Installing the client bundle
A convenience playbook is provided to install and apply the client bundle on the Ansible controller. To run the playbook:
# cd ~/Docker-Synergy
# ansible-playbook -i hosts playbooks/install_client_bundle.yml --vault-password-file .vault_pass
The client bundle is downloaded to ~/certs.<<ucp_instance>>.<<ucp_username>>
on the Ansible controller where ucp_instance
will
be specific to the cluster you are running against, for example, hpe2-ucp01
and the ucp-username
is typically admin
.
The playbook downloads the client bundle, but does not configure it for use. Change to the download folder
and execute eval "$(<env.sh)"
# cd ~/certs.hpe2-ucp01.admin
# eval "$(<env.sh)"
Test the configuration by again running the kubectl version
command - this time, it should now report
the server version as well as the client version:
# kubectl version
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.5", GitCommit:"753b2dbc622f5cc417845f0ff8a77f539a4213ea", GitTreeState:"clean", BuildDate:"2018-11-26T14:41:50Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11+", GitVersion:"v1.11.5-docker-1", GitCommit:"d512ba512d0de40cd80258f480ff66bf71f2d8a4", GitTreeState:"clean", BuildDate:"2018-12-03T19:55:14Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
More information on the client bundle is available at https://docs.docker.com/ee/ucp/user-access/cli/#download-client-certificates-by-using-the-rest-api