yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
main
doc-exports/docs/ucs/umn/ucs_01_0320.html
qiujiandong1 0a674cd795 UCS UMN initial update 20250523 version 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: qiujiandong1 <qiujiandong1@huawei.com>
Co-committed-by: qiujiandong1 <qiujiandong1@huawei.com>
2026-01-13 13:39:08 +00:00

27 lines
4.2 KiB
HTML
Raw Permalink Blame History

<a name="ucs_01_0320"></a><a name="ucs_01_0320"></a>
<h1 class="topictitle1">Using kubectl to Connect to a Federation</h1>
<div id="body8662426"><p id="ucs_01_0320__p18658144015537">This section describes how you can use kubectl to connect to a federation.</p>
<div class="section" id="ucs_01_0320__section155504919261"><h4 class="sectiontitle">Permissions</h4><p id="ucs_01_0320__p3791155032613">When you use kubectl to connect to a federation, UCS uses <strong id="ucs_01_0320__b14148134175414">kubeconfig.json</strong> generated on the federation for authentication. This file contains user information, based on which UCS determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a <strong id="ucs_01_0320__b1775291834312">kubeconfig.json</strong> file vary from user to user.</p>
</div>
<div class="section" id="ucs_01_0320__section1667233711288"><h4 class="sectiontitle">Constraints</h4><ul id="ucs_01_0320__ul15316174873217"><li id="ucs_01_0320__li17316144893220">For security purposes, the federation API server does not have a public IP address. UCS creates an endpoint in your VPC and subnet and connects the endpoint to the federation API server for the access to the federation. For each federation, only one endpoint is created in the same VPC. If a VPC already has an endpoint for connecting to the federation API server, the endpoint will be reused.</li></ul>
</div>
<div class="section" id="ucs_01_0320__section7443191518107"><h4 class="sectiontitle">Prerequisites</h4><ul id="ucs_01_0320__ul16969111672219"><li id="ucs_01_0320__li1696961692210">Before using kubectl to connect to a federation, ensure that the federation has been enabled (<a href="ucs_01_0018.html">Enabling Cluster Federation</a>) and is running normally.</li><li id="ucs_01_0320__li13407173018541">Only the client in a VPC can connect to a federation using kubectl. If there is no client in the VPC, create one.</li><li id="ucs_01_0320__li7539163611556">kubectl has been downloaded and uploaded to the client. For details about how to download kubectl, see <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/README.md" target="_blank" rel="noopener noreferrer">Kubernetes releases</a>.</li><li id="ucs_01_0320__li13500193512015">At least the custom policy <strong id="ucs_01_0320__b1721132555816">iam:clustergroups:get</strong> has been created.</li></ul>
</div>
<div class="section" id="ucs_01_0320__section122344934510"><h4 class="sectiontitle">Using kubectl to Connect to a Federation</h4><ol id="ucs_01_0320__en-us_topic_0000001563947670_ol8533927104118"><li id="ucs_01_0320__en-us_topic_0000001563947670_li1253342794120"><span>Log in to the UCS console and click the fleet name to access the fleet console. Then, click <strong id="ucs_01_0320__b138372020523">kubectl</strong> in <strong id="ucs_01_0320__b1955442295213">Fleet Info</strong>.</span></li><li id="ucs_01_0320__en-us_topic_0000001563947670_li448015161317"><span>Select a project, VPC, master node subnet, and validity period as prompted and click <strong id="ucs_01_0320__b158611025195412">Download</strong> to download the kubectl configuration file.</span><p><p id="ucs_01_0320__p161661540122018">The name of the downloaded file is <em id="ucs_01_0320__i791311294614">{Fleet name}</em><strong id="ucs_01_0320__b318123615612">_kubeconfig.json</strong>.</p>
</p></li><li id="ucs_01_0320__li8888125835818"><span>Install and configure kubectl on the executor.</span><p><ol type="a" id="ucs_01_0320__ol4283132219620"><li id="ucs_01_0320__li1128312227615">Copy kubectl and its configuration file to the <strong id="ucs_01_0320__b79771701513">/home</strong> directory on the executor in the selected VPC and subnet.</li><li id="ucs_01_0320__li4283152211610">Log in to your executor and configure kubectl.<pre class="screen" id="ucs_01_0320__screen4372642565">cd /home
chmod +x kubectl
mv -f kubectl /usr/local/bin
mkdir -p $HOME/.kube
mv -f <em id="ucs_01_0320__i75225917307">&lt;fleet-name&gt;</em>_kubeconfig.json $HOME/.kube/config --Change the fleet name in the command to the actual fleet name.</pre>
</li></ol>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="ucs_01_0199.html">Cluster Federation</a></div>
</div>
</div>
View Git Blame Copy Permalink