I'm currently doing an internship in devsecops, and I've been given access to our company's Kubernetes cluster. The process involves connecting to the company's VPN first, then SSHing into one of the three master nodes using a user account called 'intern'. After that, I'm able to run kubectl commands from there. I wanted to check if this is the best method to work with the cluster. Shouldn't I be able to communicate with the cluster directly from my machine without needing to SSH into a master node?
2 Answers
SSHing to the master node is one way to do it, especially if the control plane is tightly firewalled. But there are definitely smoother approaches out there. It'd be worth checking if direct kubectl access is possible.
Well, you can definitely access it this way, but it's not the most efficient. It sounds like whoever set this up wasn't keen on configuring proper firewall rules and routes. The kubectl authentication is pretty secure as is, so you could simplify things a bit.
Right? The master node hosts the admin configurations, and even if the 'intern' user is limited, you could still potentially access more than you should.