different configuration file.
Admin.conf protocol configuration file configuration file server attribute specifies the remote server address and port. Server typically has a cloud IP network and public IP address two system: inside the cloud, the cloud server access between each other through the IP address; in external cloud platforms, cloud server from accessing the public network, the server must use the cloud public IP address.
After the configuration file admin.conf copied to the local file system, you need to modify the server property, replaced by a public IP address, to connect properly to the cloud server.
For example as follows:
The original configuration of server config file attributes:
server: https://192.168.1.191:6443
Replace public addresses:
server: https://118.31.xo.xo:6443
Attribute server can also use the domain name or host name instead of the IP address, provided that the domain name or host name has been digitally signed with a digital certificate within a configuration file. Otherwise, the digital signature verification report errors kubectl command is run.
For example, the host name to access configuration is as follows:
server: https://myserver:6443
Second, the assumption
For convenience of drafting, it does not involve too many details, the following assumptions:
It has a local desktop client control program kubectl K8S installed and is compatible with the cloud K8S system version.
SSH client program installed locally, will be used later sftp command to download the certificate profile.
Three, kubectl remote access control principle
Ali to be deployed on cloud K8S dev environment as an example, the configuration process. Dev-7 is known cloud server is the master node K8S.
Log on to the local desktop, open Terminal terminal.
Modifying the local / etc / hosts file, add a line at the end:
# We are / etc / hosts ... 118.31 .xo.xo myserver
Create a local directory:
# mkdir -p ~/.kube
~ Symbol synonymous with the $ HOME environment variable.
Change the current working directory:
# mkdir -p ~/.kube
Use sftp download configuration files on the cloud server, follow the prompts to enter the root password:
# sftp root@dev-7 Sftp> get /etc/kubernetes/admin.conf config Sftp> bye
Modify the server configuration file attributes:
# vi config
...
server: https://myserver:6443
...
Configuration process is complete.
Hostname myserver has been digitally signed certificate, so the command kubectl correctly identified.
Fourth, testing and certification
View config configuration file:
# more ~/.kube/config
Use kubectl command to display the cluster nodes within the cloud:
# kubectl get node
The results show that the local desktop can be properly connected to the cloud K8S server. Readers can use the command tool kubectl rich sub-set of commands to manage and control K8S server.
Because kubectl command runs on the local desktop, input, output and sub-command files can be used yaml tightly integrated with the local file system, eliminating the trouble transferring files between local desktop and the cloud server, but also easy to create personalized personal work surroundings.
Thank you small partners on demand, inspiration, or to provide technical guidance.
During use, our readers, users and micro Friends If you have any questions, please feel free to contact me.
Clear, as: [email protected]
Micro letter: solomonxu9999
This article is an original work of authorship, originally published in a number of public technology Talk | remote access and control of cloud servers K8S method