Running kubectl from different host (dev machine) on same local network

Question

Running kubectl from different host (dev machine) on same local network

hartmut-co-uk opened this issue 6 years ago · comments

Hi Artur, many thanks for providing and open sourcing your vagrant kubernetes home lab cluster. ✨

Following your 2 medium posts I'm now with a fully functional cluster on my old/spare notebook.

https://medium.com/kuberverse/how-to-build-a-full-kubernetes-cluster-in-your-home-lab-using-an-automated-easy-and-fancy-way-e5853ae4e08
https://medium.com/kuberverse/running-kubectl-from-outside-your-kubernetes-home-lab-cluster-f2685a3657d4

I can also access kubectl from the host directly - but I'm struggling to setup access from my developer machine (on same home network).
-> From my dev machine I can't telnet against the cluster host on port 6443.

First hurdle seems the vm NAT / port forwarding - which might be configured to be accessible from the host only, but not from external?

See output of (host machine) vboxmanage showvminfo kv-cluster-s_kv-master-0_1585266504407_24845 |grep "NIC":

Further (host machine): sudo netstat -lnp | grep tcp.*LISTEN

Also (host machine): sudo ufw status

Further I think second hurdle might be the cert generated (.kube/config) is restricted to the local vm IP 10.8.8.10.

Artur Scheiner · Answer 1 · Fri Apr 03 2020 21:06:49 GMT+0800 (China Standard Time)

Hi Hartmut,

thanks for the comments. I will, soon, write a post explaining how to access the environment from an another/dev machine on the same network. The configuration is relativaly simple.

But, before going a little deep on troubleshooting ufw/nat/Virtualbox. Let's try one step first OK?

Please, refer to the Steps described in this post,

https://medium.com/kuberverse/running-kubectl-from-outside-your-kubernetes-home-lab-cluster-f2685a3657d4

with some extra steps:

On your dev machine, create a .kube directory on your homedir
Now go to the directory, on your kubernetes home lab computer (host), where you've provisioned your cluster and copy the "config" file to the .kube directory of your "dev machine"
Edit the hosts file of your "dev machine", the same way as described on the post but rather than use the address 10.8.8.50, you will use the address of your kubernetes interface, facing your network;
run kubectl get nodes -o wide and see the results;

Regards,

Artur Scheiner

Artur Scheiner · Answer 2 · Fri Apr 03 2020 21:34:34 GMT+0800 (China Standard Time)

Hartmut,

How many masters are you provisioning?

Thanks,

Artur

Artur Scheiner · Answer 3 · Fri Apr 03 2020 23:44:11 GMT+0800 (China Standard Time)

Hartmut,

as you mention the address 10.8.8.10 above, I suppose you're running a 1 master cluster. Bellow you can find the needed steps:

On your dev machine, create a .kube directory on your homedir
Now go to the directory, on your kubernetes home lab computer (host), where you've provisioned your cluster and copy the ".kube/config" file to the .kube directory of your "dev machine"
Edit ~/.kube/config file in the "dev machine" and change the line "server: https://10.8.8.10:6443" to "server: https://kv-master.lab.local"
Edit the hosts file of your "dev machine", the same way as described on the post but rather than use the address 10.8.8.10, you will use the address of your kubernetes cluster interface (the one facing your internal/local network 192.168.1.XX)
On your "dev machine" run "kubectl get nodes -o wide" and see the results;

PS: I will review all the steps, update the post and create a new post explaining how to accomplish this task. Thanks for your feedback.

Regards,

Artur

Hartmut · Answer 4 · Sat Apr 04 2020 00:43:28 GMT+0800 (China Standard Time)

Hi @arturscheiner thanks for your reply. Confirm 1 master cluster, 2 nodes.
I've already had all 4 points done - though shouldn't item 4 be with port 6443?

server: https://kv-master.lab.local:6443

It's not working though - kubectl freezes / times out. I also can't telnet...

From the host machine everything's fine..

As mentioned on the cluster host machine I already have exposed the port - so it should be the virtualbox master vm NAT / port forwarding?

I've tried to change the port forwarding via VBoxManage modifyvm kv-cluster-s_kv-master-0_1585266504407_24845 --natpf1 "tcp6443,tcp,127.0.0.1,6443,,6443" (after deleting the existing rule first) which did look promising:

But no success - also I noticed after bringing the vm back up the modified rule was reverted back to original setup. Could this be vagrant's doing?

Hartmut · Answer 5 · Sat Apr 04 2020 00:46:07 GMT+0800 (China Standard Time)

Do I need to change setting in Vagrantfile?
master.vm.network "forwarded_port", guest: 6443, host: 6443

Hartmut · Answer 6 · Sat Apr 04 2020 02:45:43 GMT+0800 (China Standard Time)

OMG I recently moved and am on a different network range.. 192.168.2.0/24
so the only cause was my ufw firewall config...

Everything working fine now.. 😅
Thanks for your help anyway!

Artur Scheiner · Answer 7 · Sat Apr 04 2020 07:02:24 GMT+0800 (China Standard Time)

Hey Hartmut,

you're right the config should have the line like this... server: https://kv-master.lab.local:6443

Based on the kubectl output on your "dev machine", it seems to me that you´re having an "ip routing issue"...

Artur Scheiner · Answer 8 · Sat Apr 04 2020 07:10:54 GMT+0800 (China Standard Time)

Hartmut,

early today, I left the response window open... and just got back the computer to finish my answer and start to create a new lab to try to reproduce your problem, but as soon I´ve saved my response, the browser updated and showed your last message.

Nice to hear that now it's working! Thanks for your feedback! Please, feel free to contact me.

Best Regards,

Artur