4 Must-Know Tips for Managing Kubernetes Clusters on Hyperstack

Are you managing containerised applications at scale and finding it overwhelming? Setting up and maintaining a Kubernetes cluster can take a lot of time, from provisioning the right infrastructure to handling updates and ensuring seamless operations. 

Thankfully, with our on-demand Kubernetes cluster provisioning, you can deploy and manage your containerised applications quickly. Just select a few parameters, such as your preferred Kubernetes version and node type, and your cluster is ready to go with minimal effort.

In our latest article, we provide essential tips to streamline your work with Hyperstack Kubernetes clusters.

Tip 1: Interact with Your Kubernetes Cluster

You can interact with your Kubernetes cluster using either of the following methods:

Option 1: Use the Bastion Node

Connect to the bastion node using the SSH key provided during cluster creation. Replace KEYPAIR_PATH with the path to your SSH key and BASTION_IP_ADDRESS with the bastion node's IP address.

BASTION_IP_ADDRESS="38.80.122.252"
KEYPAIR_PATH="../_ssh_keys/example-k8s-key_hyperstack"
ssh -i $KEYPAIR_PATH ubuntu@$BASTION_IP_ADDRESS

Once connected, use kubectl to interact with the cluster:

kubectl get nodes

Option 2: Use the Kubeconfig File

1. Retrieve the kubeconfig file from the cluster details and save it to a file (e.g., kubeconfig.yaml). Replace {id} with the cluster ID and [API_KEY] with your API key.

# Retrieve the kubeconfig file (base64 encoded)
B64_KUBECONFIG = $(curl --location 'https://infrahub-api.nexgencloud.com/v1/core/clusters/{id}' --header 'api_key: [API_KEY]' | jq -r '.cluster.kube_config')

# Save the kubeconfig file to a file
echo $B64_KUBECONFIG | base64 -d > kubeconfig.yaml

2. Alternatively, you can retrieve the kubeconfig file via Terraform (currently in alpha). You will need the output variable below. For a full example, see the instructions here.

output "kube_config" {
value = base64decode(hyperstack_core_cluster.my_k8s.kube_config)
}

3. Set the KUBECONFIG environment variable:

export KUBECONFIG=kubeconfig.yaml

4. Then, use kubectl to access the cluster:

kubectl get nodes

Tip 2: Enable the Kubernetes Dashboard

Want an easier way to manage your Kubernetes resources? The web-based Kubernetes Dashboard isn’t enabled by default on Hyperstack Kubernetes clusters, but you can turn it on by following a few simple steps below:

1. Open a new terminal session on your bastion server with this command “screen”. 

2. Add the Kubernetes Dashboard repository to your setup.

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/

3. Deploy the dashboard using Helm for a smooth installation.

helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

4. Generate a bearer token to securely access the dashboard.

kubectl -n kubernetes-dashboard create serviceaccount kubernetes-dashboard
kubectl -n kubernetes-dashboard create token kubernetes-dashboard

5. Assign the right permissions to the dashboard service account for full functionality.

kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard

6. Forward the dashboard service to access it locally from your machine.

kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443

You can easily exit the screen session by pressing Ctrl+A, D

Tip 3: Whitelist IP Addresses for Third-Party Services

Do you need third-party services to reach your cluster? You can simply whitelist the worker node IPs and retrieve them using these commands from the bastion node:

# List nodes
kubectl get nodes

# Open a debug terminal in a worker node (see example command below)
kubectl debug node/kube-cluster-1729305379-default-worker-0 -it --image=busybox

# Retrieve the IP address
wget -qO- ifconfig.me

# Expected output:
# 38.80.122.72

Tip 4: Firewall Settings for Nodes

By default, Hyperstack Kubernetes clusters come with robust network security. The bastion node and load balancer are accessible via public IPs, but the master and worker nodes stay hidden from the public internet. Worker nodes only communicate with the master and bastion nodes over the internal network, while the master node connects internally through the bastion.

Need to tweak these settings? Here’s what to watch out for:

• Inter-node communication is wide open by default on worker nodes.
• Enabling a public IP on worker nodes exposes all ports to the internet—proceed with caution!
• Want tighter control? Always configure firewall rules before assigning public IPs to limit exposure and protect your cluster.

Conclusion

Managing Kubernetes clusters doesn’t have to be complex. With Hyperstack’s on-demand Kubernetes clusters, you can quickly deploy and manage your containerised applications while maintaining security and performance. From interacting with your cluster to fine-tuning firewall settings, these tips will help you maximise efficiency. 

Currently in Beta testing, Hyperstack's on-demand Kubernetes is accessible through our API guide. Ready to get started? Check out the API Guide below!

Explore More on Kubernetes:

• Kubernetes Architecture: The Ultimate Guide

• Setting Up Kubernetes Clusters on Hyperstack

• Why Kubernetes is Essential for AI Workloads

• How to Get Started with LLMs and Kubernetes

• Why Use Kubernetes for Generative AI

FAQs

How do I access my Kubernetes cluster on Hyperstack?

You can connect via the bastion node using SSH or configure access using the kubeconfig file.

Is the Kubernetes Dashboard enabled by default?

No, but you can easily enable it using Helm with a few configuration steps.

How can I secure my worker nodes?

By default, worker nodes are hidden from the public Internet. Only after configuring strict firewall rules can public IPs be assigned.

Can third-party services connect to my cluster?

Yes, whitelist the worker node IPs to allow third-party access as needed.