Skip to content

Instantly share code, notes, and snippets.

@superseb

superseb/README.md

Last active December 21, 2023 12:32
Show Gist options
  • Save superseb/3d8de6092ebc4b1581185197583f472a to your computer and use it in GitHub Desktop.
Save superseb/3d8de6092ebc4b1581185197583f472a to your computer and use it in GitHub Desktop.
Download ZIP
Retrieve kubeconfig from RKE or Rancher 2 custom cluster controlplane node for RKE v0.1.x and Rancher v2.0.x and Rancher v2.1.x
Raw
README.md

Retrieve kubeconfig from RKE v0.1.x or Rancher v2.0.x/v2.1.x custom cluster controlplane node

For RKE v0.2.x and Rancher v2.2.x, see https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b

Applicable for:

  • RKE v0.1.x
  • Rancher v2.0.x
  • Rancher v2.1.x

Oneliner (RKE and Rancher custom cluster)

If you know what you are doing (requires kubectl and jq on the node).

kubectl --kubeconfig $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl/kubecfg-kube-node.yaml get secret -n kube-system kube-admin -o jsonpath={.data.Config} | base64 -d | sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://127.0.0.1:6443\"_" > kubeconfig_admin.yaml

kubectl --kubeconfig kubeconfig_admin.yaml get nodes

Docker run commands (Rancher custom cluster)

To be executed on nodes with controlplane role, this uses the rancher/rancher-agent image to retrieve the kubeconfig.

  1. Get kubeconfig
docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=io.cattle.agent=true) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml get secret -n kube-system kube-admin -o jsonpath={.data.Config} | base64 -d | sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://127.0.0.1:6443\"_"' > kubeconfig_admin.yaml
  1. Run kubectl get nodes
docker run --rm --net=host -v $PWD/kubeconfig_admin.yaml:/root/.kube/config --entrypoint bash $(docker inspect $(docker images -q --filter=label=io.cattle.agent=true) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl get nodes'

Script

Run rke-node-kubeconfig.sh and follow instructions given

Raw
rke-node-kubeconfig.sh
#!/usr/bin/env bash
PRIVATE_REGISTRY="$1/"
# Check if controlplane node (kube-apiserver)
CONTROLPLANE=$(docker ps -q --filter=name=kube-apiserver)
# Get agent image from Docker images
RANCHER_IMAGE=$(docker inspect $(docker images -q --filter=label=io.cattle.agent=true) --format='{{index .RepoTags 0}}' | tail -1)
if [ -z $RANCHER_IMAGE ]; then
RANCHER_IMAGE="${PRIVATE_REGISTRY}rancher/rancher-agent:v2.1.3"
fi
if [ -d /opt/rke/etc/kubernetes/ssl ]; then
K8S_SSLDIR=/opt/rke/etc/kubernetes/ssl
else
K8S_SSLDIR=/etc/kubernetes/ssl
fi
docker run --rm --net=host -v $K8S_SSLDIR:/etc/kubernetes/ssl:ro --entrypoint bash $RANCHER_IMAGE -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml get secret -n kube-system kube-admin -o jsonpath={.data.Config} | base64 -d | sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://127.0.0.1:6443\"_"' > kubeconfig_admin.yaml
if [ -s kubeconfig_admin.yaml ]; then
if [ -z $CONTROLPLANE ]; then
echo "This is supposed to be run on a node with the 'controlplane' role as it will try to connect to https://127.0.0.1:6443"
echo "You can manually change the 'server:' parameter inside 'kubeconfig_admin.yaml' to point to a node with the 'controlplane' role"
fi
echo "Kubeconfig is stored at kubeconfig_admin.yaml"
echo "You can use on of the following commands to use it:"
echo "docker run --rm --net=host -v $PWD/kubeconfig_admin.yaml:/root/.kube/config --entrypoint bash $RANCHER_IMAGE -c 'kubectl get nodes'"
echo "kubectl --kubeconfig kubeconfig_admin.yaml get nodes"
else
echo "Failed to retrieve kubeconfig"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment