If you need to allow insecure connections (non-SSL) to your K8S API Server, following is how you can get this done.
First Open your API Server manifest.
sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml
Now add the following properties.
- --insecure-bind-address=0.0.0.0 - --insecure-port=8080
The complete kube-apiserver.yaml will look like following, (This is a fraction of the yaml file)
apiVersion: v1 kind: Pod metadata: name: kube-apiserver namespace: kube-system spec: hostNetwork: true containers: - name: kube-apiserver image: quay.io/coreos/hyperkube:v1.6.1_coreos.0 command: - /hyperkube - apiserver - --bind-address=0.0.0.0 - --etcd-servers=http://192.168.57.13:2379 - --allow-privileged=true - --service-cluster-ip-range=10.3.0.0/24 - --secure-port=443 - --insecure-bind-address=0.0.0.0 - --insecure-port=8080 - --advertise-address=192.168.57.12 - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem - --client-ca-file=/etc/kubernetes/ssl/ca.pem - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem - --runtime-config=extensions/v1beta1/networkpolicies=true - --anonymous-auth=false
Now restart your kubelet service.
Then in the client machine export the Kubernetes Master URL
Then in the client machine export the Kubernetes Master URL
export KUBERNETES_MASTER=http://192.168.57.12:8080
And thats it now you can call your kubernetes master through a non secured channel.
Please drop a comment if you have queries.
0 comments:
Post a Comment