This page describes how to configure connectivity for the kubectl
command-line
tool to access Distributed Cloud Edge.
Configure kubectl connectivity for Cloud control plane clusters
This section describes how to configure connectivity for the kubectl
command-line
tool to access Distributed Cloud Edge Cloud control plane clusters.
You have the option to configure kubectl
connectivity through the connect gateway
and through Cloud Load Balancing.
Connectivity through the connect gateway
You can configure kubectl
connectivity using the connect gateway.
To configure kubectl
connectivity through the connect gateway, use
the following command to generate the necessary kubeconfig
file:
gcloud beta edge-cloud container hub memberships get-credentials CLUSTER_ID \ --project=PROJECT_ID
Replace the following:
CLUSTER_ID
: the ID of the target cluster.PROJECT_ID
: the ID of the target Google Cloud project.REGION
: the Google Cloud region in which the cluster has been created.
The connect gateway hub membership name is the ID of the target Distributed Cloud Edge cluster. The connect gateway hub membership project ID can, but does not have to, match the target cluster's project ID.
The generated kubeconfig
files contains a connect gateway endpoint URL
similar to the following:
https://connectgateway.googleapis.com/v1/projects/myProject/locations/global/memberships/myCluster
Your kubectl
requests are sent to the connect gateway, which forwards it to
the Connect Agent and finally to the Kubernetes API server in the cluster's
Cloud control plane.
Connectivity through Cloud Load Balancing
To configure kubectl
connectivity through Cloud Load Balancing, use
the following command to generate the necessary kubeconfig
file:
gcloud edge-cloud container clusters get-credentials CLUSTER_ID \ --project=PROJECT_ID \ --location=REGION
Replace the following:
CLUSTER_ID
: the ID of the target cluster.PROJECT_ID
: the ID of the target Google Cloud project.REGION
: the Google Cloud region in which the cluster has been created.
In this case, Cloud Load Balancing serves as an external L4 load balancer
that exposes a single public IP address to the internet and forwards kubectl
requests to the cluster's Cloud control plane running in Google Cloud.
Configure kubectl connectivity for local control plane clusters
This section describes how to configure connectivity for the kubectl
command-line
tool to access Distributed Cloud Edge local control plane clusters.
By default, the ToR switches automatically advertise the virtual IP addresses of your
local control plane nodes to your local network. You can use the kubectl
tool to directly
connect to those virtual IP addresses from your local network.
For situations where direct access to your local network is not available, you have the following options:
- If the local control plane node uses a public IP address, you can connect to it directly from the internet. Your network administrator must configure your firewall to allow inbound traffic to the node on port 443.
- If the local control plane uses a private IP address, you must Configure a bastion host.