How can I make 'Authorized Cluster Endpoint' feature, enabled default for Rancher created clusters available to existing clusters imported in Rancher

10/3/2019

We have a set of kubernetes clusters(target clusters) created outside of Rancher (2.x) and we are evaluating Rancher for Access Management. Have tried the following workflow:

1- Analyze on to make Rancher cluster high available behavior/Ensure the target cluster access is available to users:

a)  Rancher in HA mode: Done

b)  In-case of failure of whole Rancher HA Cluster ( depending on our experiences in the past):
   -    Backup Restore: Done
   -    Setup a Master<-> Slave setup for Rancher cluster sharing or replicating etcd database: Idea Discarded. Too complicated to realize. 
   -    Un-interrupted access to users by allowing them direct access to target cluster API Server while Rancher cluster is down: Evaluating.

We know this 'Authorized Cluster Endpoint' feature provides a way to connect to rancher launched target clusters directly bypassing rancher api by an additional context entry in kubeconfig file downloaded by rancher.

Can I enable this feature somehow in existing clusters imported in Rancher as well so that users of target clusters get a similar dual context'ed kubeconfig file downloaded from Rancher for users to connect to directly target cluster API server in case of failure of Rancher HA cluster.

We do not want to modify the kubeconfig file manually (or ask the users to do it) to include direct access to target cluster's api server.

-- Nishith Tiwari
api
kubernetes
rancher
rancher-rke
rbac

1 Answer

11/12/2019

No, as stated here Authorized Cluster Endpoint feature is only available for cluster created by Rancher itself.

-- Shinebayar G
Source: StackOverflow