How to configure kubernetes so that I could issue commands against the master machine from my laptop?

Question

I'm trying to setup a cluster of one machine for now. I know that I can get the API server running and listening to some ports.

I am looking to issue commands against the master machine from my laptop.

KUBECONFIG=/home/slackware/kubeconfig_of_master kubectl get nodes should send a request to the master machine, hit the API server, and get a response of the running nodes.

However, I am hitting issues with permissions. One is similar to x509: certificate is valid for 10.61.164.153, not 10.0.0.1. Another is a 403 if I hit the kubectl proxy --port=8080 that is running on the master machine.

I think two solutions are possible, with a preferable one (B):

A. Add my laptop's ip address to the list of accepted ip addresses that API server or certificates or certificate agents holds. How would I do that? Is that something I can set in kubeadm init?

B. Add 127.0.0.1 to the list of accepted ip addresses that API server or certificates or certificate agents holds. How would I do that? Is that something I can set in kubeadm init?

I think B would be better, because I could create an ssh tunnel from my laptop to the remote machine and allow my teammates (if I ever have any) to do similarly.

Thank you,

Slackware

Answer 1

You shoud add --apiserver-cert-extra-sans 10.0.0.1 to your kubeadm init command.

Refer to https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#options

You should also use a config file:

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.16.2
apiServer:
  certSANs:
  - 10.0.0.1

You can find all relevant info here: https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2