Configure kubectl connectivity

This page describes how to configure connectivity for the kubectl command-line tool to access Distributed Cloud Edge.

Configure kubectl connectivity for Cloud control plane clusters

This section describes how to configure connectivity for the kubectl command-line tool to access Distributed Cloud Edge Cloud control plane clusters. You have the option to configure kubectl connectivity through the connect gateway and through Cloud Load Balancing.

Connectivity through the connect gateway

You can configure kubectl connectivity using the connect gateway.

To configure kubectl connectivity through the connect gateway, use the following command to generate the necessary kubeconfig file:

 gcloud beta edge-cloud container hub memberships get-credentials CLUSTER_ID \
    --project=PROJECT_ID

Replace the following:

  • CLUSTER_ID: the ID of the target cluster.
  • PROJECT_ID: the ID of the target Google Cloud project.
  • REGION: the Google Cloud region in which the cluster has been created.

The connect gateway hub membership name is the ID of the target Distributed Cloud Edge cluster. The connect gateway hub membership project ID can, but does not have to, match the target cluster's project ID.

The generated kubeconfig files contains a connect gateway endpoint URL similar to the following:

https://connectgateway.googleapis.com/v1/projects/myProject/locations/global/memberships/myCluster

Your kubectl requests are sent to the connect gateway, which forwards it to the Connect Agent and finally to the Kubernetes API server in the cluster's Cloud control plane.

Connectivity through Cloud Load Balancing

To configure kubectl connectivity through Cloud Load Balancing, use the following command to generate the necessary kubeconfig file:

 gcloud edge-cloud container clusters get-credentials CLUSTER_ID \
    --project=PROJECT_ID \
    --location=REGION

Replace the following:

  • CLUSTER_ID: the ID of the target cluster.
  • PROJECT_ID: the ID of the target Google Cloud project.
  • REGION: the Google Cloud region in which the cluster has been created.

In this case, Cloud Load Balancing serves as an external L4 load balancer that exposes a single public IP address to the internet and forwards kubectl requests to the cluster's Cloud control plane running in Google Cloud.

Configure kubectl connectivity for local control plane clusters

This section describes how to configure connectivity for the kubectl command-line tool to access Distributed Cloud Edge local control plane clusters.

By default, the ToR switches automatically advertise the virtual IP addresses of your local control plane nodes to your local network. You can use the kubectl tool to directly connect to those virtual IP addresses from your local network.

For situations where direct access to your local network is not available, you have the following options:

  • If the local control plane node uses a public IP address, you can connect to it directly from the internet. Your network administrator must configure your firewall to allow inbound traffic to the node on port 443.
  • If the local control plane uses a private IP address, you must Configure a bastion host.

What's next