1
0
forked from k-space/kube

README: access/auth: collapse bootstrapping

For 'how to connect to cluster', server-side setup
is not needed from connecting clients.
Hiding the section makes the steps more concise.
This commit is contained in:
rasmus 2022-10-09 19:08:46 +00:00
parent 4d5851259d
commit bac5040d2a

View File

@ -23,6 +23,7 @@ Most endpoints are protected by OIDC autentication or Authelia SSO middleware.
General discussion is happening in the `#kube` Slack channel. General discussion is happening in the `#kube` Slack channel.
<details><summary>Bootstrapping access</summary>
For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master
nodes and place it under `~/.kube/config` on your machine. nodes and place it under `~/.kube/config` on your machine.
@ -46,9 +47,9 @@ EOF
sudo systemctl daemon-reload sudo systemctl daemon-reload
systemctl restart kubelet systemctl restart kubelet
``` ```
</details>
Afterwards following can be used to talk to the Kubernetes cluster using The following can be used to talk to the Kubernetes cluster using OIDC credentials:
OIDC credentials:
```bash ```bash
kubectl krew install oidc-login kubectl krew install oidc-login
@ -89,6 +90,16 @@ EOF
For access control mapping see [cluster-role-bindings.yml](cluster-role-bindings.yml) For access control mapping see [cluster-role-bindings.yml](cluster-role-bindings.yml)
### systemd-resolved issues on access
```sh
Unable to connect to the server: dial tcp: lookup master.kube.k-space.ee on 127.0.0.53:53: no such host
```
```
Network → VPN → `IPv4` → Other nameservers (Muud nimeserverid): `172.21.0.1`
Network → VPN → `IPv6` → Other nameservers (Muud nimeserverid): `2001:bb8:4008:21::1`
Network → VPN → `IPv4` → Search domains (Otsingudomeenid): `kube.k-space.ee`
Network → VPN → `IPv6` → Search domains (Otsingudomeenid): `kube.k-space.ee`
```
# Technology mapping # Technology mapping