# Register minikube

minikube cluster can be registered in gopaddle either using its public IP address or a fully qualified domain name (FQDN) or securely via a Bastion Host or a Jump server.

### 1. Port Configuration

{% tabs %}
{% tab title="Public Access (Public IP / FQDN)" %}
{% hint style="info" %}
In the steps to follow, we will be configuring Nginx server to proxy the requests to the Cluster API server. Make sure port the Nginx server port **(default 80)** is open to public. 
{% endhint %}
{% endtab %}

{% tab title="Bastion Host" %}

### Port Configuration

{% hint style="info" %}
In the steps to follow, we will be configuring Nginx server to proxy the requests to the Cluster API server. Make sure the Nginx server port **(default 80)** is open to the Bastion host and the Bastion host / Jump server SSH port (**default 22**) is open to public.
{% endhint %}
{% endtab %}
{% endtabs %}

### 2. Set up Nginx Proxy

1. Install Python3 and Pip, if not already installed.

```
sudo apt install python3 -y
sudo apt install python3-pip -y
python3 --version
```

2. Install **pyyaml** dependency

```
pip install pyyaml
```

3. Make a temporary directory to download the scripts

```
export TMP_DIR=$HOME/gp_temp/
mkdir -p $TMP_DIR
```

4. Download the script to extract and expand the CA Certificate, Client Certificate and Key data in the Kubernetes configuration.

<pre><code><strong>curl -o $TMP_DIR/replace-cert-data.sh https://gpscripts.s3.amazonaws.com/replace-cert-data.sh
</strong>chmod +x $TMP_DIR/replace-cert-data.sh
</code></pre>

5. Install kubectl command line tool, if not installed already.

```
sudo snap install kubectl --classic
```

6. Install yq tool to filter Kubernetes YAML file contents.

```
sudo snap install yq
```

7. Run the replace script to extract and expand the CA Certificate, Client Certificate and Key data in the Kubernetes configuration

<pre><code><strong>sh $TMP_DIR/replace-cert-data.sh $TMP_DIR
</strong></code></pre>

8. Download the script to extract the API server URL, CA Authority, Client certificate and key data from the default Kubernetes Configuration file.

```
curl -o $TMP_DIR/cluster-extract-config.py https://gpscripts.s3.amazonaws.com/cluster-extract-config.py
chmod +x $TMP_DIR/cluster-extract-config.py
```

9. Verify if the extraction script works as expected.&#x20;

<pre><code><strong>python3 $TMP_DIR/cluster-extract-config.py API_SERVER_URL --tmp-dir $TMP_DIR
</strong></code></pre>

The output of this execution must result in a similar output like this - Eg output. `https://127.0.0.1:40773`  Note that the ports might differ based on the cluster configuration.

10. Install Nginx and set HTTP basic authentication for the user named **minikube**.&#x20;

```
sudo apt-get install apache2-utils -y
sudo mkdir /etc/nginx/
sudo htpasswd -c /etc/nginx/.htpasswd minikube
```

11. Download the scripts to prepare the Nginx configuration and SSL certificate files

```
curl -o $TMP_DIR/cluster-setup-nginx-config.sh https://gpscripts.s3.amazonaws.com/cluster-setup-nginx-config.sh
chmod +x $TMP_DIR/cluster-setup-nginx-config.sh
```

12. Prepare the Nginx configuration and SSL certificate files

<pre><code><strong>sudo mkdir /etc/nginx/certs
</strong>sudo mkdir /etc/nginx/conf.d
sudo sh $TMP_DIR/cluster-setup-nginx-config.sh  $TMP_DIR
</code></pre>

13. Install docker, if not already installed. Check the steps [here](https://docs.docker.com/engine/install/ubuntu/) to install docker.
14. Run Nginx container with the configuration and SSL certificate files.

```
sudo docker run -d --name nginx  --network host -v /etc/nginx/conf.d/:/etc/nginx/conf.d -v /etc/nginx/.htpasswd:/etc/nginx/.htpasswd -v /etc/nginx/certs/cluster.cert:/etc/nginx/certs/cluster.cert -v /etc/nginx/certs/cluster.key:/etc/nginx/certs/cluster.key nginx
```

15. Check if Nginx proxy works **(skip this step for bastion host setup)**

Open a browser session with the public IP address or the FQDN of the cluster master node. Eg. http\://\<public\_ip>

This must show a popup for authentication. Enter the Username as **kind** and password set in step 6.

<figure><img src="https://234395929-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5QxXxCob5M5VXQJTryRc%2Fuploads%2FngGwBXA03l7IVmBDPff8%2FScreen%20Shot%202024-04-18%20at%208.56.31%20AM.png?alt=media&#x26;token=23f0ac74-1395-460b-aee4-38fb77ef00ee" alt=""><figcaption></figcaption></figure>

16. Copy the **kube.config** file to your local desktop environment

```
cat $TMP_DIR/kube.config
```

### 3. Validate Connection from Local Desktop Environment

{% tabs %}
{% tab title="Public Access (Public IP / FQDN)" %}

1. Edit the **kube.config** and replace the server with the Nginx endpoint with basic authentication like this - http\://\<httpd\_user>:\<http\_password>@\<public-ip\_or\_fqdn>&#x20;

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>Based our Nginx configuration in this example, the protocol must be <strong>http</strong> and not <strong>https</strong></p></div>

```yaml
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <cert-auth-data>
    server: http://minikube:<http_passwd>@<public-ip_or_fqdn>
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate-data: <client-cert-data>
    client-key-data: <client-key-data>
```

2. Verify if kube configuration works.

```
export KUBECONFIG=$(pwd)/kube.config
kubectl get ns
```

3. **Use this kube.config file to register the cluster in gopaddle.**
   {% endtab %}

{% tab title="Bastion Host" %}

1. Set up SSH Tunnel locally to validate bastion host configuration

```
ssh -v -L <local_port>:<cluster_private_ip>:<cluster_nginxx_port> <bastion_user>@<bastion_public_ip> -i <bastion-ssh-pem-file> -N
```

Eg:

```
ssh -v -L 8090:10.0.138.148:80 ubuntu@34.201.100.49 -i bastion.pem -N
```

2. Edit the **kube.config** and replace the server with the Nginx endpoint with basic authentication like this - http\://\<httpd\_user>:\<http\_password>@\<public-ip\_or\_fqdn>

```yaml
apiVersion: v1
clusters:
  - cluster:
      server: http://minikube:<http_passwd>:localhost:<bastion_port> # Eg. 8090
      certificate-authority-data: <certificate-authority-data>
    name: minikube
contexts:
  - context:
      cluster: minikube
      namespace: default
      user: minikube
    name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
  - name: minikube
    user:
      client-certificate-data: <client-certificate-data>
      client-key-data: <client-key-data>
```

3. Verify if tunnel configuration works.

```
export KUBECONFIG=$(pwd)/kube.config
kubectl get ns
```

4. **IMPORTANT**: Revert the **kube.config** file such the server points to the private cluster IP address and the cluster port.&#x20;

```yaml
apiVersion: v1
clusters:
  - cluster:
      server: http://minikube:<http_passwd>:<private_ip>:80
      certificate-authority-data: <certificate-authority-data>
    name: minikube
contexts:
  - context:
      cluster: minikube
      namespace: default
      user: minikube
    name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
  - name: minikube
    user:
      client-certificate-data: <client-certificate-data>
      client-key-data: <client-key-data>
```

4. Use this **kube.config** file to register the cluster in gopaddle.
   {% endtab %}
   {% endtabs %}

### 4. Register the Cluster in gopaddle

1. In the gopaddle UI, navigate to the **Clusters** section
2. Click on **Add a Cluster** and select **Register an existing Cluster**
3. In the Cluster registration wizard, select the **Cluster Access Method** as **Kube Config**&#x20;
4. Choose the **Cluster Provider** type as **Other**
5. In the **Authentication** Step, upload the Kubernetes config file gathered under section "**Validate Connection from Local Desktop Environment**".

<figure><img src="https://234395929-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5QxXxCob5M5VXQJTryRc%2Fuploads%2ForsUeftiQosV8yii9FrM%2Fregister-cluster-authentication.png?alt=media&#x26;token=fe7ee227-c530-4855-8862-540d53f8b6bc" alt=""><figcaption><p>Upload the Kubeconfig file</p></figcaption></figure>

6. If you have configured a bastion host, provide the Bastion Host IP, SSH Pem file, SSH port

{% hint style="info" %}
If you are using a Bastion Host setup, make sure the Bastion Host IP and Port are accessible publicly. If you are looking for a private only setup, get in touch with us to  explore gopaddle Enterprises.
{% endhint %}

<figure><img src="https://234395929-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5QxXxCob5M5VXQJTryRc%2Fuploads%2FdaVEz4heTemMf08hbHlx%2Fregister-cluster-bastion.png?alt=media&#x26;token=b4bb4be2-375b-43c8-8ce7-d77fff28f23a" alt=""><figcaption><p>Provide the Bastion Host Connection Details</p></figcaption></figure>

7. Click on **Finish** to register the On-premises Cluster.
8. If you see the error - <mark style="color:red;">**Network Error !**</mark> <mark style="color:red;"></mark><mark style="color:red;">ServerError: Response not successful: Received status code 503</mark>, while view the cluster resources, then check this [troubleshooting](https://help.gopaddle.io/troubleshooting/cluster-resource-view-issues/network-error-servererror-response-not-successful-received-status-code-503) section for more information.