From beccd076367d22f83fd2bde7f254a9fab8ce784e Mon Sep 17 00:00:00 2001 From: "marcoemi.poleggi" <marco-emilio.poleggi@hesge.ch> Date: Fri, 1 Nov 2024 10:59:45 +0100 Subject: [PATCH] Update README.md with tips and tricks --- README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/README.md b/README.md index 84c4f23..ff8864c 100644 --- a/README.md +++ b/README.md @@ -302,3 +302,33 @@ Destroy you cluster. Snapshot your VM for further use and terminate it. + +## Tips and tricks + +### Controlling your cluster from a remote console + +KinD is not designed to be operated remotely because its security is quite limited. Indeed KinD's +[API frontend](https://kind.sigs.k8s.io/docs/user/configuration/#api-server) listens by default to a local address/port. +However it is possible to [set up an SSH "tunnel"](https://www.ssh.com/academy/ssh/tunneling-example) over which to +[convey control commands from your workstation](https://github.com/kubernetes-sigs/kind/issues/3417): + +1. Install `kubectl` on your workstation. +1. Open an SSH tunnel to the instance *from your workstation* (mind that 6443 is the standard kubectl port): + ```bash + workstation$ ssh -i YOUR_KEY -o IdentitiesOnly=yes -L 6443:localhost:6443 INSTANCE_USER@INSTANCE_IP + ``` +1. Add to your KinD config file `kind-config.yaml` the following snippet that fixes the API port: + ```yaml + networking: + apiServerPort: 6443 + ``` +1. Recreate your cluster with the new config above. +1. Leave the SSH tunnel connection open! Switch to a different *local* terminal and import the remote cluster config: + ```bash + workstation$ scp -i YOUR_KEY -o IdentitiesOnly=yes INSTANCE_USER@INSTANCE_IP:~/.kube/config ~/.kube/ + ``` + Now, you should be able to send commands over the tunnel, e.g.: + ```bash + workstation$ kubectl get services + ``` + \ No newline at end of file -- GitLab