Nutanix Kubernetes Engine (NKE): Day-two operations. How to get a Kubeconfig file?

The Kubeconfig file contains information needed to connect to the Kubernetes cluster. In this article, we will look at how to get a Kubeconfig file to connect to the NKE-deployed Kubernetes clusters.

Before we begin, don’t forget a few things:

  1. In NKE, Kubeconfig authentication tokens are generated for 24 hours. With each new request, a new token is generated;
  2. Authentication is based on Prism Central users and groups and tokens are generated for authenticated users. In most cases, you need to configure RBAC in Kubernetes (I will cover this in the next article).

First and simplest method. Using Prism Central

On the list of NKE-deployed clusters, select a cluster and click Actions – Download Kubeconfig:

In the next window, we can download the kubeconfig file, or copy the prepared command:

If we choose the first method, we need to download a file, copy it to the machine with the kubectl utility, and set the KUBECONFIG variable.

If we copy the command, we need to connect to the machine with the kubectl utility and simply paste the command into the terminal:

The command contains a base64-encoded Kubeconfig file, creates a file based on the cluster name, and exports a KUBECONFIG variable.

Now we can perform operations with a Kubernetes cluster:

kubectl get nodes
NAME                              STATUS   ROLES                  AGE   VERSION
nke-vmik-test-1-1236d0-master-0   Ready    control-plane,master   21d   v1.25.6
nke-vmik-test-1-1236d0-worker-0   Ready    node                   21d   v1.25.6

Second method. Using karbonctl utility

karbonctl is a powerful utility to manage NKE, and it can get a Kubeconfig file as well.

Please note: I don’t consider this method as recommended, but sometimes it can be an option.

By default, karbonctl is located on Prism Central, but we can copy it to another machine and it will work (don’t forget to update it, after updating NKE):

scp -O admin@ntnx-ce-pc.vmik.lab:/home/nutanix/karbon/karbonctl .

First, we need to login:

./karbonctl login --pc-ip ntnx-ce-pc.vmik.lab --pc-username admin

Get a list of the clusters:

./karbonctl cluster list
Name               UUID                                    Control Plane IPs (VIP)    Version     OS Version    Status      Worker IPs
nke-adv-mgmt       b8f861d6-ee8c-49dd-4d92-3ec77c02b9a9    192.168.22.240               1.25.6-0    ntnx-1.5.1    kSuccess    192.168.22.241, 192.168.22.242
nke-vmik-test-1    1236d09e-1a54-4b4c-65a2-1d856e1505a0    192.168.22.235               1.25.6-0    ntnx-1.5.1    kSuccess    192.168.22.230
nke-vmik-test-2    b391318c-2faf-4d60-788c-8a42aa5a098f    192.168.22.239               1.25.6-0    ntnx-1.5.1    kSuccess    192.168.22.231

And get a Kubeconfig for the specified cluster:

./karbonctl --pc-ip ntnx-ce-pc.vmik.lab --pc-username admin cluster kubeconfig --cluster-name nke-vmik-test-2 > /root/nke-vmik-test-2.cfg

Set the KUBECONFIG variable:

export KUBECONFIG=/root/nke-vmik-test-2.cfg

Now we can perform operations with a Kubernetes cluster:

[root@k8s-admin ~]# kubectl get nodes
NAME                              STATUS   ROLES                  AGE   VERSION
nke-vmik-test-2-b39131-master-0   Ready    control-plane,master   21d   v1.25.6
nke-vmik-test-2-b39131-worker-0   Ready    node                   21d   v1.25.6

The third method – API

NKE provides APIs for most of the functions, and retrieving the kubeconfig file is one of them.

The simplest method is just to cURL the config:

curl -k --user 'admin':password' --url https://ntnx-ce-pc.vmik.lab:9440/karbon/v1/k8s/clusters/nke-vmik-test-2/kubeconfig > ./config.cfg

However, this method requires additional formatting of the resulting file.

Another, and preferred method is to script this, and here is my Python3 example. It requires requests library that should be installed:

dnf -y install python3 pip
pip install requests

The script:

import requests
import json
import os

#Nutanix cluster variables
nutanix_prism_central_addr = "ntnx-ce-pc.vmik.lab"
nutanix_prism_central_user = "admin"
nutanix_prism_central_passwd = "password"
nutanix_karbon_cluster_name = "nke-vmik-test-1"

#Main
karbon_api_url = "https://"+nutanix_prism_central_addr+":9440/karbon/v1/k8s/clusters/"+nutanix_karbon_cluster_name

session = requests.Session();
session.auth = (nutanix_prism_central_user,nutanix_prism_central_passwd)
session.verify = False

#Requesting kubeconfig from Karbon API as json
karbon_api_response = session.get(karbon_api_url + '/kubeconfig')
kube_config_json = json.loads(karbon_api_response.text)

#Saving kubeconfig into current directory
kube_config_file = open("config","w")
kube_config_file.write(kube_config_json['kube_config'])
kube_config_file.close()

The script requires editing the Prism Central address, authentication data, and NKE cluster name. As a result, we will get a config file, named simple – config.

To execute the script, run the python3 command, including the path to the script:

python3 ./ntnx_api.py

We will get a config file named simple – config. Set KUBECONFIG variable:

export KUBECONFIG=./config

Now we can access the Kubernetes cluster:

kubectl get nodes
NAME                              STATUS   ROLES                  AGE   VERSION
nke-vmik-test-1-1236d0-master-0   Ready    control-plane,master   27d   v1.25.6
nke-vmik-test-1-1236d0-worker-0   Ready    node                   27d   v1.25.6

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *