2. Prepare your Environment: CLI Proxied Access
Establish the following environment variables on the Management cluster.
See Provide Context for Commands with a kubeconfig File for more information around switching cluster contexts.
The following commands allow you to run most commands without replacing the information manually.
Set the
WORKSPACE_NAMESPACE
environment variable to the name of your network-restricted cluster’s workspace namespace:CODEexport WORKSPACE_NAMESPACE=<workspace namespace>
Set the variable to the proxy domain through which your cluster should be available:
CODETUNNEL_PROXY_EXTERNAL_DOMAIN=<myclusterproxy.example.com>
If you want to use the external-dns
service, specify a TUNNEL_PROXY_EXTERNAL_DOMAIN
that is within the zones specified in the --domain-filter
argument of the external-dns deployment manifest stored on the Management cluster.
For example, if the filter is set to example.com
, a possible domain for the TUNNEL_PROXY_EXTERNAL_DOMAIN
would be myclusterproxy.example.com
.
Establish a variable that points to the name of the network-restricted cluster:
The name of the network-restricted cluster is established in the KommanderCluster object.CODENETWORK_RESTRICTED_CLUSTER=<name_of_restricted_cluster>
Given that each cluster can only have one proxy domain, reuse the name of the network-restricted cluster for the proxy object:
CODETUNNEL_PROXY_NAME=${NETWORK_RESTRICTED_CLUSTER}
Obtain the name of the connector and set it to a variable:
CODETUNNEL_CONNECTOR_NAME=$(kubectl get kommandercluster -n ${WORKSPACE_NAMESPACE} ${NETWORK_RESTRICTED_CLUSTER} -o template='{{ .spec.clusterTunnelConnectorRef.name }}')