Running Commands Across Multiple k8s Clusters

This was a 5-minute session given to a cohort of Kubernetes admins at a Meetup event.  It explains how I ran a command across multiple clusters.

Setup Krew (Optional)

This is optional. Krew is a utility to install kubectl and OpenShift extensions. I run my kubectl and oc sessions in a container as this makes managing multiple versions of the client easier and also allows having multiple, discrete login sessions. Go to (https://krew.sigs.k8s.io/docs/user-guide/setup/install/) for a bash script that will install the krew binary. Don't forget to add the krew binary location to your path. Kubectl/oc can automatically run these extensions in the current context if these are named oc-<extension-name> or kubectl-<extension-name> and they are in the path. 

For example, naming a file oc-gimli will allow it to be called with "oc gimli".

Install mc

Second, install the mc utility. Go to (https://jonnylangefeld.com/blog/introducing-kubectl-mc) for instructions.

Prime The Configuration File

Next, create a configuration file that includes all (or a subset) of the clusters you would like to manage. This file, when in use, contains tokens to access the cluster so ensure that it is in a secure location. By default this is in ~/.kube/config but this can be overridden with the KUBECONFIG environnment vairable or the --kubeconfig parameter when running kubectl/oc.  I create separate configurations for multiple clusters and contexts.  This file is created if it doesn't exist once you login to the cluster. 

apiVersion: v1

clusters:

- cluster:

    insecure-skip-tls-verify: true

    server: https://api.kind-cluster-01.sn01.digitalhermit.com:6443

  name: api-kind-cluster-01-sn01-digitalhermit-com:6443

contexts:

- context:

    cluster: api-kind-cluster-01-sn01-digitalhermit-com:6443

    namespace: default

    user: adm-kwan/api-kind-cluster-01-sn01-digitalhermit-com:6443

  name: default/api-kind-cluster-01-sn01-digitalhermit-com:6443/adm-kwan

current-context: default/api-kind-cluster-01-sn01-digitalhermit-com:6443/adm-kwan

kind: Config

preferences: {}

users:

- name: adm-kwan/api-kind-cluster-01-sn01-digitalhermit-com:6443

  user:

    token: sha256~<xxx-SECRET-xxx>

Here is an example login:

export KUBECONFIG=~/.kube/test-clusters.conf

oc login --username=adm-kwan https://api.kind-cluster-01.sn01.digitahermit.com:6443

Do this for each cluster or use token-based authentication.  This will update the configuration file to include a clusters, contexts and users section in the file. 

Profit

At this point you can use the mc tool and your config file to run commands across  multiple clusters. Here is an example running against my OKD clusters:

[kwan@vm-rhel9-005 k8s-client]$ oc mc get nodes

default/api-kind-cluster-01-sn01-digitalhermit-com:6443/adm-kwan

-------------------------------------------------------------

NAME                              STATUS   ROLES    AGE    VERSION

okd-cluster-01-c4dbm-master-0       Ready    master   131d   v1.25.12+ba5cc25

okd-cluster-01-c4dbm-worker-rjd7p   Ready    worker   18d    v1.25.12+ba5cc25

okd-cluster-01-c4dbm-worker-rsk74   Ready    worker   18d    v1.25.12+ba5cc25

default/api-kind-cluster-01-sn01-digitalhermit-com:6443/adm-kwan

-------------------------------------------------------------

NAME                              STATUS   ROLES    AGE   VERSION

okd-cluster-02-c9fcb-master-0       Ready    master   40d   v1.23.5+012e945

okd-cluster-02-c9fcb-master-1       Ready    master   40d   v1.23.5+012e945

okd-cluster-02-c9fcb-master-2       Ready    master   40d   v1.23.5+012e945

okd-cluster-02-c9fcb-worker-ltvb5   Ready    worker   40d   v1.23.5+012e945

okd-cluster-02-c9fcb-worker-p5qzl   Ready    worker   14d   v1.23.5+012e945

okd-cluster-02-c9fcb-worker-w2qkt   Ready    worker   40d   v1.23.5+012e945