yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
main
doc-exports/docs/ucs/umn/ucs_01_0320.html
qiujiandong1 0a674cd795 UCS UMN initial update 20250523 version 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: qiujiandong1 <qiujiandong1@huawei.com>
Co-committed-by: qiujiandong1 <qiujiandong1@huawei.com>
2026-01-13 13:39:08 +00:00

4.2 KiB
Raw Permalink Blame History

Using kubectl to Connect to a Federation

This section describes how you can use kubectl to connect to a federation.

Permissions

When you use kubectl to connect to a federation, UCS uses kubeconfig.json generated on the federation for authentication. This file contains user information, based on which UCS determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a kubeconfig.json file vary from user to user.

Constraints

  • For security purposes, the federation API server does not have a public IP address. UCS creates an endpoint in your VPC and subnet and connects the endpoint to the federation API server for the access to the federation. For each federation, only one endpoint is created in the same VPC. If a VPC already has an endpoint for connecting to the federation API server, the endpoint will be reused.

Prerequisites

  • Before using kubectl to connect to a federation, ensure that the federation has been enabled (Enabling Cluster Federation) and is running normally.
  • Only the client in a VPC can connect to a federation using kubectl. If there is no client in the VPC, create one.
  • kubectl has been downloaded and uploaded to the client. For details about how to download kubectl, see Kubernetes releases.
  • At least the custom policy iam:clustergroups:get has been created.

Using kubectl to Connect to a Federation

  1. Log in to the UCS console and click the fleet name to access the fleet console. Then, click kubectl in Fleet Info.
  2. Select a project, VPC, master node subnet, and validity period as prompted and click Download to download the kubectl configuration file.

    The name of the downloaded file is {Fleet name}_kubeconfig.json.

  3. Install and configure kubectl on the executor.

    1. Copy kubectl and its configuration file to the /home directory on the executor in the selected VPC and subnet.
    2. Log in to your executor and configure kubectl.
      cd /home
chmod +x kubectl
mv -f kubectl /usr/local/bin
mkdir -p $HOME/.kube
mv -f <fleet-name>_kubeconfig.json $HOME/.kube/config   --Change the fleet name in the command to the actual fleet name.

Parent topic: Cluster Federation