Using kubectl through SSH

This method comes very handy when accessing a kubernetes api server on a master/control plane node which is instantiated with kubeadm in the public cloud. Cause the port 6443 of that node has to be open to public access. Instead of that, the same node can be used as an SSH server and through the SSH channel kubectl api server communication can be tunneled. Same can be done in a more structured way by using bastion hosts which is explained in this article.

  1. Things to configure in kubeconfig :
  • Repoint the api server to : localhost’ s port 6443
  • Repoint the tls server to the clusterip of the kubernetes service. Otherwise certificate error is generated because the only IPs that are included in the apiserver certificate is the actual apiserver IP and the internal clusterIP of the api service (which is

2. Configuring the access on the client :

  • Copy the kubectl config file from the kubeadm master/control plane node to the client
  • Set the kubeconfig environment variable

3. Instantiate the ssh tunnel

With the configurations done above, the master/control plane node will be open to SSH requests and from the client to the master only SSH will be established. Yet kubectl commands can be used on the client to access the apiserver on the master/control plane node.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store