This document shows how to connect a local client to a TKE cluster by using kubectl, a Kubernetes command line tool.
Note
To improve access security and stability of TKE clusters, TKE plans to officially discontinue the domain name “cls-xxx.ccs.tencent-cloud.com” from August 10, 2022 (UTC +8).
TKE will upgrade the cluster access from July 20, 2022 (UTC +8). After the upgrade, a new architecture will be used when you enable public/private network access for a cluster. Please re-enable cluster access during July 20 to August 10 to migrate to the new architecture (the migration is required for existing clusters). For details, see Enabling Cluster Access and Obtaining Kubeconfig.
Differences between the old and new architectures are listed below. Cluster access APIs are compatible with the new architecture. You can migrate to the new architecture by calling the APIs. Please make adaption before July 20, 2022 (UTC +8) if you plan to call the APIs.
1. The public network resolution feature is not available under the new architecture. You can pass in a domain name, for which a security signature will be provided. To ensure access security, you must configure the public network resolution on your own.
2. When enabling public network access under the new architecture, you must set a security group to configure access control polices.
3. When enabling public network access under the new architecture, a public CLB is created under your account. For pricing of public CLB, see Billing for Bill-by-IP Accounts.
Solution 1. Connecting to a Cluster via Cloud Shell
TKE integrates Tencent Cloud's Cloud Shell. You can implement the capability to quickly connect to a cluster in the Tencent Cloud console and use kubectl to flexibly manage clusters.
Directions
Step 1. Enable public network access
1. Log in to the TKE console and select Cluster in the left sidebar.
2. On the Cluster Management page, select the region where the target cluster resides and click the ID of the cluster to go to the cluster details page.
3. On the cluster basic information page, check whether cluster access is enabled.
4. Click
to enable public network access. You need to configure relevant parameters to enable public network access.
Security group: A public CLB is automatically assigned after the public network access is enabled. You can configure access control policies via a security group. We will bind the security group to the public CLB to control access.
ISP type, Network billing mode, Bandwidth cap: Configure these parameters based on your actual needs. For more information, see Creating CLB Instances.
Access type: If you select Public domain name, you need to pass in a custom domain name, for which we will provide a security signature. You must configure public network resolution on your own. If you select the default CLB domain name, you do not need to manually configure operations such as domain name resolution.
5. Check that public network access is enabled. See the figure below:
Step 2. Use Cloud Shell to connect to the cluster
1. Log in to the TKE console and select Cluster in the left sidebar.
2. On the Cluster Management page, select the region where the target cluster resides, and select More > Connect to a Cluster. See the figure below:
3. The Cloud Shell entry is displayed at the lower part of the console. You can directly enter a kubectl command in the command box.
Solution 2. Connecting to a Cluster via a Local Computer
1. Install kubectl as instructed in Installing and Setting up kubectl. You can select an appropriate way to obtain kubectl based on the OS type:
Note
If you have already installed kubectl, skip this step.
Replace "v1.18.4" in the command line with the kubectl version required by your application based on actual needs. The version of kubectl on the client must be consistent with the latest version of Kubernetes on the service end. You can check the Kubernetes version on the Cluster information section of the Basic information page.
1. Log in to the TKE console and select Cluster in the left sidebar.
2. On the Cluster Management page, select the region where the target cluster resides and click the ID/name of the cluster to go to the cluster details page.
3. On the cluster basic information page, check whether cluster access is enabled.
Enabling public network access
Enabling private network access
You need to configure relevant parameters to enable the public network access.
Security group: A public CLB is automatically assigned after the public network access is enabled. You can configure access control policies via a security group. We will bind the security group to the public CLB to control access.
ISP type, Network billing mode, Bandwidth cap: Configure these parameters based on your actual needs. For more information, see Creating CLB Instances.
Access type: If you select Public domain name, you need to pass in a custom domain name, for which we will provide a security signature. You must configure public network resolution on your own. If you select the default CLB domain name, you do not need to manually configure operations such as domain name resolution.
You need to configure relevant parameters to enable private network access.
Subnet: It is disabled by default. To enable the private network access, you need to configure a subnet. IP addresses are assigned from the configured subnet after the private network access is successfully enabled.
Access type: If Private domain name is selected, you need to pass in a custom domain name, for which we will provide a security signature. You must configure private network resolution on your own. If Private IP is selected, we will assign a private IP and provide a security signature for it.
Using the service IP address of Kubernetes: On the cluster details page, select Service and route > Service in the left sidebar to obtain the service IP address of Kubernetes in the default namespace. Replace the clusters.cluster.server field in the Kubeconfig file with https://<IP>:443. Note: Kubernetes service is under the ClusterIP mode and is only applicable to access within the cluster.
Step 3. Obtain kubeconfig
TKE provides two types of KubeConfig for use in public network access and private network access, respectively. After the cluster access is enabled, you can follow the steps below to obtain the corresponding Kubeconfig:
1. Check “Cluster APIServer information” on the “Basic information” page of the cluster.
2. Copy or download Kubeconfig under the corresponding access type, or check the security group, access domain name (configured when the access is enabled) and access IP for the public network access.
Step 4. Configure kubeconfig and access the Kubernetes cluster
1. Configure the cluster credential as needed.
Before configuration, check whether the access credential for any cluster has been configured on the current client.
If no, the ~/.kube/config file is empty, and you can copy the obtained kubeconfig access credential to the file. If the ~/.kube/config file does not exist on the client, you can create one.
If yes, you can download the obtained kubeconfig to a specified location and run the following commands in sequence to merge the config files of multiple clusters.
3. Run the following command to check whether the cluster can be accessed.
kubectl get node
If you cannot connect to the cluster, check whether public network access or private network access is enabled, and ensure that the access client is in the specified network environment.
Notes
Introduction to the kubectl CLI
Kubectl is a CLI tool for performing operations on Kubernetes clusters. This document covers the kubectl syntax, common command operations, and examples. For more information on each command (including all main commands and sub-commands), see the kubectl reference document or run the kubectl help command to view help information.
Yes
No
Was this page helpful?