Open displague opened 2 years ago
Perhaps bastion_kubeconfig should be set to /etc/kubernetes/kubeconfig
The contents of this file include https://localhost:6443
when the bastion node is not forwarding that port to the loadbalancer.
Perhaps this should be https://api-int.{clustername}.{basedomain}:6443/
Since (line), on the bastion node, ~/.kube/config
has a working config for oc
:
[root@lb-0 ~]# oc get nodes
NAME STATUS ROLES AGE VERSION
master-0.mos.example.com Ready control-plane,master 4d v1.25.16+306a47e
master-1.mos.example.com Ready control-plane,master 4d v1.25.16+306a47e
master-2.mos.example.com Ready control-plane,master 4d v1.25.16+306a47e
worker-0.mos.example.com Ready worker 4d v1.25.16+306a47e
worker-1.mos.example.com Ready worker 4d v1.25.16+306a47e
--- /tmp/artifacts/install/auth/kubeconfig 2024-06-13 09:21:35.225960744 -0400
+++ /root/.kube/config 2024-06-13 09:21:31.742958507 -0400
@@ -3,22 +3,13 @@
- cluster:
certificate-authority-data: ...
server: https://api.mos.example-com:6443
- name: api-mos-example-com:6443
-- cluster:
- certificate-authority-data: ...
- server: https://api.mos.example-com:6443
name: mos
contexts:
- context:
cluster: mos
user: admin
name: admin
-- context:
- cluster: api-mos-example-com:6443
- namespace: openshift-nfs-storage
- user: system:admin/api-mos-example-com:6443
- name: openshift-nfs-storage/api-mos-example-com:6443/system:admin
-current-context: openshift-nfs-storage/api-mos-example-com:6443/system:admin
+current-context: admin
kind: Config
preferences: {}
users:
@@ -26,7 +17,3 @@
user:
client-certificate-data: ...
client-key-data: ...
-- name: system:admin/api-mos-example-com:6443
- user:
- client-certificate-data: ...
- client-key-data: ...
kubectl
only resides in /tmp/artifacts
.
There are places in the config, during install, where the /root/.kube copy could be used. The documentation should be updated to prefer this copy in any case.
For operations where the bastion kubeconfig is needed on subsequent bootups, the file should be stored in a permanent location. Currently, this file is stored in /tmp.
/tmp/artifacts/install/auth/kubeconfig