![]() ![]() If an FQDN is defined for the cluster, a single context referencing the FQDN will be created. Connecting Directly to Clusters with FQDN Defined When kubectl works normally, it confirms that you can access your cluster while bypassing Rancher's authentication proxy. Examples are provided in the sections below. The commands will differ depending on whether your cluster has an FQDN defined. Now that you have the name of the context needed to authenticate directly with the cluster, you can pass the name of the context in as an option when running kubectl commands. For details, refer to the recommended architecture section. We recommend using a load balancer with the authorized cluster endpoint. With the second context, my-cluster-controlplane-1, you would authenticate with the authorized cluster endpoint, communicating with an downstream RKE cluster directly. In this example, when you use kubectl with the first context, my-cluster, you will be authenticated through the Rancher server. We recommend that as a best practice, you should set up this method to access your RKE, RKE2, and K3s clusters, so that just in case you can’t connect to Rancher, you can still access the cluster. On RKE2 and K3s clusters, you need to manually enable authorized cluster endpoints. For a longer explanation of how the authorized cluster endpoint works, refer to this page. This additional context allows you to use kubectl to authenticate with the downstream cluster without authenticating through Rancher. When Rancher creates the cluster, it generates a kubeconfig file that includes additional kubectl context(s) for accessing your cluster. This method is only available for RKE, RKE2, and K3s clusters that have the authorized cluster endpoint enabled. This section intended to help you set up an alternative method to access an RKE cluster. Authenticating Directly with a Downstream Cluster This should only happen the first time an operation is done to the discovered resource. If an operation (for instance, scaling the workload) is done to the resource using the Rancher UI/API, this may trigger recreation of the resources due to the missing annotations. However, these resources might not have all the necessary annotations on discovery. Rancher will discover and show resources created by kubectl. Note on Resources Created Using kubectl Use it to interact with your kubernetes cluster. From your workstation, launch kubectl.This alternative method of accessing the cluster allows you to authenticate with Rancher and manage your cluster without using the Rancher UI. ![]() This section describes how to download your cluster's kubeconfig file, launch kubectl from your workstation, and access your downstream cluster. ![]() Use the window that opens to interact with your Kubernetes cluster.Īccessing Clusters with kubectl from Your Workstation
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |