Accessing a remote minikube from a local computer

You are the captain of your own ship; don’t let anyone else take the wheel. — Michael Josephson

Photo by Joseph Barrientos on Unsplash

Minikube is a lightweight Kubernetes implementation that creates a VM on your local machine and deploys a simple cluster containing only one node. Minikube is available for Linux, macOS, and Windows systems.

What about if you want to run a minikube on your remote single-node and manage it from the local computer? In this article, we’ll cover all steps.

Installing minikube on a remote host.

At first, you need to visit the official site of the minikube: minikube.sigs.k8s.io and install the binary depending on the OS of your remote host. In my case, that’s a Linux system (Ubuntu) so I’ll download the relevant binary.

Img. 1 minikube installation on Linux system

Note: as I logged as a root user in my system I won’t execute the commands with sudo . You need to take into account it if you logged as not a superuser.

$ curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
$ install minikube-linux-amd64 /usr/local/bin/minikube

Minikube will need a hypervisor (VirtualBox or KVM) to work, but if you are already inside a virtual machine, then you can skip the creation of an additional VM layer by using the none driver. Please note, in that case, you need to install a Docker engine in that VM. I’m using a VM in Google Cloud where I already have a Docker engine installed on it. It means that I’ll use Docker instead of virtualization (VirtualBox, VMware Fusion, kvm2, VMware, etc.).

After successful installation, it’s time to start the local Kubernetes with the following command:

$ minikube start --driver=none

Img. 2 Starting minikube

The output says that now we have a Kubernetes cluster running on the remote host. Minikube generates a config file inside .kube/ directory in your home directory.

Img. 3 Kubernetes configuration file

There are some important lines in the config file that needs to mention:

• certificate-authority - provides an API, which lets you provision TLS certificates signed by a Certificate Authority (CA) that you control. These CA and certificates can be used by your workloads to establish trust.
• server - it’s an address of the Kubernetes API server which validates and configures data for the api objects which include pods, services, replicationcontrollers, and others.
• client-certificate - Kubernetes/minikube requires PKI certificates for authentication over TLS.
• client-key - a key matching the client certificate.

Deploying Nginx reverse proxy in front of minikube.

As we talked about the Kubernetes API server it’s a point where all your requests will go when you use the command-line tool kubectl. The kubectl allows you to run commands against Kubernetes clusters. In this example, the address of my kube-apiserver is https://10.142.0.17:8443 where 10.142.0.17 is the IP address of the minikube. You can’t access minikube remotely because it’s only accessible locally. For this reason, you need to deploy an Nginx reverse proxy next to minikube that will allow receiving requests from remote clients then forward them to kube-apiserver. In this article, we’ll deploy it via docker so before that we need to create the necessary directories and files for mounting.

$ mkdir -p /etc/nginx/conf.d/ /etc/nginx/certs
$ cat <<EOF > /etc/nginx/conf.d/minikube.conf 
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;
    auth_basic "Administrator’s Area";
    auth_basic_user_file /etc/nginx/.htpasswd;    
    
    location / {   
        proxy_pass https://`minikube ip`:8443;
        proxy_ssl_certificate /etc/nginx/certs/minikube-client.crt;
        proxy_ssl_certificate_key /etc/nginx/certs/minikube-client.key;
    }
}
EOF

Let’s step by step understand the following configuration.

• auth_basic - it means that our Nginx server will respond only to authenticated requests (e.g when a client types username/password pairs while requesting something).
• auth_basic_user_file - a file that contains user/password pairs.
• proxy_pass - it’s a directive for passing a request to an HTTP proxied server. In this case, the proxied server is kube-apiserver . The following part https://`minikube ip`:8443 means to dynamically get the IP address of the minikube then set it into the file.
• proxy_ssl_certificate and proxy_ssl_certificate_key directives for the files that contain certificates and keys in the PEM format used for authentication to a proxied HTTPS server.

As you noticed we haven’t created the username/password pairs yet. For that, we’ll use a cmd-tool called htpasswd . If you don’t have installed it yet, install it via apt-get.

$ apt-get install apache2-utils -y
$ htpasswd -c /etc/nginx/.htpasswd minikube

Img. 4 Generating a password for minikube user

Now the username/password pairs are stored in the/etc/nginx/.htpasswd file. As we already have the necessary configuration files we’re ready to deploy the Nginx with the following command:

$ docker run -d \
--name nginx \
-p 8080:80 \
-v /root/.minikube/profiles/minikube/client.key:/etc/nginx/certs/minikube-client.key \
-v /root/.minikube/profiles/minikube/client.crt:/etc/nginx/certs/minikube-client.crt \
-v /etc/nginx/conf.d/:/etc/nginx/conf.d \
-v /etc/nginx/.htpasswd:/etc/nginx/.htpasswd \
nginx

The output of docker ps command says that the Nginx is running and can handle requests on port 8080.

Img.5 Nginx deployment via docker

If we try to request to Nginx from the browser we’ll see the following pop-up window which says that username and password are required. For opening the page from your browser go to the following address http://<YOUR_SERVER_IP>:8080 . In my case the hayk-test is an “alias” defined in the/etc/hosts file of my laptop.

Img. 6 Requesting Nginx via browser

After successfully Sign In you’ll see the API paths provided by your Kubernetes cluster.

Img. 7 Kubernetes API paths

If you’re using a VPN or proxy server for connecting to your remote host you can add an additional security layer of Nginx level by using IP Address Restriction as well.

Installing and configuring kubectl.

All steps prove that we did everything correctly and now we can go ahead and install kubectl command-line tool on our local computer depending on OS. I already have kubectl installed on my computer so I’ll skip this step.

Now we need to configure kubectl for the minikube. We’ll copy the content of the config file from the remote host (see Img.3) and paste it into the local computer.

$ cat ~/.kube/config          # execute on remote host
$ vim ~/.kube/minikube-config # execute on local computer

There are some highlighted lines in the image below that need to change:

• comment the lines certificate-authority , client-certificate , and client-key
• replace the server line with the following line by replacing password and remote server IP:
  http://minikube:<ENTER_YOUR_PASSWORD_HERE>@<YOUR_SERVER_IP>:8080

Img. 8 KubeConfig file of the minikube

Now we are completely ready to interact with the remote minikube from the local computer. With the following commands, we’ll get our Kubernetes cluster’s info and all existing namespaces.

$ kubectl --kubeconfig ~/.kube/minikube-config cluster-info
$ kubectl --kubeconfig ~/.kube/minikube-config get namespaces

Img. 9 Interacting with a remote minikube from the local computer

Conclusion.

As you noticed from the output the request is going through Nginx web server. Now you can fully manage your Kubernetes cluster (minikube) from your local computer.

Thanks for reading. I hope this story was helpful. If you are interested, check out my other Medium articles.

Join FAUN: Website 💻|Podcast 🎙️|Twitter 🐦|Facebook 👥|Instagram 📷|Facebook Group 🗣️|Linkedin Group 💬| Slack 📱|Cloud Native News 📰|More.

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author 👇