kubernetes-the-hard-way/docs/10-configuring-kubectl.md

# Configuring kubectl for Remote Access

In this lab you will generate a kubeconfig file for the `kubectl` command line
utility based on the `admin` user credentials.

> Run the commands in this lab from the `jumpbox` machine.

## The Admin Kubernetes Configuration File

Each kubeconfig requires a Kubernetes API Server to connect to.

You should be able to ping `controlplane.kubernetes.local` based on the
`/etc/hosts` DNS entry from a previous lab.

```bash
curl --cacert ca.crt \
  https://controlplane.kubernetes.local:6443/version
```

```text
{
  "major": "1",
  "minor": "32",
  "gitVersion": "v1.33.1",
  "gitCommit": "32cc146f75aad04beaaa245a7157eb35063a9f99",
  "gitTreeState": "clean",
  "buildDate": "2025-03-11T19:52:21Z",
  "goVersion": "go1.23.6",
  "compiler": "gc",
  "platform": "linux/arm64"
}
```

Generate a kubeconfig file suitable for authenticating as the `admin` user:

```bash
{
  kubectl config set-cluster kubernetes-the-hard-way \
    --certificate-authority=ca.crt \
    --embed-certs=true \
    --server=https://controlplane.kubernetes.local:6443

  kubectl config set-credentials admin \
    --client-certificate=admin.crt \
    --client-key=admin.key

  kubectl config set-context kubernetes-the-hard-way \
    --cluster=kubernetes-the-hard-way \
    --user=admin

  kubectl config use-context kubernetes-the-hard-way
}
```
The results of running the command above should create a kubeconfig file in
the default location `~/.kube/config` used by the  `kubectl` commandline tool.
This also means you can run the `kubectl` command without specifying a config.


## Verification

Check the version of the remote Kubernetes cluster:

```bash
kubectl version
```

```text
Client Version: v1.33.1
Kustomize Version: v5.6.0
Server Version: v1.33.1
```

List the nodes in the remote Kubernetes cluster:

```bash
kubectl get nodes
```

```
NAME     STATUS   ROLES    AGE   VERSION
node01   Ready    <none>   15m   v1.33.1
node02   Ready    <none>   15m   v1.33.1
```

Next: [Provisioning Pod Network Routes](11-pod-network-routes.md)
update docs 2017-08-29 00:19:25 +03:00			`# Configuring kubectl for Remote Access`

chg: Hostnames In Documentation Continued Updated command that require sudo when running as vagrant user. 2025-06-03 18:40:47 +03:00			In this lab you will generate a kubeconfig file for the `kubectl` command line
			utility based on the `admin` user credentials.
update docs 2017-08-29 00:19:25 +03:00
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			> Run the commands in this lab from the `jumpbox` machine.
update docs 2017-08-29 00:19:25 +03:00
			`## The Admin Kubernetes Configuration File`

Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			`Each kubeconfig requires a Kubernetes API Server to connect to.`
update docs 2017-08-29 00:19:25 +03:00
chg: Hostnames In Documentation Continued Updated command that require sudo when running as vagrant user. 2025-06-03 18:40:47 +03:00			You should be able to ping `controlplane.kubernetes.local` based on the
			`/etc/hosts` DNS entry from a previous lab.
update docs 2017-08-29 00:19:25 +03:00
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			```bash
generate kube-apiserver server certificate 2025-04-08 17:30:28 +03:00			`curl --cacert ca.crt \`
chg: Hostnames In Documentation Continued Updated more places where the hostnames were not updated to reflect the new hostnames for the jumpbox, controller, and worker nodes. 2025-06-02 05:59:11 +03:00			`https://controlplane.kubernetes.local:6443/version`
update docs 2017-08-29 00:19:25 +03:00			```
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00
			```text
Update to Kubernetes 1.10.2 and add gVisor support 2018-05-12 19:54:18 +03:00			`{`
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			`"major": "1",`
Update to Kubernetes 1.32.3 2025-04-07 04:32:30 +03:00			`"minor": "32",`
chg: Upgraded Versions Updated the version of the Kuberetes components to the latest stable releases. 2025-06-03 01:15:47 +03:00			`"gitVersion": "v1.33.1",`
Update to Kubernetes 1.32.3 2025-04-07 04:32:30 +03:00			`"gitCommit": "32cc146f75aad04beaaa245a7157eb35063a9f99",`
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			`"gitTreeState": "clean",`
Update to Kubernetes 1.32.3 2025-04-07 04:32:30 +03:00			`"buildDate": "2025-03-11T19:52:21Z",`
			`"goVersion": "go1.23.6",`
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			`"compiler": "gc",`
			`"platform": "linux/arm64"`
			`}`
			```
update docs 2017-08-29 00:19:25 +03:00
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			Generate a kubeconfig file suitable for authenticating as the `admin` user:

			```bash
			`{`
Update to Kubernetes 1.10.2 and add gVisor support 2018-05-12 19:54:18 +03:00			`kubectl config set-cluster kubernetes-the-hard-way \`
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			`--certificate-authority=ca.crt \`
Update to Kubernetes 1.10.2 and add gVisor support 2018-05-12 19:54:18 +03:00			`--embed-certs=true \`
chg: Hostnames In Documentation Continued Updated more places where the hostnames were not updated to reflect the new hostnames for the jumpbox, controller, and worker nodes. 2025-06-02 05:59:11 +03:00			`--server=https://controlplane.kubernetes.local:6443`
update docs 2017-08-29 00:19:25 +03:00
Update to Kubernetes 1.10.2 and add gVisor support 2018-05-12 19:54:18 +03:00			`kubectl config set-credentials admin \`
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			`--client-certificate=admin.crt \`
			`--client-key=admin.key`
update docs 2017-08-29 00:19:25 +03:00
Update to Kubernetes 1.10.2 and add gVisor support 2018-05-12 19:54:18 +03:00			`kubectl config set-context kubernetes-the-hard-way \`
			`--cluster=kubernetes-the-hard-way \`
			`--user=admin`

			`kubectl config use-context kubernetes-the-hard-way`
			`}`
update docs 2017-08-29 00:19:25 +03:00			```
chg: Hostnames In Documentation Continued Updated command that require sudo when running as vagrant user. 2025-06-03 18:40:47 +03:00			`The results of running the command above should create a kubeconfig file in`
			the default location `~/.kube/config` used by the `kubectl` commandline tool.
			This also means you can run the `kubectl` command without specifying a config.
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00
update docs 2017-08-29 00:19:25 +03:00
			`## Verification`

Update to Kubernetes 1.21.0 2021-05-02 08:33:46 +03:00			`Check the version of the remote Kubernetes cluster:`
update docs 2017-08-29 00:19:25 +03:00
Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			```bash
Update to Kubernetes 1.21.0 2021-05-02 08:33:46 +03:00			`kubectl version`
update docs 2017-08-29 00:19:25 +03:00			```

Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			```text
chg: Upgraded Versions Updated the version of the Kuberetes components to the latest stable releases. 2025-06-03 01:15:47 +03:00			`Client Version: v1.33.1`
chg: Hostnames In Documentation Continued Updated command that require sudo when running as vagrant user. 2025-06-03 18:40:47 +03:00			`Kustomize Version: v5.6.0`
chg: Upgraded Versions Updated the version of the Kuberetes components to the latest stable releases. 2025-06-03 01:15:47 +03:00			`Server Version: v1.33.1`
update docs 2017-08-29 00:19:25 +03:00			```

			`List the nodes in the remote Kubernetes cluster:`

Remove cloud provider and move to ARM64 2023-11-01 09:16:49 +03:00			```bash
update docs 2017-08-29 00:19:25 +03:00			`kubectl get nodes`
			```

			```
chg: Hostnames In Documentation Continued Updated command that require sudo when running as vagrant user. 2025-06-03 18:40:47 +03:00			`NAME STATUS ROLES AGE VERSION`
			`node01 Ready <none> 15m v1.33.1`
			`node02 Ready <none> 15m v1.33.1`
update docs 2017-08-29 00:19:25 +03:00			```

			`Next: [Provisioning Pod Network Routes](11-pod-network-routes.md)`