Skip to content

Instantly share code, notes, and snippets.

@superseb superseb/README.md
Last active Jul 20, 2019

Embed
What would you like to do?
Retrieve kubeconfig from RKE or Rancher 2 custom cluster controlplane node for RKE v0.1.x and Rancher v2.0.x and Rancher v2.1.x

Retrieve kubeconfig from RKE v0.1.x or Rancher v2.0.x/v2.1.x custom cluster controlplane node

For RKE v0.2.x and Rancher v2.2.x, see https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b

Applicable for:

  • RKE v0.1.x
  • Rancher v2.0.x
  • Rancher v2.1.x

Oneliner (RKE and Rancher custom cluster)

If you know what you are doing (requires kubectl and jq on the node).

kubectl --kubeconfig $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl/kubecfg-kube-node.yaml get secret -n kube-system kube-admin -o jsonpath={.data.Config} | base64 -d | sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://127.0.0.1:6443\"_" > kubeconfig_admin.yaml
kubectl --kubeconfig kubeconfig_admin.yaml get nodes

Docker run commands (Rancher custom cluster)

To be executed on nodes with controlplane role, this uses the rancher/rancher-agent image to retrieve the kubeconfig.

Get kubeconfig

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=io.cattle.agent=true) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml get secret -n kube-system kube-admin -o jsonpath={.data.Config} | base64 -d | sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://127.0.0.1:6443\"_"' > kubeconfig_admin.yaml

Run kubectl get nodes

docker run --rm --net=host -v $PWD/kubeconfig_admin.yaml:/root/.kube/config --entrypoint bash $(docker inspect $(docker images -q --filter=label=io.cattle.agent=true) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl get nodes'

Script

Run rke-node-kubeconfig.sh and follow instructions given

#!/usr/bin/env bash
PRIVATE_REGISTRY="$1/"
# Check if controlplane node (kube-apiserver)
CONTROLPLANE=$(docker ps -q --filter=name=kube-apiserver)
# Get agent image from Docker images
RANCHER_IMAGE=$(docker inspect $(docker images -q --filter=label=io.cattle.agent=true) --format='{{index .RepoTags 0}}' | tail -1)
if [ -z $RANCHER_IMAGE ]; then
RANCHER_IMAGE="${PRIVATE_REGISTRY}rancher/rancher-agent:v2.1.3"
fi
if [ -d /opt/rke/etc/kubernetes/ssl ]; then
K8S_SSLDIR=/opt/rke/etc/kubernetes/ssl
else
K8S_SSLDIR=/etc/kubernetes/ssl
fi
docker run --rm --net=host -v $K8S_SSLDIR:/etc/kubernetes/ssl:ro --entrypoint bash $RANCHER_IMAGE -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml get secret -n kube-system kube-admin -o jsonpath={.data.Config} | base64 -d | sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://127.0.0.1:6443\"_"' > kubeconfig_admin.yaml
if [ -s kubeconfig_admin.yaml ]; then
if [ -z $CONTROLPLANE ]; then
echo "This is supposed to be run on a node with the 'controlplane' role as it will try to connect to https://127.0.0.1:6443"
echo "You can manually change the 'server:' parameter inside 'kubeconfig_admin.yaml' to point to a node with the 'controlplane' role"
fi
echo "Kubeconfig is stored at kubeconfig_admin.yaml"
echo "You can use on of the following commands to use it:"
echo "docker run --rm --net=host -v $PWD/kubeconfig_admin.yaml:/root/.kube/config --entrypoint bash $RANCHER_IMAGE -c 'kubectl get nodes'"
echo "kubectl --kubeconfig kubeconfig_admin.yaml get nodes"
else
echo "Failed to retrieve kubeconfig"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.