Learning Objectives

  • Review methods to access any Kubernetes cluster.
  • Configure kubectl for Linux, macOS, and Windows.
  • Access the Minikube cluster from the Dashboard.
  • Access Minikube via APIs.

Any healthy running Kubernetes cluster can be accessed via CLI tools and scripts, a Web-UI from a browser or APIs from CLI or programmatically. These methods are applicable to all Kubernetes clusters.

We will use kubectl, the Kubernetes Comman Line Interface client, to manage cluster resources and applications. Once we configured all required credentials and cluster access points, we can use kubectl remotely from anywhere to access a cluster.

The Kubernetes Dashboard provides a Web-Based User Interface to interact with a cluster, to manage resources and containerized applications.

Kubernetes has the API service to allow operators and users to connect to the cluster from the external world. Using both CLI and Web UI, we are able to connect to the API server running on the master node to perform different operations. The API space of Kubernetes can be divided into three independent groups.

Core Group includes objects such as Pods, Services, nodes, namespaces, configmaps, secrets, etc.

Named Group includes objects in /apis/$NAME/$VERSION format, where the different API versions imply different levels of stability and support. You can read more about it here.

System-wide consists of system-wide API endpoints like /healthz, /logs, /metrics, /ui, etc.

We are guided through the installation of kubectl, I highly recommend looking at chocolately if you are a Windows User. To access the Kubernetes cluster, the kubectl client needs the master node endpoint and appropriate credentials to be able to interact with the API server running on the master node.

We can view our configuration file either by using kubectl config view or we look it up. ~/.kube/config file on Linux or %HOMEPATH%\.kube\config for windows.

A "small" overview of kubectl commands are given here, or work yourself through the cheatsheet.

Although for the Kubernetes cluster installed by Minikube the ~/.kube/config file gets created automatically, this is not the case for Kubernetes clusters installed by other tools. In other cases, the config file has to be created manually and sometimes re-configured to suit various networking and client/server setups.

Luckily I already did a workshop of using Azure to set up a full blown Kubernetes Cluster, and I am looking forward to work myself through setting up a Kubernetes all from scratch.

Next up we will access the Kubernetes Dashboard from Minkube, with minikube dashboard we are able to access the dashboard under (port number may vary)

As we can see in the terminal

PS C:\> minikube dashboard
* Enabling dashboard ...
* Verifying dashboard health ...
* Launching proxy ...
* Verifying proxy health ...
* Opening in your default browser...

Minikube takes care of enabling the dashboard and also launching the proxy service for us. Since the dashboard is seen as a security breach, we would have to do these steps manually, which is explained here.

After minikube has setup the dashboard and credentials for accessing it, we are able to also visit the dashboard by using kubectl proxy.

With kubectl proxy still running, we are also able to access any of kubernetes api endpoints, try the following urls:

Without kubectl proxy we need to authenticate by providing a Bearer Token, which is an access token generated by the authentication server and given back to the client. Using that token, the client can connect back to the Kubernetes API server without providing further authentication details and access resources.

We want to get the token
$ TOKEN=$(kubectl describe secret -n kube-system $(kubectl get secrets -n kube-system | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t' | tr -d " ")

Get the API server endpoint
$ APISERVER=$(kubectl config view | grep https | cut -f 2- -d ":" | tr -d " ")

And finally access the API server using the curl command
curl $APISERVER --header "Authorization: Bearer $TOKEN" --insecure

Instead of the access token, we can extract client certificate, client key and certificate authority data from the .kube/config file and use following command
$ curl $APISERVER --cert encoded-cert --key encoded-key --cacert encoded-ca

That's it folks, we got an overview of how to install and configure kubectl Access the Minikube cluster from the Dashboard and access the cluster via its master node API server.

Thanks for reading, see you soon.