Skip to content

Managing a Kubernetes cluster

Once you have launched a new cluster, you can interact with it using kubectl and a kubeconfig file.


You must install the Kubernetes command line tool, kubectl, on your local computer, and run commands against your cluster. To install kubectl, follow the relevant Kubernetes documentation.

Extracting the kubeconfig file

Click on the cluster to expand its properties, and open KubeConfig.

KubeConfig tab in Gardener Shoot view

Click the blue button labeled Download KubeConfig. Almost instantaneously, in the default download folder of your computer, you will get a configuration file with a name similar to kubeconfig--<cluster_name>--<region_name>--<project_id>.yaml. Create a directory named .kube in your local user’s home, then move the YAML file you downloaded into it. Rename the YAML to config, ending up with ~/.kube/config.

By default, kubectl searches for its configuration in ~/.kube/config, but you can modify this behavior by setting the KUBECONFIG environment variable, if needed. For example, if you want to retain the original filename as downloaded, you might use:

export KUBECONFIG=~/.kube/kubeconfig--<cluster_name>--<region_name>--<project_id>.yaml

You may prefer this approach if you manage multiple Kubernetes clusters.

Verifying your kubeconfig

Check if your kubectl uses the proper configuration by running:

kubectl config view

You should see something like this:

apiVersion: v1
  - cluster:
      certificate-authority-data: DATA+OMITTED
    name: shoot--p40698--test-cluster
  - context:
      cluster: shoot--p40698--test-cluster
      user: shoot--p40698--test-cluster-token
    name: shoot--p40698--test-cluster
current-context: shoot--p40698--test-cluster
kind: Config
preferences: { }
  - name: shoot--p40698--test-cluster-token
      token: REDACTED

You will notice that the cluster API endpoint (the server entry in your kubeconfig) is a dynamically managed DNS address. Gardener in Cleura Cloud automatically created the DNS record upon shoot cluster creation.

The DNS record will subsequently disappear when you delete the cluster. The DNS record also disappears when you hibernate the shoot cluster, and reappears when you wake it from hibernation.

Accessing your cluster with kubectl

Check your available nodes by running:

kubectl get nodes

Assuming you used the default options when creating the cluster, you should now see the one Gardener worker node that is initially available:

NAME                                                STATUS   ROLES    AGE    VERSION
shoot--p40698--test-cluster-czg4zf-z1-5d7b5-bfl7p   Ready    <none>   156m   v1.24.3

Please note that in contrast to an OpenStack Magnum-managed Kubernetes cluster (where the output of kubectl get nodes includes control plane and worker nodes), in a Gardener cluster the same command only lists the worker nodes.

Deploying an application

Create a sample deployment with a Hello World application:

kubectl create deployment hello-node
kubectl expose deployment hello-node --type=LoadBalancer --port=8080

To access the created app, list the available services:

kubectl get services

You should get the load balancer service with its external IP and port number:

NAME         TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)          AGE
hello-node   LoadBalancer   8080:32039/TCP   34m
kubernetes   ClusterIP      <none>          443/TCP          3h46m

Open a browser to (substituting the correct EXTERNAL-IP listed for your service). You should see the page of the Hello World app.

Last update: 2023-12-05
Created: 2023-03-14
Authors: Christos Varelas, Florian Haas