Skip to content

Generate a kubeconfig that can be used from remote machines #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
ksuderman wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Generate a kubeconfig that can be used from remote machines #49

ksuderman wants to merge 3 commits into from

Conversation

@ksuderman
Copy link
Collaborator

@ksuderman ksuderman commented Sep 2, 2021

This replaces PR #48

The certificates that are generated for the kubeconfig file are only valid for for localhost (127.0.0.1) and cannot be downloaded and used from a remote machine. This PR adds two things to address this problem:

  1. Adds {{ ansible_ssh_host }} to the tls-san section of the rke_config.j2 template so that the certificates generated are also valid for the instance's public IP address, and
  2. Adds a new playbook (fetch.yml) that can be used to download a copy of the kubeconfig (/etc/rancher/rke2/rke2.yaml) and save it locally so it can be used to manage the cluster with kubectl and helm commands.

This PR has not been tested yet.

@nuwang nuwang force-pushed the master branch 2 times, most recently from 24160e8 to 786d73c Compare November 1, 2021 19:48
@ksuderman ksuderman mentioned this pull request May 5, 2022
Closed
nuwang
nuwang reviewed May 5, 2022
View reviewed changes
Copy link
Contributor

@nuwang nuwang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, perhaps we could rename fetch.yml to fetch_kube_config.yml?

fetch.yml
lineinfile:
path: "{{ temp_file }}"
regexp: 'server: https://127\.0\.0\.1:6443'
line: " server: https://{{ ansible_ssh_host }}:6443"
Copy link
Contributor

@nuwang nuwang May 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can cluster_hostname be used for this instead of ansible_ssh_host? If I recall correctly, cluster_hostname defaults to ansible_ssh_host if it's not specified.

Copy link
Collaborator Author

@ksuderman ksuderman May 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can test it, but I want the kubeconfig to be valid for the public IP address not just the hostname.

Copy link
Contributor

@nuwang nuwang May 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, in which case you can specify the ip for cluster_hostname, which is what happens by default.

@almahmoud almahmoud mentioned this pull request Jun 28, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nuwang nuwang nuwang left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ksuderman @nuwang