README: access/auth: collapse bootstrapping

For 'how to connect to cluster', server-side setup is not needed from connecting clients. Hiding the section makes the steps more concise.
2022-10-09 19:08:46 +00:00 · 2022-10-09 19:08:46 +00:00 · bac5040d2a
parent 4d5851259d
commit bac5040d2a
1 changed files with 13 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -23,6 +23,7 @@ Most endpoints are protected by OIDC autentication or Authelia SSO middleware.

 General discussion is happening in the `#kube` Slack channel.

+<details><summary>Bootstrapping access</summary>
 For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master
 nodes and place it under `~/.kube/config` on your machine.

@ -46,9 +47,9 @@ EOF
 sudo systemctl daemon-reload
 systemctl restart kubelet
 ```
+</details>

-Afterwards following can be used to talk to the Kubernetes cluster using
-OIDC credentials:
+The following can be used to talk to the Kubernetes cluster using OIDC credentials:

 ```bash
 kubectl krew install oidc-login
@ -89,6 +90,16 @@ EOF

 For access control mapping see [cluster-role-bindings.yml](cluster-role-bindings.yml)

+### systemd-resolved issues on access
+```sh
+Unable to connect to the server: dial tcp: lookup master.kube.k-space.ee on 127.0.0.53:53: no such host
+```
+```
+Network → VPN → `IPv4` → Other nameservers (Muud nimeserverid): `172.21.0.1`
+Network → VPN → `IPv6` → Other nameservers (Muud nimeserverid): `2001:bb8:4008:21::1`
+Network → VPN → `IPv4` → Search domains (Otsingudomeenid): `kube.k-space.ee`
+Network → VPN → `IPv6` → Search domains (Otsingudomeenid): `kube.k-space.ee`
+```

 # Technology mapping