Accessing a Cluster Using Kubectl

Find out how to use kubectl to access a Kubernetes cluster you've created using Container Engine for Kubernetes (OKE).

You can use the Kubernetes command line tool kubectl to perform operations on a cluster you've created with Container Engine for Kubernetes. You can use the kubectl installation included in Cloud Shell, or you can use a local installation of kubectl. In both cases, before you can use kubectl to access a cluster, you have to specify the cluster on which to perform operations by setting up the cluster's kubeconfig file.

Note the following:

  • An Oracle Cloud Infrastructure CLI command in the kubeconfig file generates authentication tokens that are short-lived, cluster-scoped, and specific to individual users. As a result, you cannot share kubeconfig files between users to access Kubernetes clusters. The generated authentication tokens are also unsuitable if you want other processes and tools to access the cluster, such as continuous integration and continuous delivery (CI/CD) tools. In this case, consider creating a Kubernetes service account and adding its associated authentication token to the kubeconfig file. For more information, see Adding a Service Account Authentication Token to a Kubeconfig File.

  • The version of kubectl you use must be compatible with the version of Kubernetes running on clusters created by Container Engine for Kubernetes. In the case of Cloud Shell, kubectl is regularly updated so it is always compatible with the versions of Kubernetes currently supported by Container Engine for Kubernetes. In the case of a local installation of kubectl, it is your responsibility to update kubectl regularly. For more information about compatibility between different versions of kubernetes and kubectl, see the Kubernetes documentation.

  • To access a cluster with a private Kubernetes API endpoint using kubectl in Cloud Shell or from a local terminal, you can configure a bastion using the Oracle Cloud Infrastructure Bastion service. For more information, see Setting Up a Bastion for Cluster Access.

Accessing a Cluster Using kubectl in Cloud Shell

To access a cluster using kubectl in Cloud Shell:

  1. If you haven't already done so, follow the steps to set up the cluster's kubeconfig configuration file for use in Cloud Shell, and (if necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up your own kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up. See Setting Up Cloud Shell Access to Clusters.
  2. In the Cloud Shell window, enter kubectl followed by the command for the operation you want to perform on the cluster. For a list of available commands and options, see the kubectl documentation.

    Note that you must have the appropriate permissions to run the command you enter. See About Access Control and Container Engine for Kubernetes.

Accessing a Cluster Using kubectl Installed Locally

To access a cluster using kubectl installed locally:

  1. If you haven't already done so, install kubectl (see the kubectl documentation).
  2. If you haven't already done so, follow the steps to set up the cluster's kubeconfig configuration file for use locally, and (if necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up your own kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up. You might also need to set the OCI_CLI_PROFILE environment variable to the name of the profile defined in the CLI configuration file before running kubectl commands. See Setting Up Local Access to Clusters.
  3. In a local terminal window, enter kubectl followed by the command for the operation you want to perform on the cluster. For a list of available commands and options, see the kubectl documentation.

    Note that you must have the appropriate permissions to run the command you enter. See About Access Control and Container Engine for Kubernetes.