Welcome to the Linux Foundation Forum!

Lab 3.2 Creating deployment on Master


For Now I am just reading the labs due to my inability to install a master and worker node.

in lab 3.2 it says go back to the Master node to create the deployment.

Just confused does it matter which node you execute
kubectl create -f ....

As even if you execute this on the worker node would'nt it just communicate with the API server to create the deployment?

Or is there any specific reason why you want to create deployments on Master node.


  • bkclements

    I can think of 2 reasons to run kubectl on the master instead of the worker:

    1. kube-apiserver only runs on the master. If you run kubectl "somewhere else" (such as from the worker node), kubectl must connect to the master ip and port. In the case of this lab, the authors can always be sure that kubectl executed on the master will be able to reach kube-apiserver running on the master. If you run kubectl somewhere else, there's a chance some infrastructure config could block access to kube-apiserver.
    2. kubectl needs to authenticate to kube-apiserver. The k8smaster.sh setup process creates the ~/.kube/config file that kubectl uses to authenticate.

    You could copy ~/.kube/config to your worker node

    lets try it, on worker node, 'kubectl get pods' fails because I have not copied over the .kube/config file

    root@node1:~# kubectl get pods
    The connection to the server localhost:8080 was refused - did you specify the right host or port?

    I then copied ~/.kube/config from the master node to the worker. now the kubectl command works

    root@node1:~# kubectl get nodes
    node1   Ready    <none>   5d21h   v1.16.1
    node2   Ready    master   5d22h   v1.16.1
  • chrispokorni
    chrispokorni Posts: 2,208

    Hi @allensiho,

    For simplicity, the lab environment setup configures kubectl to run only from the master node - as pointed out by @bkclements, when the ~/.kube/config file is created.
    Kubectl is the Kubernetes CLI tool, allowing you to manage Kubernetes API resources by communicating directly with the API server running on the master node. For cluster security reasons kubectl should be configured to be used from a single location (either from inside or outside the cluster). In our case, it has been configured to run only from the master node. Therefore kubectl create -f ..., or any other kubectl ... commands should be issued from the master node.

    You are right however about the creation of a Deployment. Regardless of the location of the kubectl CLI tool together with its configuration file, by talking to the API server running on the master node it will request the creation of the Deployment API object and all of its related resources.


  • allensiho


Upcoming Training