Connecting to a Cluster

Last updated: 2020-02-19 19:37:12


Operation scene

This document describes how to connect to an elastic cluster from a local client machine through the Kubernetes command line tool Kubectl.


  • Please install curl software.
  • Please select an appropriate way to obtain kubectl based on the OS type:

Corresponding to the version you are actually using, change the v1.14.5 Replace with the version of Kubectl required by the business.

  • Mac OS system
    Execute the following command on the terminal to get the Kubectl tool.
curl -LO
  • Linux system
    Execute the following command on the terminal to get the Kubectl tool.
curl -LO
  • Windows system
    Get the Kubectl tool by executing the following command from the command line tool.
curl -LO

Operation step

Install Kubectl tools

  1. Refer to Installing and Setting up kubectl To install the Kubectl tool
  • If you have already installed the Kubectl tool, ignore this step.
  • This step takes the Linux system as an example.
    2。 Execute the following command in turn to add and execute Permission.
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
  1. Execute the following command to test the installation results.
kubectl version

If the output is similar to the following version information, the installation is successful.

Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.5", GitCommit:"0e9fcb426b100a2aea5ed5c25b3d8cfbb01a8acf", GitTreeState:"clean", BuildDate:"2019-08-05T09:21:30Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"windows/amd64"}

Obtain the cluster account password and certificate information

  1. Log in to the TKE console and select [in Left sidebar] Elastic cluster ].
  2. On the "Elastic clusters" list page, click the cluster ID, you want to connect to to go to the management page of the cluster.
  3. Select "basic Information" in Left sidebar to go to the "basic Information" page of the cluster. as shown below:
  1. In basic Information, click [Show credential] in Cluster credential.
  2. In the pop-up "Cluster credential" window, do the following according to the actual needs.
  • Get the user name, password and certificate information, and click "copy" or "download" to save the cluster CA certificate locally.
  • Open the public network or the address of private network and Access, and connect to the cluster:
    • Access directly in the cluster "Access address of Public Network" and "address of private network and Access" remain at their default values, that is, they are turned off. You can execute Kubectl commands directly on hosts in the cluster without any configuration.
    • Get public network Access Entry Set the "Access address of public network" to [enabled], please refer to Use Kubectl to operate the cluster through certificate information Directly use the public network Access address for Access.
    • Get VPC private network Access Entry Set "private network Access address" to "enabled". You need to specify the private network and Access subnet of Apiserver. Make sure that the selected subnet has remaining IP. After the configuration is complete, please refer to the Use Kubectl to operate the cluster through certificate information Directly use the address of private network Access for Access.

Use Kubectl to operate the cluster through certificate information

Single Kubectl operation request with certificate information

This method is suitable for a single operation of the cluster, and there is no need to save the certificate information of the container cluster to the machine for a long time.

Request method:
The format of the Kubectl command parameters is as follows:

-s "Domain name information" --username=username --password=password --certificate-authority=Certificate path
  • Domain Info The public network or VPC private network Access address that has been obtained.
  • Username : default admin .
  • Password In the "Cluster credential" window token , already in Step 5 Get in the.
  • **Certificate path: refers to Cluster CA in the "Cluster Credentials" window obtained in step 5.

Execute the following command to get the cluster node information.

kubectl get node -s "" --username=admin --password=6666o9oIB2gHD88882quIfLMy6666 --certificate-authority=/etc/kubernetes/cluster-ca.crt

Modify the Kubectl configuration file, which is valid for a long time.

This method is suitable for long-term operation of the cluster through Kubectl, and it can be effective for a long time only once and without modifying the file.

  1. Refer to the following command to set the password and certificate information in the Kubectl configuration file.
kubectl config set-credentials default-admin --username=admin --password=6666o9oIB2gHD88882quIfLMy6666
kubectl config set-cluster default-cluster --server= --certificate-authority=/etc/kubernetes/cluster-ca.crt
kubectl config set-context default-system --cluster=default-cluster --user=default-admin
kubectl config use-context default-system
  1. When the configuration is complete, execute the following command to get the node node information.
kubectl get namespaces

A message similar to the following is returned, which indicates that the configuration is successful.

NAME         STATUS    AGE
default      Active    11d
kube-system  Active    11d

Set Kubectl command automatic completion

You can configure kubectl autocomplete to improve usability by running the following command.

source <(kubectl completion bash)