Register K3S

Steps to register K3S Cluster in gopaddle

K3S cluster can be registered in gopaddle either using its public IP address or a fully qualified domain name (FQDN) or securely via a Bastion Host or a Jump server.

1. Prepare Kubernetes Environment

Port Configuration

Make sure port the cluster API server port (default 6443) is open to public.

Configure Subject Alternative Names (SAN)

Add Subject Alternative Names (SAN) on the K3S server TLS cert. If SAN does not exist for the API endpoint, add the below in the cluster configuration.

a) Login to the K3S master node.

b) Create/edit the file /etc/rancher/k3s/config.yaml file with the below configuration :

tls-san:
  <public-ip-address> # or <fully-qualified-domain-name> 
  # <private_ip_addres> in case of bastion host configuration

c) Restart the k3s server service

sudo systemctl stop k3s
sudo systemctl start k3s

d) Check the status of the k3s service and make sure it is in running state.

systemctl status k3s

2. Copy Kubernetes Config file

Copy /etc/rancher/k3s/k3s.yaml in to your local desktop as kube.config

3. Validate Connection from Local Desktop Environment

Edit the server section in kube.config to point to the Cluster API server public IP address or its FQDN.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <cert-auth-data>
    server: https://<public-ip_or_fqdn>::<cluster_port>
  name: default
contexts:
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
  user:
    client-certificate-data: <client-cert-data>
    client-key-data: <client-key-data>

Verify if kube configuration works.

export KUBECONFIG=$(pwd)/kube.config
kubectl get ns

Use this kube.config file to register the cluster in gopaddle.

Set up SSH Tunnel locally to validate bastion host configuration

ssh -v -L <local_port>:<cluster_private_ip>:<cluster_port> <bastion_user>@<bastion_public_ip> -i <bastion-ssh-pem-file> -N

Eg:

ssh -v -L 6443:10.0.141.106:6443 [email protected] -i bastion.pem -N

Verify if tunnel configuration works.

export KUBECONFIG=$(pwd)/kube.config
kubectl get ns

IMPORTANT: Update the kube.config file such that the server attribute points to the private cluster IP address.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <cert-auth-data>
    server: https://<private_ip>:<cluster_port>
  name: default
contexts:
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
  user:
    client-certificate-data: <client-cert-data>
    client-key-data: <client-key-data>

4. Register the Cluster in gopaddle

In the gopaddle UI, navigate to the Clusters section
Click on Add a Cluster and select Register an existing Cluster
In the Cluster registration wizard, select the Cluster Access Method as Kube Config
Choose the Cluster Provider type as Other
In the Authentication Step, upload the Kubernetes config file gathered under section "Validate Connection from Local Desktop Environment"

If you have configured a bastion host, provide the Bastion Host IP, SSH Pem file, SSH port

If you are using a Bastion Host setup, make sure the Bastion Host IP and Port are accessible publicly. If you are looking for a private only setup, get in touch with us to explore gopaddle Enterprises.

Click on Finish to register the On-premises Cluster.
If you see the error - Network Error ! ServerError: Response not successful: Received status code 503, while view the cluster resources, then check this troubleshooting section for more information.

PreviousRegister Rancher Prime - RKE2 NextRegister MicroK8s

Last updated 1 year ago