The Kubeconfig file contains information needed to connect to the Kubernetes cluster. In this article, we will look at how to get a Kubeconfig file to connect to the NKE-deployed Kubernetes clusters.
Before we begin, don’t forget a few things:
- In NKE, Kubeconfig authentication tokens are generated for 24 hours. With each new request, a new token is generated;
- Authentication is based on Prism Central users and groups and tokens are generated for authenticated users. In most cases, you need to configure RBAC in Kubernetes (I will cover this in the next article).
First and simplest method. Using Prism Central
On the list of NKE-deployed clusters, select a cluster and click Actions – Download Kubeconfig:
In the next window, we can download the kubeconfig file, or copy the prepared command:
If we choose the first method, we need to download a file, copy it to the machine with the kubectl utility, and set the KUBECONFIG variable.
If we copy the command, we need to connect to the machine with the kubectl utility and simply paste the command into the terminal:
The command contains a base64-encoded Kubeconfig file, creates a file based on the cluster name, and exports a KUBECONFIG variable.
Now we can perform operations with a Kubernetes cluster:
kubectl get nodes
NAME STATUS ROLES AGE VERSION
nke-vmik-test-1-1236d0-master-0 Ready control-plane,master 21d v1.25.6
nke-vmik-test-1-1236d0-worker-0 Ready node 21d v1.25.6
Second method. Using karbonctl utility
karbonctl is a powerful utility to manage NKE, and it can get a Kubeconfig file as well.
Please note: I don’t consider this method as recommended, but sometimes it can be an option.
By default, karbonctl is located on Prism Central, but we can copy it to another machine and it will work (don’t forget to update it, after updating NKE):
scp -O admin@ntnx-ce-pc.vmik.lab:/home/nutanix/karbon/karbonctl .
First, we need to login:
./karbonctl login --pc-ip ntnx-ce-pc.vmik.lab --pc-username admin
Get a list of the clusters:
./karbonctl cluster list
Name UUID Control Plane IPs (VIP) Version OS Version Status Worker IPs
nke-adv-mgmt b8f861d6-ee8c-49dd-4d92-3ec77c02b9a9 192.168.22.240 1.25.6-0 ntnx-1.5.1 kSuccess 192.168.22.241, 192.168.22.242
nke-vmik-test-1 1236d09e-1a54-4b4c-65a2-1d856e1505a0 192.168.22.235 1.25.6-0 ntnx-1.5.1 kSuccess 192.168.22.230
nke-vmik-test-2 b391318c-2faf-4d60-788c-8a42aa5a098f 192.168.22.239 1.25.6-0 ntnx-1.5.1 kSuccess 192.168.22.231
And get a Kubeconfig for the specified cluster:
./karbonctl --pc-ip ntnx-ce-pc.vmik.lab --pc-username admin cluster kubeconfig --cluster-name nke-vmik-test-2 > /root/nke-vmik-test-2.cfg
Set the KUBECONFIG variable:
export KUBECONFIG=/root/nke-vmik-test-2.cfg
Now we can perform operations with a Kubernetes cluster:
[root@k8s-admin ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
nke-vmik-test-2-b39131-master-0 Ready control-plane,master 21d v1.25.6
nke-vmik-test-2-b39131-worker-0 Ready node 21d v1.25.6
The third method – API
NKE provides APIs for most of the functions, and retrieving the kubeconfig file is one of them.
The simplest method is just to cURL the config:
curl -k --user 'admin':password' --url https://ntnx-ce-pc.vmik.lab:9440/karbon/v1/k8s/clusters/nke-vmik-test-2/kubeconfig > ./config.cfg
However, this method requires additional formatting of the resulting file.
Another, and preferred method is to script this, and here is my Python3 example. It requires requests library that should be installed:
dnf -y install python3 pip
pip install requests
The script:
import requests
import json
import os
#Nutanix cluster variables
nutanix_prism_central_addr = "ntnx-ce-pc.vmik.lab"
nutanix_prism_central_user = "admin"
nutanix_prism_central_passwd = "password"
nutanix_karbon_cluster_name = "nke-vmik-test-1"
#Main
karbon_api_url = "https://"+nutanix_prism_central_addr+":9440/karbon/v1/k8s/clusters/"+nutanix_karbon_cluster_name
session = requests.Session();
session.auth = (nutanix_prism_central_user,nutanix_prism_central_passwd)
session.verify = False
#Requesting kubeconfig from Karbon API as json
karbon_api_response = session.get(karbon_api_url + '/kubeconfig')
kube_config_json = json.loads(karbon_api_response.text)
#Saving kubeconfig into current directory
kube_config_file = open("config","w")
kube_config_file.write(kube_config_json['kube_config'])
kube_config_file.close()
The script requires editing the Prism Central address, authentication data, and NKE cluster name. As a result, we will get a config file, named simple – config.
To execute the script, run the python3 command, including the path to the script:
python3 ./ntnx_api.py
We will get a config file named simple – config. Set KUBECONFIG variable:
export KUBECONFIG=./config
Now we can access the Kubernetes cluster:
kubectl get nodes
NAME STATUS ROLES AGE VERSION
nke-vmik-test-1-1236d0-master-0 Ready control-plane,master 27d v1.25.6
nke-vmik-test-1-1236d0-worker-0 Ready node 27d v1.25.6