Help Center> Cloud Container Engine> FAQ> API & kubectl FAQs> How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
View PDF

How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?

This section uses a CCE cluster as an example to describe how to connect to a CCE cluster using kubectl.

Using kubectl

Background

To connect a client to a Kubernetes cluster, you can use kubectl. For details, see Install Tools.

Prerequisites

CCE allows you to access a cluster through a VPC network or a public network.
  • VPC internal access: Clusters in the same VPC can access each other.
  • Public network access: You need to prepare an ECS that can connect to a public network.

If public network access is used, the kube-apiserver of the cluster will be exposed to the public network and may be attacked. You are advised to configure Advanced Anti-DDoS for the EIP of the node where the kube-apiserver is located.

Downloading kubectl

You need to download kubectl and configuration file, copy the file to your client, and configure kubectl. After the configuration is complete, you can use kubectl to access your Kubernetes clusters.

Go to the Kubernetes release page to download kubectl corresponding to the cluster version or a later version.

Installing and configuring kubectl

  1. Log in to the CCE console, click Resource Management > Clusters, and choose Command Line Tool > Kubectl under the cluster to be connected.
  2. On the Kubectl tab page of the cluster details page, connect to the cluster as prompted.

    • You can download the kubectl configuration file (kubeconfig.json) on the kubectl tab page. This file is used for user cluster authentication. If the file is leaked, your clusters may be attacked. When the file is leaked, you can replace the authentication credential by updating the certificate.
    • If two-way authentication is enabled for the current cluster and an EIP has been bound to the cluster, when the authentication fails (x509: certificate is valid), you need to bind the EIP and download the kubeconfig.json file again.
    • The Kubernetes permissions assigned by the configuration file downloaded by IAM users are the same as those assigned to the IAM users on the CCE console.
    • Download the client file when downloading kubectl.
    Figure 1 Connecting to a Kubernetes cluster using kubectl

Parent topic: API & kubectl FAQs