Remote k8s with docker-desktop using an SSH tunnel

remote-desktop.md

Remote Kubernetes using SSH

My setup is using a Macmini with Docker for Desktop installed and with the Kubernetes option enabled. The main objective of the setup: use kubectl directly without any additional flags from my local computer, accessing/interacting the remote k8s instance

Ensure SSH is setup with key-based authentication

Copy public key to the remote authorized_keys file

cat ~/.ssh/id_rsa.pub | ssh admin@macmini-server 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys'

Update kubeconfig

So that the local can read the remote using same ports and localhost. The remote k8s server will have a server: directive similar to:

    server: https://kubernetes.docker.internal:6443

Locally, this needs to be updated to:

    server: https://localhost:6443

Note: Not entirely sure if the config needs to be copied over (remote to local) wholesale, but I did in this case and it works fine.

Create SSH tunnel

Without going into the background:

ssh -N4 -L 6443:127.0.0.1:6443 admin@macmini-server

Use -f to send the tunnel into the background:

ssh -N4 -L 6443:127.0.0.1:6443 admin@macmini-server

Flags explained:

-N: does not require a command to run, just creates the tunnel 4: forces IPV4 only -L: What port+address to listen for. The mapping is LOCAL_PORT:LOCAL_IP:REMOTE_PORT

On OSX remote servers only

Make sure to update SSH. Edit /etc/ssh/sshd_config and uncomment:

PermitUserEnvironment no

Edit ~/.ssh/environment of the user that you'll log into and add the PATH:

PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin

Restart the SSHD daemon (OSX):

$ ps -ef | grep sshd | grep -v grep |  awk {'print $2'} | sudo xargs kill -HUP