Set up remote management of VMs

About this task

Configure the kubectl, virtctl and virt-viewer clients on a remote workstation, in order to manage KubeVirt VMs remotely. Note that the graphical console of a VM can only be accessed remotely from a workstation with X Windows (e.g. graphical ubuntu desktop), kubectl, virtctl and virt-viewer installed.

Procedure

Configure kubectl and helm

  1. On the controller, if an admin-user service account is not already available, create one.

    1. Create the admin-user service account in kube-system namespace and bind the cluster-admin ClusterRoleBinding to this user.

      % cat <<EOF > admin-login.yaml
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: kubernetes-admin
        namespace: kube-system
      ---
      apiVersion: v1
      kind: Secret
      type: kubernetes.io/service-account-token
      metadata:
        name: kubernetes-admin-sa-token
        namespace: kube-system
        annotations:
          kubernetes.io/service-account.name: kubernetes-admin
      ---
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRoleBinding
      metadata:
        name: kubernetes-admin
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: cluster-admin
      subjects:
      - kind: ServiceAccount
        name: kubernetes-admin
        namespace: kube-system
      EOF
      % kubectl apply -f admin-login.yaml
      
    2. Retrieve the secret token.

      ~(keystone_admin)]$ TOKEN_DATA=$(kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-admin | awk '{print $1}') | grep "token:" | awk '{print $2}')
      
  2. On a remote workstation, install the kubectl client. Go to the following link: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/.

    1. Install the kubectl client CLI (for example, an Ubuntu host).

      % sudo apt-get update
      % sudo apt-get install -y apt-transport-https
      % curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
      sudo apt-key add
      % echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | \
      sudo tee -a /etc/apt/sources.list.d/kubernetes.list
      % sudo apt-get update
      % sudo apt-get install -y kubectl
      
    2. Set up the local configuration and context.

      Note

      In order for your remote host to trust the certificate used by the StarlingX K8S API, you must ensure that the k8s_root_ca_cert specified at install time is a trusted CA certificate by your host. Follow the instructions for adding a trusted CA certificate for the operating system distribution of your particular host.

      If you did not specify a k8s_root_ca_cert at install time, then specify --insecure-skip-tls-verify, as shown below.

      The following example configures the default ~/.kube/config. See the following reference: https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/. You need to obtain a floating OAM IP.

      % kubectl config set-cluster mycluster --server=https://${OAM_IP}:6443 \
      --insecure-skip-tls-verify
      % kubectl config set-credentials kubernetes-admin@mycluster --token=$TOKEN_DATA
      % kubectl config set-context kubernetes-admin@mycluster --cluster=mycluster \
      --user kubernetes-admin@mycluster --namespace=default
      % kubectl config use-context kubernetes-admin@mycluster
      

      $TOKEN_DATA is the token retrieved in step 1.

    3. Test remote kubectl access.

      % kubectl get nodes -o wide
      NAME           STATUS   ROLES    AGE    VERSION   INTERNAL-IP       EXTERNAL-IP   OS-IMAGE ...
      controller-0   Ready    master   15h    v1.12.3   192.168.204.3     <none>        CentOS L ...
      controller-1   Ready    master   129m   v1.12.3   192.168.204.4     <none>        CentOS L ...
      worker-0       Ready    <none>   99m    v1.12.3   192.168.204.201   <none>        CentOS L ...
      worker-1       Ready    <none>   99m    v1.12.3   192.168.204.202   <none>        CentOS L ...
      %
      
  3. On the workstation, install the helm client on an Ubuntu host by taking the following actions on the remote Ubuntu system.

    1. Install helm. See the following reference: https://helm.sh/docs/intro/install/. Helm accesses the Kubernetes cluster as configured in the previous step, using the default ~/.kube/config.

      % wget https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz
      % tar xvf helm-v3.2.1-linux-amd64.tar.gz
      % sudo cp linux-amd64/helm /usr/local/bin
      
    2. Verify that helm installed correctly.

      % helm version
      version.BuildInfo{Version:"v3.2.1", GitCommit:"fe51cd1e31e6a202cba7dead9552a6d418ded79a", GitTreeState:"clean", GoVersion:"go1.13.10"}
      
    3. Run the following commands:

      % helm repo add bitnami https://charts.bitnami.com/bitnami
      % helm repo update
      % helm repo list
      % helm search repo
      % helm install wordpress bitnami/wordpress
      

Configure virtctl

On the remote workstation, install virtctl client tool.

$ export VERSION=v0.53.1
$ wget https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/virtctl-${VERSION}-linux-amd64
$ chmod a+x ./virtctl-${VERSION}-linux-amd64
$ sudo cp ./virtctl-${VERSION}-linux-amd64 /usr/bin/virtctl

Configure virt-viewer

On the remote workstation, install virt-viewer in order to enable use of graphical console.

$ sudo apt -y install virt-viewer