Accessing a remote minikube from a local computer
You are the captain of your own ship; don’t let anyone else take the wheel. — Michael Josephson
Minikube is a lightweight Kubernetes implementation that creates a VM on your local machine and deploys a simple cluster containing only one node. Minikube is available for Linux, macOS, and Windows systems.
What about if you want to run a minikube on your remote single-node and manage it from the local computer? In this article, we’ll cover all steps.
Installing minikube on a remote host.
At first, you need to visit the official site of the minikube: minikube.sigs.k8s.io and install the binary depending on the OS of your remote host. In my case, that’s a Linux system (Ubuntu) so I’ll download the relevant binary.
Note: as I logged as a root user in my system I won’t execute the commands with
sudo
. You need to take into account it if you logged as not a superuser.
$ curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64$ install minikube-linux-amd64 /usr/local/bin/minikube
Minikube will need a hypervisor (VirtualBox or KVM) to work, but if you are already inside a virtual machine, then you can skip the creation of an additional VM layer by using the none
driver. Please note, in that case, you need to install a Docker engine in that VM. I’m using a VM in Google Cloud where I already have a Docker engine installed on it. It means that I’ll use Docker instead of virtualization (VirtualBox, VMware Fusion, kvm2, VMware, etc.).
After successful installation, it’s time to start the local Kubernetes with the following command:
$ minikube start --driver=none
The output says that now we have a Kubernetes cluster running on the remote host. Minikube generates a config file inside .kube/
directory in your home directory.
There are some important lines in the config file that needs to mention:
- certificate-authority - provides an API, which lets you provision TLS certificates signed by a Certificate Authority (CA) that you control. These CA and certificates can be used by your workloads to establish trust.
- server - it’s an address of the Kubernetes API server which validates and configures data for the api objects which include pods, services, replicationcontrollers, and others.
- client-certificate - Kubernetes/minikube requires PKI certificates for authentication over TLS.
- client-key - a key matching the client certificate.
Deploying Nginx reverse proxy in front of minikube.
As we talked about the Kubernetes API server it’s a point where all your requests will go when you use the command-line tool kubectl
. The kubectl allows you to run commands against Kubernetes clusters. In this example, the address of my kube-apiserver is https://10.142.0.17:8443
where 10.142.0.17
is the IP address of the minikube. You can’t access minikube remotely because it’s only accessible locally. For this reason, you need to deploy an Nginx reverse proxy next to minikube that will allow receiving requests from remote clients then forward them to kube-apiserver. In this article, we’ll deploy it via docker so before that we need to create the necessary directories and files for mounting.
$ mkdir -p /etc/nginx/conf.d/ /etc/nginx/certs$ cat <<EOF > /etc/nginx/conf.d/minikube.conf
server {
listen 80;
listen [::]:80;
server_name localhost; auth_basic "Administrator’s Area";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_pass https://`minikube ip`:8443;
proxy_ssl_certificate /etc/nginx/certs/minikube-client.crt;
proxy_ssl_certificate_key /etc/nginx/certs/minikube-client.key;
}
}
EOF
Let’s step by step understand the following configuration.
auth_basic
- it means that our Nginx server will respond only to authenticated requests (e.g when a client types username/password pairs while requesting something).auth_basic_user_file
- a file that contains user/password pairs.proxy_pass
- it’s a directive for passing a request to an HTTP proxied server. In this case, the proxied server iskube-apiserver
. The following parthttps://`minikube ip`:8443
means to dynamically get the IP address of the minikube then set it into the file.proxy_ssl_certificate
andproxy_ssl_certificate_key
directives for the files that contain certificates and keys in the PEM format used for authentication to a proxied HTTPS server.
As you noticed we haven’t created the username/password pairs yet. For that, we’ll use a cmd-tool called htpasswd
. If you don’t have installed it yet, install it via apt-get.
$ apt-get install apache2-utils -y
$ htpasswd -c /etc/nginx/.htpasswd minikube
Now the username/password pairs are stored in the/etc/nginx/.htpasswd
file. As we already have the necessary configuration files we’re ready to deploy the Nginx with the following command:
$ docker run -d \
--name nginx \
-p 8080:80 \
-v /root/.minikube/profiles/minikube/client.key:/etc/nginx/certs/minikube-client.key \
-v /root/.minikube/profiles/minikube/client.crt:/etc/nginx/certs/minikube-client.crt \
-v /etc/nginx/conf.d/:/etc/nginx/conf.d \
-v /etc/nginx/.htpasswd:/etc/nginx/.htpasswd \
nginx
The output of docker ps
command says that the Nginx is running and can handle requests on port 8080.
If we try to request to Nginx from the browser we’ll see the following pop-up window which says that username and password are required. For opening the page from your browser go to the following address http://<YOUR_SERVER_IP>:8080
. In my case the hayk-test
is an “alias” defined in the/etc/hosts
file of my laptop.
After successfully Sign In you’ll see the API paths provided by your Kubernetes cluster.
If you’re using a VPN or proxy server for connecting to your remote host you can add an additional security layer of Nginx level by using IP Address Restriction as well.
Installing and configuring kubectl.
All steps prove that we did everything correctly and now we can go ahead and install kubectl command-line tool on our local computer depending on OS. I already have kubectl installed on my computer so I’ll skip this step.
Now we need to configure kubectl for the minikube. We’ll copy the content of the config file from the remote host (see Img.3) and paste it into the local computer.
$ cat ~/.kube/config # execute on remote host
$ vim ~/.kube/minikube-config # execute on local computer
There are some highlighted lines in the image below that need to change:
- comment the lines
certificate-authority
,client-certificate
, andclient-key
- replace the
server
line with the following line by replacing password and remote server IP:http://minikube:<ENTER_YOUR_PASSWORD_HERE>@<YOUR_SERVER_IP>:8080
Now we are completely ready to interact with the remote minikube from the local computer. With the following commands, we’ll get our Kubernetes cluster’s info and all existing namespaces.
$ kubectl --kubeconfig ~/.kube/minikube-config cluster-info
$ kubectl --kubeconfig ~/.kube/minikube-config get namespaces
Conclusion.
As you noticed from the output the request is going through Nginx web server. Now you can fully manage your Kubernetes cluster (minikube) from your local computer.
Thanks for reading. I hope this story was helpful. If you are interested, check out my other Medium articles.
Join FAUN: Website 💻|Podcast 🎙️|Twitter 🐦|Facebook 👥|Instagram 📷|Facebook Group 🗣️|Linkedin Group 💬| Slack 📱|Cloud Native News 📰|More.
If this post was helpful, please click the clap 👏 button below a few times to show your support for the author 👇