starlingx/docs
Code Issues Proposed changes
47040fa69b
docs/doc/source/security/kubernetes/end-user-configure-k8s-remote-cli-fad235bb7a18.rst
Suzana Fernandes 9fa54fe44e Create Security Guide Reference 
Change-Id: I1cfdc44fb72907e9e34294194084c59e29d8d80a
Signed-off-by: Suzana Fernandes <Suzana.Fernandes@windriver.com>
2024-11-01 18:01:33 +00:00

2.8 KiB
Raw Blame History

End User - Configure Kubernetes Remote CLI

Configure the kubernetes remote on your Linux-based system to enable access to the system kubernetes remote commands.

This procedure should be performed on your Linux-based system.

  • You need to have a Linux-based system with python installed.
  • You need to have the stx-remote-access.tar file from your system administrator, containing system information related to your system.

  1. Install the kubectl client CLI on the host.

    Follow the instructions on Install and Set Up kubectl on Linux <https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/>.

    The example below can be used for Ubuntu.

    $ sudo curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
$ sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

  2. Download the oidc-auth shell script from site and install python mechanize.

    $ wget`https://mirror.starlingx.cengn.ca/mirror/starlingx/master/debian/monolithic/latest_build/outputs/remote-cli/ <https://mirror.starlingx.cengn.ca/mirror/starlingx/master/debian/monolithic/latest_build/outputs/remote-cli/stx-remote-cli-1.0.tgz>`__\ oidc-auth
$ chmod a+rx oidc-auth

$ sudo apt install python3-pip
$ sudo pip install mechanize

  3. Extract the system information from the stx-remote-access-info.tar file from your system administrator.

    # Files from your StarlingX System Administrator
$ ls ~/stx-remote-access-info.tar

$ tar xvf ~/stx-remote-access-info.tar

  4. Update the KUBECONFIG file.

    $ mkdir ~/.kube
$ cp ~/stx-remote-access-info/kubeconfig ~/.kube/config
$ vi ~/.kube/config
   // and change YOURUSERNAMEHERE to your StarlingX LDAP Username, everywhere in file

# Add ~/stx-remote-access-info/stx.ca.crt to the list of Trusted CA 
#       e.g. commands shown for ubuntu below
$ sudo cp ~/stx-remote-access-info/stx.ca.crt /usr/local/share/ca-certificates
$ sudo update-ca-certificates

# Authenticate with OIDC/LDAP on StarlingX ... and token will be put in ~/.kube/config
$ ./oidc-auth -u <StarlingX-LDAP-Username> -c <OAM-FLOATING-IP>

Access the kubernetes remote .

See end-user-access-k8s-remote-cli-7bb5b71ed604.