Prerequisites
-
Before attempting to connect to the Kubernetes cluster, ensure that you have correctly exposed the Kubernetes API to outside the DC/OS cluster. This can be achieved, for example, by following the steps described in Exposing the Kubernetes API.
-
Also ensure that
kubectl
is installed and available in the terminal session. If you installed the Kubernetes package through the DC/OS UI, you will also need to install thedcos kubernetes
CLI:dcos package install kubernetes --cli
-
Ensure that
dcos
is adequately configured to access the desired DC/OS cluster before proceeding.
Without TLS verification
In order to configure kubectl
to access the Kubernetes API without validating the presented TLS certificate, run the following command, replacing https://kube-apiserver.example.com:6443
with the URL at which the Kubernetes API is exposed to outside the DC/OS cluster:
dcos kubernetes cluster kubeconfig \
--cluster-name=CLUSTER-NAME \
--apiserver-url https://kube-apiserver.example.com:6443 \
--insecure-skip-tls-verify
With TLS verification
In order to configure kubectl
to access the Kubernetes API while validating the presented TLS certificate run the dcos kubernetes cluster kubeconfig
command.
Use ca.crt
for the path to the CA certificate that signed the certificate used to expose the Kubernetes API.
Replace https://kube-apiserver.example.com:6443
with the URL at which the Kubernetes API is exposed to outside the DC/OS cluster.
dcos kubernetes cluster kubeconfig \
--cluster-name=CLUSTER-NAME \
--apiserver-url https://kube-apiserver.example.com:6443 \
--path-to-custom-ca ca.pem
From this point on, any kubectl
calls should simply work, depending on the Kubernetes API authorization mode configured and the permissions given to the user’s Kubernetes service account.
Managing multiple clusters
To interact with multiple Kubernetes clusters, kubectl
supports contexts, a group of access parameters that defines how to connect to a cluster.
To create the DC/OS Kubernetes config without switching the context, run:
$ dcos kubernetes cluster kubeconfig \
--cluster-name=CLUSTER-NAME \
--apiserver-url https://kube-apiserver.example.com:6443 \
--path-to-custom-ca ca.pem \
--no-activate-context
kubeconfig context 'kube-apiserver-example-com6443' created successfully
To switch to the DC/OS Kubernetes cluster context, run:
$ kubectl config use-context kube-apiserver-example-com6443
Switched to context "kube-apiserver-example-com6443".
Or specify the context when running commands:
$ kubectl get nodes --context=kube-apiserver-example-com6443
NAME STATUS ROLES AGE VERSION
kube-control-plane-0-instance.kubernetes-cluster.mesos Ready master 44m v1.17.7
kube-node-0-kubelet.kubernetes-cluster.mesos Ready <none> 43m v1.17.7
By default, the kubeconfig context name is derived from the value of the --apiserver-url
flag. To make the context name easier to remember and switch between, you can specify a name by using the --context-name
flag:
$ dcos kubernetes cluster kubeconfig \
--cluster-name=CLUSTER-NAME \
--apiserver-url https://kube-apiserver.example.com:6443 \
--path-to-custom-ca ca.pem \
--context-name=my-context