README: access/auth: collapse bootstrapping
For 'how to connect to cluster', server-side setup is not needed from connecting clients. Hiding the section makes the steps more concise.
This commit is contained in:
parent
4d5851259d
commit
bac5040d2a
15
README.md
15
README.md
@ -23,6 +23,7 @@ Most endpoints are protected by OIDC autentication or Authelia SSO middleware.
|
|||||||
|
|
||||||
General discussion is happening in the `#kube` Slack channel.
|
General discussion is happening in the `#kube` Slack channel.
|
||||||
|
|
||||||
|
<details><summary>Bootstrapping access</summary>
|
||||||
For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master
|
For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master
|
||||||
nodes and place it under `~/.kube/config` on your machine.
|
nodes and place it under `~/.kube/config` on your machine.
|
||||||
|
|
||||||
@ -46,9 +47,9 @@ EOF
|
|||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
systemctl restart kubelet
|
systemctl restart kubelet
|
||||||
```
|
```
|
||||||
|
</details>
|
||||||
|
|
||||||
Afterwards following can be used to talk to the Kubernetes cluster using
|
The following can be used to talk to the Kubernetes cluster using OIDC credentials:
|
||||||
OIDC credentials:
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
kubectl krew install oidc-login
|
kubectl krew install oidc-login
|
||||||
@ -89,6 +90,16 @@ EOF
|
|||||||
|
|
||||||
For access control mapping see [cluster-role-bindings.yml](cluster-role-bindings.yml)
|
For access control mapping see [cluster-role-bindings.yml](cluster-role-bindings.yml)
|
||||||
|
|
||||||
|
### systemd-resolved issues on access
|
||||||
|
```sh
|
||||||
|
Unable to connect to the server: dial tcp: lookup master.kube.k-space.ee on 127.0.0.53:53: no such host
|
||||||
|
```
|
||||||
|
```
|
||||||
|
Network → VPN → `IPv4` → Other nameservers (Muud nimeserverid): `172.21.0.1`
|
||||||
|
Network → VPN → `IPv6` → Other nameservers (Muud nimeserverid): `2001:bb8:4008:21::1`
|
||||||
|
Network → VPN → `IPv4` → Search domains (Otsingudomeenid): `kube.k-space.ee`
|
||||||
|
Network → VPN → `IPv6` → Search domains (Otsingudomeenid): `kube.k-space.ee`
|
||||||
|
```
|
||||||
|
|
||||||
# Technology mapping
|
# Technology mapping
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user