starlingx/docs
Code Issues Proposed changes
Files
0aadbc62130b8b457ad2bb9731ee60f745d720b5
docs/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-installing-kubectl-and-helm-clients-directly-on-a-host.rst
Joao Victor Portal daa431e385 Updated OIDC app docs 
This commit does 2 changes in the OIDC app docs:

1) The docs were updated to be explicit about the OIDC app being
   compatible with LDAP servers and not only with the Windows Active
   Directory;
2) The page "Centralized OIDC Authentication Setup for Distributed
   Cloud" was renamed to "Centralized vs Distributed OIDC Authentication
   Setup" and was moved in the index of pages to be right below the
   first page "Overview of LDAP Servers". The idea is to use this page
   as a entry point for someone learning about the OIDC app, because
   every user must decide between a centralized and a distributed setup
   and because this page has links to all other pages except
   "Deprovision LDAP Server Authentication".

Story: 2010738
Task: 49455

Change-Id: I61c5b7f322ac8159b649c70eeaa0195d97ab12c7
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
2024-01-29 19:14:14 -03:00

119 lines
4.9 KiB
ReStructuredText
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

.. orh1571690363235
.. _kubernetes-user-tutorials-installing-kubectl-and-helm-clients-directly-on-a-host:
===================================================
Install Kubectl and Helm Clients Directly on a Host
===================================================
As an alternative to using the container-backed Remote |CLIs| for kubectl and
helm, you can install these commands directly on your remote host.
.. rubric:: |context|
Kubectl and helm installed directly on the remote host provide the best CLI
behaviour, especially for CLI commands that reference local files or require a
shell.
The following procedure shows you how to configure the :command:`kubectl` and
:command:`kubectl` clients directly on a remote host, for an admin user with
**cluster-admin clusterrole**. If using a non-admin user with only role
privileges within a private namespace, additional configuration is required in
order to use :command:`helm`.
.. rubric:: |prereq|
You will need the following information from your |prod| administrator:
.. _kubernetes-user-tutorials-installing-kubectl-and-helm-clients-directly-on-a-host-ul-nlr-1pq-nlb:
- the floating |OAM| IP address of the |prod|
- login credential information; in this example, it is the "TOKEN" for a
local Kubernetes ServiceAccount.
.. xreflink For a Windows Active Directory user, see,
|sec-doc|: :ref:`Overview of LDAP Servers <overview-of-ldap-servers>`.
- your kubernetes namespace
.. rubric:: |proc|
.. _kubernetes-user-tutorials-installing-kubectl-and-helm-clients-directly-on-a-host-steps-f54-qqd-tkb:
#. On the workstation, install the :command:`kubectl` client on an Ubuntu
host by performing the following actions on the remote Ubuntu system.
#. Install the :command:`kubectl` client CLI.
.. code-block:: none
% sudo apt-get update
% sudo apt-get install -y apt-transport-https
% curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
% echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
% sudo apt-get update
% sudo apt-get install -y kubectl
.. _security-install-kubectl-and-helm-clients-directly-on-a-host-local-configuration-context:
#. Set up the local configuration and context.
.. note::
In order for your remote host to trust the certificate used by the
|prod-long| K8s API, you must ensure that the
**k8s_root_ca_cert** provided by your |prod| administrator is a
trusted CA certificate by your host. Follow the instructions for
adding a trusted CA certificate for the operating system
distribution of your particular host.
If your administrator does not provide a **k8s_root_ca_cert**
at the time of installation, then specify
insecure-skip-tls-verify, as shown below.
.. code-block:: none
% kubectl config set-cluster mycluster --server=https://<$CLUSTEROAMIP>:6443 --insecure-skip-tls-verify
% kubectl config set-credentials dave-user@mycluster --token=$MYTOKEN
% kubectl config set-context dave-user@mycluster --cluster=mycluster --user admin-user admin-user@mycluster --namespace=$MYNAMESPACE
% kubectl config use-context dave-user@mycluster
#. Test remote :command:`kubectl` access.
.. code-block:: none
% kubectl get pods -o wide
NAME READY STATUS RE- AGE IP NODE NOMINA- READINESS
STARTS TED NODE GATES
nodeinfo-648f.. 1/1 Running 0 62d 172.16.38.83 worker-4 <none> <none>
nodeinfo-648f.. 1/1 Running 0 62d 172.16.97.207 worker-3 <none> <none>
nodeinfo-648f.. 1/1 Running 0 62d 172.16.203.14 worker-5 <none> <none>
tiller-deploy.. 1/1 Running 0 27d 172.16.97.219 worker-3 <none> <none>
#. On the workstation, install the :command:`helm` client on an Ubuntu host
by performing the following actions on the remote Ubuntu system.
#. Install :command:`helm` client.
.. code-block:: none
% wget https://get.helm.sh/helm-v2.13.1-linux-amd64.tar.gz
% tar xvf helm-v2.13.1-linux-amd64.tar.gz
% sudo cp linux-amd64/helm /usr/local/bin
In order to use :command:`helm`, additional configuration is required.
For more information, see :ref:`Configuring Remote Helm Client
<configuring-remote-helm-client>`.
**Related information**
.. seealso::
:ref:`Configuring Container-backed Remote CLIs and Clients
<kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients>`
:ref:`Using Container-backed Remote CLIs and Clients
<using-container-based-remote-clis-and-clients>`
:ref:`Configuring Remote Helm Client <configuring-remote-helm-client>`
View Git Blame Copy Permalink