My setup is using a Macmini with Docker for Desktop installed and with the Kubernetes option enabled. The main objective of the setup: use kubectl
directly without any additional flags from my local computer, accessing/interacting the remote k8s instance
Copy public key to the remote authorized_keys
file
cat ~/.ssh/id_rsa.pub | ssh admin@macmini-server 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys'
So that the local can read the remote using same ports and localhost. The remote k8s server will have a server:
directive similar to:
server: https://kubernetes.docker.internal:6443
Locally, this needs to be updated to:
server: https://localhost:6443
Note: Not entirely sure if the config needs to be copied over (remote to local) wholesale, but I did in this case and it works fine.
Without going into the background:
ssh -N4 -L 6443:127.0.0.1:6443 admin@macmini-server
Use -f
to send the tunnel into the background:
ssh -N4 -L 6443:127.0.0.1:6443 admin@macmini-server
Flags explained:
-N
: does not require a command to run, just creates the tunnel
4
: forces IPV4 only
-L
: What port+address to listen for. The mapping is LOCAL_PORT:LOCAL_IP:REMOTE_PORT
Make sure to update SSH. Edit /etc/ssh/sshd_config
and uncomment:
PermitUserEnvironment no
Edit ~/.ssh/environment
of the user that you'll log into and add the PATH:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin
Restart the SSHD daemon (OSX):
$ ps -ef | grep sshd | grep -v grep | awk {'print $2'} | sudo xargs kill -HUP