Configure kubectl for remote access
Where you are
The cluster is running. The control plane and both worker nodes are up. Now you set up kubectl on the jumpbox so you can drive the cluster by name and confirm that it answers. You will build a kubeconfig file from the admin user credentials, then check the version and list the nodes.
Run the commands in this lab from the jumpbox machine.
Build the admin kubeconfig
Every kubeconfig file points at a Kubernetes API server to connect to.
You should be able to reach server.kubernetes.local because of the /etc/hosts entry you added in an earlier lab. Confirm the API server responds:
curl --cacert ca.crt \
https://server.kubernetes.local:6443/version
{
"major": "1",
"minor": "32",
"gitVersion": "v1.32.3",
"gitCommit": "32cc146f75aad04beaaa245a7157eb35063a9f99",
"gitTreeState": "clean",
"buildDate": "2025-03-11T19:52:21Z",
"goVersion": "go1.23.6",
"compiler": "gc",
"platform": "linux/arm64"
}
Generate a kubeconfig file that authenticates as the admin user:
{
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=ca.crt \
--embed-certs=true \
--server=https://server.kubernetes.local:6443
kubectl config set-credentials admin \
--client-certificate=admin.crt \
--client-key=admin.key
kubectl config set-context kubernetes-the-hard-way \
--cluster=kubernetes-the-hard-way \
--user=admin
kubectl config use-context kubernetes-the-hard-way
}
Running the commands above creates a kubeconfig file in the default location, ~/.kube/config, that the kubectl command line tool reads. Because it sits in the default location, you can run kubectl without passing a config file each time.
Verify the control plane answers
Check the version of the remote Kubernetes cluster:
kubectl version
Client Version: v1.32.3
Kustomize Version: v5.5.0
Server Version: v1.32.3
List the nodes in the remote Kubernetes cluster:
kubectl get nodes
NAME STATUS ROLES AGE VERSION
node-0 Ready <none> 10m v1.32.3
node-1 Ready <none> 10m v1.32.3
Both nodes report Ready. The control plane is reachable from the jumpbox, and you are driving it by name.
Key terms
kubectl: The command line tool you use to send instructions to a Kubernetes cluster. It reads a kubeconfig file to learn which cluster to contact and how to prove who you are.
admin kubeconfig: A file that holds three things: the address of the API server, the certificate authority that lets you trust that server, and the admin user’s client certificate and key that prove your identity. With it, kubectl can connect to the cluster as the admin user.
Reflect
The kubeconfig embeds the admin certificate, which grants full control of the cluster. If you needed to give a teammate read-only access instead, what part of this setup would you change?
Next: Add pod network routes