1. How to access the remote cluster locally
During development, you need to connect to the remote Kubernetes cluster directly. The usual practice is to copy /etc/kubernetes/admin.conf to the local ~/.kube/kubeconfig.
But the server address for kubeconfig is kubernetes.default.svc. Therefore, we need to configure a hosts.
|
|
If you need to switch between clusters, not only do you need to change kubeconfig, but you also need to modify the hosts. here is a way to add remote access addresses directly to the cluster’s credentials, saving the step of modifying hosts and making it easier to distinguish between clusters.
2. Check which addresses are included in the Apiserver certificate
- Go to the certificate directory
|
|
- View Certificate
Here if you only allow access to the cluster Apiserver through 1.1.1.1. if you need to use domain names, kubernetes, kubernetes.default, kubernetes.default.svc etc., you need to configure hosts to point it to 1.1.1.1.
3. Add a new domain name or IP to the certificate
- Back up the certificate
- Modify kubeadm-config.yaml
kubeadm-config.yaml may be in /etc/kubernetes/kubeadm-config.yaml or it may be in /root/kubeadm-config.yaml, depending on the installation method and the installation tool.
Under the apiServer field of ClusterConfiguration, find certSANs.
Add a domain name or IP address for remote access to certSANs.
- Regenerate the certificate
|
|
After execution, it takes effect immediately. If there are more than one Master, then you need to renew all certificates in turn.