On-Prem k8s | Part 3

Generating Kubeconfig files

mch1307 On-Prem k8s | Part 3

Kubeconfig files

Kubeconfig files, or Kubernetes configuration files, enable Kubernetes client to locate and authenticate to Kubernetes API servers.

We will use kubectl to generate config files for kubelet and kube-proxy clients.

kubectl

First we will install kubectl utility.

curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.10.1/bin/linux/amd64/kubectl

Make the kubectl binary executable

chmod +x kubectl

Move the binary in to your PATH

sudo mv kubectl /usr/local/bin/kubectl

Client Authentication files

kubelet

Generate a kubelet kubeconfig file for each of our worker nodes:

for instance in k8swrk1 k8swrk2 k8swrk3; do
  kubectl config set-cluster kubernetes \
    --certificate-authority=ca.pem \
    --embed-certs=true \
    --server=https://10.32.2.97:6443 \
    --kubeconfig=${instance}.kubeconfig

  kubectl config set-credentials system:node:${instance} \
    --client-certificate=${instance}.pem \
    --client-key=${instance}-key.pem \
    --embed-certs=true \
    --kubeconfig=${instance}.kubeconfig

  kubectl config set-context default \
    --cluster=kubernetes \
    --user=system:node:${instance} \
    --kubeconfig=${instance}.kubeconfig

  kubectl config use-context default --kubeconfig=${instance}.kubeconfig
done

The following files have been generated:

k8swrk1.kubeconfig
k8swrk2.kubeconfig
k8swrk3.kubeconfig

kube-proxy

Generate a kube-proxy config file for the kube-proxy service:

kubectl config set-cluster kubernetes \
  --certificate-authority=ca.pem \
  --embed-certs=true \
  --server=https://10.32.2.97:6443 \
  --kubeconfig=kube-proxy.kubeconfig
kubectl config set-credentials kube-proxy \
  --client-certificate=kube-proxy.pem \
  --client-key=kube-proxy-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-proxy.kubeconfig
kubectl config set-context default \
  --cluster=kubernetes \
  --user=kube-proxy \
  --kubeconfig=kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig

Generated file:

kube-proxy.kubeconfig

Distribute the kubeconfig files

We now need to copy the generated kubeconfig files to each woker node:

for instance in k8swrk1 k8swrk2 k8swrk3; do
  scp ${instance}.kubeconfig kube-proxy.kubeconfig $instance:~/
done

Next: Generating the Data Encryption Config >

< Previous: Provisioning TLS certificates

  • Category
comments powered by Disqus