You’ve been working hard, got the necessary hardware, assembled everything and installed a brand new Kubernetes cluster probably using some Ansible playbook or something else. Now what? You need to start installing additional software and you probably want to do it from another machine, not from the node where Kubernetes is hosting API server. Otherwise, you have to ssh into the master node every time you need to change something in your cluster.
It would be nice like in case of Azure AKS to simply execute `az aks get-credentials` and get all the necessary entries in ~/.kube/config created for you. Or in case of Google Kubernetes Engine, you just need to execute `gcloud container clusters get-credentials` and you are good to go. Unfortunately, there is no such command for bare-metal.
What you can do is to copy admin.config to your machine replacing your ~/.kube/config entirely:
scp [User]@[Cluster_IP]:/etc/kubernetes/admin.conf ~/.kube/config
But this will replace your existing config and you will lose access to other Kubernetes clusters if you have had any.
The other thing you can do is start editing your config file copying necessary parts from admin.config and creating entries for the cluster, user, context and setting the current context. Although this method is feasible it is very tedious and error-prone.
To simplify this task I decided to create a small and simple tool metalogin which you can run and get admin.config merged into your local config preserving all the existing entries. This tool even supports multiple bare-metal cluster contexts so that you can have as many personal clusters are you need and swithc between them.
In order to run the tool, you need ether Docker running locally or a Golang environment. In the case of Docker the command should look like this:
ssh [user]@[cluster-IP] "sudo cat /etc/kubernetes/admin.conf" \ | docker run -i --rm -v ~/.kube/:/kube moikot/metalogin -c /kube/config
And in the case of a Golang environment like this:
go get github.com/moikot/metalogin ssh [user]@[cluster-IP] "sudo cat /etc/kubernetes/admin.conf" | ~/go/bin/metalogin -c ~/.kube/config
After merging configs you should be able to execute `kubectl` commands accessing your cluster from the local machine.
Behind the scene `metalogin` is performing the following steps:
1. First of all, it receives `config` file from your Kubernetes API node and
deserializes it.
2. It tries to find a cluster record in it with name `kubernetes`. This
record corresponds to the bare-metal Kubernetes cluster.
3. It uses `server` field and assuming that it has a correct URI format, it
tries to extract the server hostname. Usually, it’s the IP address you used in
the SSH call.
4. It creates a cluster record in the local configuration with name
`kubernetes-[host_name]` where `host_name` is hostname extracted on
the previous step. All the other fields like `certificate-authority-data`
and `server` are copied from the source record.
5. It tries to find a user record with name `kubernetes-admin` and when it succeeds
it creates a user record in the local configuration with name
`kubernetes-admin-[host_name]` and then copies the content of `client-certificate-data`
and `client-key-data` fields from the source.
6. It creates a context with name `kubernetes-admin-[host_name]@kubernetes-[host_name]`
using previously created cluster and user.
7. Finally, it sets the created context as the current one.
The code you can find on GitHub and the Docker image on Docker Hub.
