gorgeous-alarm-2311
05/09/2023, 9:12 AMagreeable-oil-87482
05/09/2023, 10:08 AMauthorised endpoint
feature that gives you direct access to the clustergorgeous-alarm-2311
05/09/2023, 10:12 AMkube-apiservice
and its container ENV. SO I just wondered whether the certs or other material is available to me to manufacture a downstream config by hand?agreeable-oil-87482
05/09/2023, 10:14 AMgorgeous-alarm-2311
05/09/2023, 10:31 AMagreeable-oil-87482
05/09/2023, 10:34 AMrke up
it would have generated a kubeconfig that auths directly to the API server.
Failing that, ssh to one of your rancher management cluster nodes. Install kubectl and run:
kubectl --kubeconfig $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl/kubecfg-kube-node.yaml get configmap -n kube-system full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .currentState.certificatesBundle.\"kube-admin\".config | sed -e "/^[[:space:]]*server:/ s_:.*_: \"<https://127.0.0.1:6443>\"_" > kubeconfig_admin.yaml
kubectl --kubeconfig kubeconfig_admin.yaml get nodes
gorgeous-alarm-2311
05/09/2023, 11:34 AMagreeable-oil-87482
05/09/2023, 12:09 PM