mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
90 lines
3.0 KiB
Plaintext
90 lines
3.0 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * microshift/microshift_configuring/microshift-node-access-kubeconfig.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="microshift-kubeconfig-generating-additional-files_{context}"]
|
|
= Generating additional kubeconfig files for remote access
|
|
|
|
You can generate additional `kubeconfig` files to use if you need more host names or IP addresses than the default remote access file provides.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
You must restart {microshift-short} for configuration changes to be implemented.
|
|
====
|
|
|
|
.Prerequisites
|
|
|
|
* You have created a `config.yaml` for {microshift-short}.
|
|
|
|
.Procedure
|
|
|
|
. Optional: You can show the contents of the `config.yaml`. Run the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ cat /etc/microshift/config.yaml
|
|
----
|
|
|
|
. Optional: You can show the contents of the remote-access `kubeconfig` file. Run the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ cat /var/lib/microshift/resources/kubeadmin/<hostname>/kubeconfig
|
|
----
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
Additional remote access `kubeconfig` files must include one of the server names listed in the {product-title} `config.yaml` file. Additional `kubeconfig` files must also use the same CA for validation.
|
|
====
|
|
|
|
. To generate additional `kubeconfig` files for additional DNS names SANs or external IP addresses, add the entries you need to the `apiServer.subjectAltNames` field. In the following example, the DNS name used is `alt-name-1` and the IP address is `1.2.3.4`.
|
|
+
|
|
.Example `config.yaml` with additional authentication values
|
|
[source,yaml]
|
|
----
|
|
dns:
|
|
baseDomain: example.com
|
|
node:
|
|
hostnameOverride: "microshift-rhel9" <1>
|
|
nodeIP: 10.0.0.1
|
|
apiServer:
|
|
subjectAltNames:
|
|
- alt-name-1 <2>
|
|
- 1.2.3.4 <3>
|
|
----
|
|
<1> Hostname
|
|
<2> DNS name
|
|
<3> IP address or range
|
|
|
|
. Restart {microshift-short} to apply configuration changes and auto-generate the `kubeconfig` files you need by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo systemctl restart microshift
|
|
----
|
|
|
|
. To check the contents of additional remote-access `kubeconfig` files, insert the name or IP address as listed in the `config.yaml` into the `cat` command. For example, `alt-name-1` is used in the following example command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ cat /var/lib/microshift/resources/kubeadmin/alt-name-1/kubeconfig
|
|
----
|
|
|
|
. Choose the `kubeconfig` file to use that contains the SAN or IP address you want to use to connect your node. In this example, the `kubeconfig` containing`alt-name-1` in the `cluster.server` field is the correct file.
|
|
+
|
|
.Example contents of an additional `kubeconfig` file
|
|
[source,yaml]
|
|
----
|
|
clusters:
|
|
- cluster:
|
|
certificate-authority-data: <base64 CA>
|
|
server: https://alt-name-1:6443 <1>
|
|
----
|
|
<1> The `/var/lib/microshift/resources/kubeadmin/alt-name-1/kubeconfig` file values are from the `apiServer.subjectAltNames` configuration values.
|
|
|
|
[NOTE]
|
|
====
|
|
All of these parameters are included as common names (CN) and subject alternative names (SAN) in the external serving certificates for the API server.
|
|
====
|