Command Line Access to Kubernetes¶
As much as possible, our goal is to remove the need to access the Kubernetes clusters via the command line or even locally installed tools. Howevever, there are times where it'll need to be used, or it might otherwise be desired. Kubernetes can be accessed using the kubectl command line tool from Windows, Mac, and Linux, and an authentication plugin called Pinniped.
Install kubectl¶
You'll need to first install the kubectl tool, following the instructions on the docs.
Windows¶
We recommend Windows users install using the winget tool, which should already be installed on your machine as part of the App Installer package
(available via the Windows Store); see the docs if you need help.
Simply open a Powershell (PS) prompt and run winget install -e --id Kubernetes.kubectl. You may need to log off and back on again,
but at a PS prompt, you should now be able to run kubectl version --client and get the version you just installed.
Install Pinniped¶
For authenticating to our clusters, we use a tool called Pinniped.
This includes a plugin for kubectl that can be downloaded and installed using the instructions on Pinniped's site.
Be sure the executable can be run with just pinniped (so Windows users would rename it from pinniped-cli-windows-amd64.exe to just pinniped.exe).
Windows¶
Download the appropriate version and add it to your PATH, or move it to a location already on the PATH, for example, cp .\Downloads\pinniped-cli-windows-amd64.exe AppData\Local\Microsoft\WindowsApps\pinniped.exe.
Get the kubeconfig file¶
The kubeconfig file tells kubectl and other local tools how to access the clusters and allows you to have multiple "contexts" that represent combinations of users, clusters, and namespaces. With the Pinniped plugin, you can download the all-clusters.yaml config file from the list below and save it locally to ~/.kube/config, the default location of a kubeconfig file.
For more advanced use cases with multiple config files, you can reference the file location in your command, kubectl --kubeconfig /tmp/all-clusters.yaml, or combine configs into a single yaml file.
Connect to VPN if not on campus¶
We keep access to the cluster APIs restricted to on-campus or the VT VPN. If you receive a timeout while trying to connect, check this first.
Connect¶
When you run your first command, the Pinniped plugin will print a link and attempt to open a browser. If you're on a machine without a browser, you can copy and paste that link into a machine that does have one. Once you've signed in, the command should complete within a few seconds:
# If you've put the config file in the default location, ~/.kube/config, you can just run
kubectl version
# If you are using a config file with multiple "contexts" like the all-clusters.yaml one, you can see a list of them with the following command:
kubectl config get-contexts
# And set that context as your default
kubectl config use-context test-pre-prod
# Contexts can also be refrenced in-line for quick switching
kubectl --context test-pre-prod get po
# If you put the file in a different location, be sure to reference it with the --kubeconfig flag
kubectl --kubeconfig ~/.kube/test-cluster.yaml version
There are a number of tools available for dealing with multiple kubeconfig files and contexts, like kubectx