Kubectl

The Kubernetes command line tool kubectl allows you to control your cluster resources.

Installation#

Reference#

• https://kubernetes.io/docs/tasks/tools/#kubectl

Prerequisites#

• A shell terminal
• A browser access to authenticate using Kubelogin from the computer where kubectl will be installed.

if you don’t have access to a browser from the computer where kubectl will be installed (example, headless server), you can install it on a computer which does and copy the .kube/config once you have been authenticated

kubectl#

Example of an installation on a linux computer (more details on the official documentation).

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client

Bash completion (recommended)#

• https://kubernetes.io/docs/tasks/tools/included/optional-kubectl-configs-bash-linux/

apt-get install bash-completion
type _init_completion
kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null

Authentication#

The OIDC authentication kubectl plugin kubelogin will ensure the SSO login to the h8lio identity provider.

1. Get the kubectl config file from your h8l.io cluster: on the dashboard clic on the name of the cluster > “Config File”
2. Create or merge with your existing [HOME]/.kube/config with the above file content
3. Install kubelogin plugin
   • https://github.com/int128/kubelogin#getting-started
   • you can also download the latest binary releases and put it beside your kubectl
4. Test your authentication by running kubelogin. This should open your browser to authenticate to h8lio once you authorize the access. This should be done only once as the authentication provide a refresh token to renew the authentication as necessary

.kube/config template#

The following code block shows the template of the config file used to authenticate to the h8lio cluster. You need to replace:

• [username]: name of the user, example: john.doe. It’s not necessary an h8lio user, only the kube-login plugin will need an existing member to authenticate.
• [namesace]: your namespace (ie. h8lio cluster: [domain]-[cluster]), example: demo-prod

current-context: [username]@[namespace].h8l.io
apiVersion: v1
kind: Config
clusters:
- name: h8l.io
  cluster:
    server: https://kube-api.h8l.io
contexts:
- name: [username]@[namespace].h8l.io
  context:
    cluster: h8l.io
    namespace: [namespace]
    user: [username]
users:
- name: [username]
  user:
    auth-provider:
      name: oidc
      config:
        client-id: jDr8XRH7rJIAGzWweTPpDQrg4Fw0sWo0
        client-secret: GPpeKulN6xeXsHC7yXxo7obzGTaDSplpFZjOU_PckbD4_de3qllSsy3ACy5XmSgh
        extra-scopes: openid profile email offline_access
        idp-issuer-url: https://id.byzaneo.io/

if you already have a .kube/config file, you can merge it by adding to it the item in the above clusters, contexts and users sections (and use kubectx to switch between contexts)

Multiple Context and/or Namespaces (optional)#

If you have multiple Kubernetes Clusters and/or Namespaces, we recommend to install respectively the command tools kubectx and kubens to easily switch between them. Please refer to the project documentation.

Usage#

Check the reference documentation of the kubectl command line: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands

Some useful commands:

• get
• logs
• exec
• port-forward

Going further…#

One kubectl installed and configured on your local machine or server to access your h8lio clusters, you will be able to install and use more tools and applications as:

• Helm
• Kustomize
• Krew and its kubectl plugins
• and more…