kubectl can be used from another machine, but Master, for connecting to Api-Server directly, some configuration is required for that. Steps to complete configuration :
- installing kubectl is enough (see here , step 1, but no kubeadm and kubelet, and no Docker, they all are not needed, only kubectl).
- create config file under .kube folder : .kube/config. Contents of .kube/config file is used for connecting machine with Api-Server (it should be copied from Master)
- In the wake another machine can perform kubectl operations (get pods / nodes, create pods etc).
Suppose there are more than one Kubernetes Clusters and one third-party machine. How can it be configured to access Api-Server on all clusters?
For this, additional contexts must be created in contexts section of .kube/config file (see example below) :
Of course, each cluster details must be described in config file. Below is the example of config file containing cluster info :
Other clusters info can be added in clusters section. certificate-authority-data must copied and pasted from Master node of the cluster. Note that server IP address should be changed to external address of Master node, which contains Api-Server (third party machine accesses Api-Server).
In Kubernetes authentication is made through certificates, authorization – through roles and cluster roles.
In Kubernetes, the default used namespace (instead of default namespace) can be defined in config file. It is simple – just add namespace: <default used namespace> parameter is added to particular context. Default used context can be changed by changing the value of current-context parameter in .kube/config file.