From bac5040d2a189f543385c78337cad5d22fe70d73 Mon Sep 17 00:00:00 2001 From: rasmus Date: Sun, 9 Oct 2022 19:08:46 +0000 Subject: [PATCH] README: access/auth: collapse bootstrapping For 'how to connect to cluster', server-side setup is not needed from connecting clients. Hiding the section makes the steps more concise. --- README.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 94ac216..76c99df 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ Most endpoints are protected by OIDC autentication or Authelia SSO middleware. General discussion is happening in the `#kube` Slack channel. +
Bootstrapping access For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master nodes and place it under `~/.kube/config` on your machine. @@ -46,9 +47,9 @@ EOF sudo systemctl daemon-reload systemctl restart kubelet ``` +
-Afterwards following can be used to talk to the Kubernetes cluster using -OIDC credentials: +The following can be used to talk to the Kubernetes cluster using OIDC credentials: ```bash kubectl krew install oidc-login @@ -89,6 +90,16 @@ EOF For access control mapping see [cluster-role-bindings.yml](cluster-role-bindings.yml) +### systemd-resolved issues on access +```sh +Unable to connect to the server: dial tcp: lookup master.kube.k-space.ee on 127.0.0.53:53: no such host +``` +``` +Network → VPN → `IPv4` → Other nameservers (Muud nimeserverid): `172.21.0.1` +Network → VPN → `IPv6` → Other nameservers (Muud nimeserverid): `2001:bb8:4008:21::1` +Network → VPN → `IPv4` → Search domains (Otsingudomeenid): `kube.k-space.ee` +Network → VPN → `IPv6` → Search domains (Otsingudomeenid): `kube.k-space.ee` +``` # Technology mapping