Set up remote management of VMs¶
About this task
Configure the kubectl
, virtctl
and virt-viewer
clients on a remote
workstation, in order to manage KubeVirt VMs remotely. Note that the
graphical console of a VM can only be accessed remotely from a workstation with
X Windows (e.g. graphical ubuntu desktop), kubectl, virtctl
and
virt-viewer
installed.
Procedure
Configure kubectl and helm¶
On the controller, if an admin-user service account is not already available, create one.
Create the admin-user service account in kube-system namespace and bind the cluster-admin ClusterRoleBinding to this user.
% cat <<EOF > admin-login.yaml apiVersion: v1 kind: ServiceAccount metadata: name: kubernetes-admin namespace: kube-system --- apiVersion: v1 kind: Secret type: kubernetes.io/service-account-token metadata: name: kubernetes-admin-sa-token namespace: kube-system annotations: kubernetes.io/service-account.name: kubernetes-admin --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: kubernetes-admin namespace: kube-system EOF % kubectl apply -f admin-login.yaml
Retrieve the secret token.
~(keystone_admin)]$ TOKEN_DATA=$(kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-admin | awk '{print $1}') | grep "token:" | awk '{print $2}')
On a remote workstation, install the kubectl client. Go to the following link: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/.
Install the kubectl client CLI (for example, an Ubuntu host).
% sudo apt-get update % sudo apt-get install -y apt-transport-https % curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | \ sudo apt-key add % echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | \ sudo tee -a /etc/apt/sources.list.d/kubernetes.list % sudo apt-get update % sudo apt-get install -y kubectl
Set up the local configuration and context.
Note
In order for your remote host to trust the certificate used by the StarlingX K8S API, you must ensure that the
k8s_root_ca_cert
specified at install time is a trusted CA certificate by your host. Follow the instructions for adding a trusted CA certificate for the operating system distribution of your particular host.If you did not specify a
k8s_root_ca_cert
at install time, then specify--insecure-skip-tls-verify
, as shown below.The following example configures the default ~/.kube/config. See the following reference: https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/. You need to obtain a floating OAM IP.
% kubectl config set-cluster mycluster --server=https://${OAM_IP}:6443 \ --insecure-skip-tls-verify % kubectl config set-credentials kubernetes-admin@mycluster --token=$TOKEN_DATA % kubectl config set-context kubernetes-admin@mycluster --cluster=mycluster \ --user kubernetes-admin@mycluster --namespace=default % kubectl config use-context kubernetes-admin@mycluster
$TOKEN_DATA
is the token retrieved in step 1.Test remote kubectl access.
% kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE ... controller-0 Ready master 15h v1.12.3 192.168.204.3 <none> CentOS L ... controller-1 Ready master 129m v1.12.3 192.168.204.4 <none> CentOS L ... worker-0 Ready <none> 99m v1.12.3 192.168.204.201 <none> CentOS L ... worker-1 Ready <none> 99m v1.12.3 192.168.204.202 <none> CentOS L ... %
On the workstation, install the helm client on an Ubuntu host by taking the following actions on the remote Ubuntu system.
Install helm. See the following reference: https://helm.sh/docs/intro/install/. Helm accesses the Kubernetes cluster as configured in the previous step, using the default ~/.kube/config.
% wget https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz % tar xvf helm-v3.2.1-linux-amd64.tar.gz % sudo cp linux-amd64/helm /usr/local/bin
Verify that helm installed correctly.
% helm version version.BuildInfo{Version:"v3.2.1", GitCommit:"fe51cd1e31e6a202cba7dead9552a6d418ded79a", GitTreeState:"clean", GoVersion:"go1.13.10"}
Run the following commands:
% helm repo add bitnami https://charts.bitnami.com/bitnami % helm repo update % helm repo list % helm search repo % helm install wordpress bitnami/wordpress
Configure virtctl¶
On the remote workstation, install virtctl client tool.
$ export VERSION=v0.53.1
$ wget https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/virtctl-${VERSION}-linux-amd64
$ chmod a+x ./virtctl-${VERSION}-linux-amd64
$ sudo cp ./virtctl-${VERSION}-linux-amd64 /usr/bin/virtctl
Configure virt-viewer¶
On the remote workstation, install virt-viewer in order to enable use of graphical console.
$ sudo apt -y install virt-viewer