Sunday, May 21, 2017



If you need to allow insecure connections (non-SSL) to your K8S API Server, following is how you can get this done.

First Open your API Server manifest.

sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml

Now add the following properties.

    - --insecure-bind-address=0.0.0.0
    - --insecure-port=8080

The complete kube-apiserver.yaml will look like following, (This is a fraction of the yaml file)

apiVersion: v1
kind: Pod
metadata:
  name: kube-apiserver
  namespace: kube-system
spec:
  hostNetwork: true
  containers:
  - name: kube-apiserver
    image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
    command:
    - /hyperkube
    - apiserver
    - --bind-address=0.0.0.0
    - --etcd-servers=http://192.168.57.13:2379
    - --allow-privileged=true
    - --service-cluster-ip-range=10.3.0.0/24
    - --secure-port=443
    - --insecure-bind-address=0.0.0.0
    - --insecure-port=8080
    - --advertise-address=192.168.57.12
    - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
    - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
    - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
    - --client-ca-file=/etc/kubernetes/ssl/ca.pem
    - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
    - --runtime-config=extensions/v1beta1/networkpolicies=true
    - --anonymous-auth=false

Now restart your kubelet service.

Then in the client machine export the Kubernetes Master URL

export KUBERNETES_MASTER=http://192.168.57.12:8080

And thats it now you can call your kubernetes master through a non secured channel.

Please drop a comment if you have queries.
Categories: ,

0 comments:

Post a Comment

Subscribe to RSS Feed Follow me on Twitter!