If you need to allow insecure connections (non-SSL) to your K8S API Server, following is how you can get this done.
First Open your API Server manifest.
sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml
Now add the following properties.
- --insecure-bind-address=0.0.0.0
- --insecure-port=8080
The complete kube-apiserver.yaml will look like following, (This is a fraction of the yaml file)
apiVersion: v1
kind: Pod
metadata:
name: kube-apiserver
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-apiserver
image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
command:
- /hyperkube
- apiserver
- --bind-address=0.0.0.0
- --etcd-servers=http://192.168.57.13:2379
- --allow-privileged=true
- --service-cluster-ip-range=10.3.0.0/24
- --secure-port=443
- --insecure-bind-address=0.0.0.0
- --insecure-port=8080
- --advertise-address=192.168.57.12
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
- --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
- --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --client-ca-file=/etc/kubernetes/ssl/ca.pem
- --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --runtime-config=extensions/v1beta1/networkpolicies=true
- --anonymous-auth=false
Now restart your kubelet service.
Then in the client machine export the Kubernetes Master URL
Then in the client machine export the Kubernetes Master URL
export KUBERNETES_MASTER=http://192.168.57.12:8080
And thats it now you can call your kubernetes master through a non secured channel.
Please drop a comment if you have queries.
0 comments:
Post a Comment