forked from k-space/kube
README: access/auth: collapse bootstrapping
For 'how to connect to cluster', server-side setup is not needed from connecting clients. Hiding the section makes the steps more concise.
This commit is contained in:
parent
4d5851259d
commit
bac5040d2a
15
README.md
15
README.md
@ -23,6 +23,7 @@ Most endpoints are protected by OIDC autentication or Authelia SSO middleware.
|
||||
|
||||
General discussion is happening in the `#kube` Slack channel.
|
||||
|
||||
<details><summary>Bootstrapping access</summary>
|
||||
For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master
|
||||
nodes and place it under `~/.kube/config` on your machine.
|
||||
|
||||
@ -46,9 +47,9 @@ EOF
|
||||
sudo systemctl daemon-reload
|
||||
systemctl restart kubelet
|
||||
```
|
||||
</details>
|
||||
|
||||
Afterwards following can be used to talk to the Kubernetes cluster using
|
||||
OIDC credentials:
|
||||
The following can be used to talk to the Kubernetes cluster using OIDC credentials:
|
||||
|
||||
```bash
|
||||
kubectl krew install oidc-login
|
||||
@ -89,6 +90,16 @@ EOF
|
||||
|
||||
For access control mapping see [cluster-role-bindings.yml](cluster-role-bindings.yml)
|
||||
|
||||
### systemd-resolved issues on access
|
||||
```sh
|
||||
Unable to connect to the server: dial tcp: lookup master.kube.k-space.ee on 127.0.0.53:53: no such host
|
||||
```
|
||||
```
|
||||
Network → VPN → `IPv4` → Other nameservers (Muud nimeserverid): `172.21.0.1`
|
||||
Network → VPN → `IPv6` → Other nameservers (Muud nimeserverid): `2001:bb8:4008:21::1`
|
||||
Network → VPN → `IPv4` → Search domains (Otsingudomeenid): `kube.k-space.ee`
|
||||
Network → VPN → `IPv6` → Search domains (Otsingudomeenid): `kube.k-space.ee`
|
||||
```
|
||||
|
||||
# Technology mapping
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user