Unable to access k3s cluster

[tejaswi.rohit]

Hello,

I've recently deployed TrueNAS SCALE 21.04 and have been trying to access k3s cluster from my local machine(kubectl), but I'm presented with connection time out for any request.

It used to work on TrueNAS SCALE 20 .12. There isn't any configuration change as far as I remember that could have lead to this.

Is there a current limitation to access the cluster outside the node?

Steps to reproduce:
1. Copied cluster config from /etc/rancher/k3s/k3s.yaml
2. Updated server address from 127.0.0.1 to the node's IP address
3. Ran kubectl cluster-info

 

[waqarahmed]

@tejaswi.rohit we do not allow the cluster to be accessible from the outside directly due to security constraints as that can potentially mean change in the behavior of the cluster like perhaps adding another node. Please feel free to file a suggestion ticket at https://jira.ixsystems.com outlining your use case and we can see what we can do about it then. Thank you.

 

[ornias]

@tejaswi.rohit we do not allow the cluster to be accessible from the outside directly due to security constraints as that can potentially mean change in the behavior of the cluster like perhaps adding another node. Please feel free to file a suggestion ticket at https://jira.ixsystems.com outlining your use case and we can see what we can do about it then. Thank you.

Also a small addition to this:
Normally one would also harden the k8s/k3s stack to prevent abuse, this is also not done yet.

So besides breaking/messing-up the current implementation on SCALE, it's also not secured at-all.

 

[xinfli]

So it's impossible to connect the k8s cluster from external? can I manage the cluster from shell?

Thanks!