0

I have services defined in Kubernetes that I'd like to access from a Google Compute VM on the same network as my k8s cluster.

I've seen from this link that it is possible to ask the k8s API server how to access a service; trouble is I'm having trouble connecting to the API server:

vm2:~$ kubectl proxy &
[2] 1230
vm2:~$ curl http://localhost:8001/api/v1/namespaces/default/services/proxy/proxy
I1102 09:53:25.861513    1104 logs.go:41] http: proxy error: dial tcp [::1]:8080: getsockopt: connection refused

And I see that it seems to have the wrong API server address:

vm2:~$ kubectl cluster-info
Kubernetes master is running at http://localhost:8080
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

My API server address is in fact 109.x.x.x. Specifying the API server manually gets me the right server but it claims to have no resources:

vm2:~$ kubectl -s 109.x.x.x describe pods
the server doesn't have a resource type "pods"

And I get that for every resource type/command. If I run the same thing from my laptop (authenticated as myself) I see much more info about the pods, deployments and services which the cluster is running.

How do I get access from my VM to work, using my VM's service account?

Edit: forgot to mention that I've verified that my gcloud service account is coming through correctly to the VM:

vm2:~$ gcloud auth list
                  Credentialed Accounts
ACTIVE  ACCOUNT
*       proxy-service-account@xxxxxxxxxxxxxxx.iam.gserviceaccount.com
To set the active account, run:
    $ gcloud config set account `ACCOUNT`
Jonny
  • 151
  • 2

1 Answers1

1

Found it. It was as I thought related to authentication.

I needed to do this:

gcloud container clusters get-credentials <cluster name> --zone <zone> --project <gcp project>

After that, kubectl config view had much more output, including the correct API server address and access tokens, and now kubectl works as expected.

Jonny
  • 151
  • 2