In my last post, I installed Azure Arc which allowed me to project my k3s cluster into Azure. The installation was done directly on the Master node of the cluster and developers would also need to connect to the master node to execute any commands on the Kubernetes cluster.
Today, I want to show you how to give developers access using RBAC (Role-based access control) and let them connect to the Kubernetes cluster through Azure Arc.
This post is part of “Azure Arc Series - Manage an on-premises Kubernetes Cluster with Azure Arc”.
Create a User on the Kubernetes Cluster
To authorize a user to access the Kubernetes cluster, you first have to create a user account and then give this user permissions using the kubectl cluterrolebinding command. Use the following command on the Master node to create a new admin user and give this user the cluster-admin role:
This command additionally creates a secret for the user that contains a JWT token. You can read the token with the following command and then print it to the console:
The following screenshot shows all the commands and also the printed token:
Create an user and print the token to the console
Copy the token as you will need it to access the Kubernetes cluster through Azure Arc.
Access the k3s Cluster in the Azure Portal with Azure Arc
When you open the Azure Arc resource in the Azure Portal and go to any Kubernetes resources pane, you will see a message that you have to sign in to view the Kubernetes resources.
Sign in to view your Kubernetes resources
Paste the previously created token into the text box and click Sign in. Now you should see the resources of the Kubernetes cluster.
Display Kubernetes resources in Azure Arc
Access the k3s Cluster from a Developer Computer with Azure Arc
Using the Azure Portal to access the Kubernetes cluster is nice but as a developer, I am used to using kubectl or any custom dashboards. To access the Kubernetes cluster from my Windows computer, I will use the following Azure CLI command.
Replace <TOKEN> with the previously created token. You can use this command on any computer as long as the Azure CLI is installed. The command downloads the Kubernetes config file, sets the context, and creates a proxy connection through Azure Arc to the Kubernetes cluster.
Create a connect to the Kubernetes Cluster
After the connection is established, open a new terminal window and use kubectl as you are used to. It is also possible to use any dashboard to display the resources from the Kubernetes cluster. I like to use Octant from VMWare but you can use whatever dashboard you feel comfortable. For more information about Octant and how to install it, see “Azure Kubernetes Service - Getting Started”
Access the Kubernetes Cluster with a dashboard
Conclusion
Using Azure Arc enables you to access an on-premises cluster securely from your machine or the Azure Portal. All you have to do is to create a user on the Kubernetes cluster and give this user the desired permissions. Then retrieve its access token and use this token to connect to the cluster.
This post is part of “Azure Arc Series - Manage an on-premises Kubernetes Cluster with Azure Arc”.
Comments powered by Disqus.