In addition to the Container Service for Kubernetes (ACK) console, you can also use
the Kubernetes command-line tool kubectl to manage clusters and applications. This
topic describes how to connect to an ACK cluster from a kubectl client.
Background information
kubectl is a standard Kubernetes command-line tool. You can use kubectl to connect
to and manage all of the ACK cluster types, such as dedicated Kubernetes clusters,
managed Kubernetes clusters, and serverless Kubernetes (ASK) clusters. Managed Kubernetes
clusters include standard managed Kubernetes clusters and professional managed Kubernetes
clusters. For more information about kubectl, see kubectl.
Step 1: Install kubectl
- Select a client to install kubectl.
You can connect to a cluster over the Internet or through a private connection. We
recommend that you select a client based on the following information:
- Connect to the cluster over the Internet
If an elastic IP address (EIP) is associated with the API server of the cluster, the
API server is exposed to the Internet. In this case, the cluster that you want to
access does not have limits on the client that you choose. For more information about
how to enable public access to the API server, see Control public access to the API server of a cluster.
- Connect to the cluster through a private connection
If you want to connect to the cluster through a private connection, your client must
be deployed in the same virtual private cloud (VPC) as the cluster.
- Download and install kubectl on the client.
Step 2: Select a type of cluster credentials
Each ACK cluster provides two types of cluster credentials for you to connect to the
cluster over the Internet or through a private connection. The cluster credentials
are stored in a kubeconfig.
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, click Clusters.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster
or click Details in the Actions column. The details page of the cluster appears.
- On the Cluster Information page, click the Connection Information tab. Then, select cluster credentials for connecting to the cluster over the Internet
or through a private connection.
Note You can also use a temporary kubeconfig to control the validity period of the cluster
credentials. This allows you to access the cluster in a more flexible manner. For
more information, see
Generate a temporary kubeconfig.

Step 3: Add cluster credentials
By default, kubectl searches for a file named config in the $HOME/.kube directory from the client. The file stores the credentials for authenticating to
the cluster that you want to access. kubectl uses this file to connect to the cluster.
- Select the Public Access or Internal Access tab and then click Copy.
- Copy the cluster credentials to the config file in the $HOME/.kube directory, save the file, and exit.
Note If the .kube folder and the config file do not exist in the $HOME/ directory, you need to manually create the folder and file.
If a dedicated Kubernetes cluster is used and you have enabled SSH logon over the
Internet for the cluster, the
SSH tab appears on the
Connection Information tab. You can also log on to a master node by using SSH. After you add the cluster
credentials to the kubeconfig file, you can use kubectl to connect to and manage the
cluster. For more information about how to connect to a dedicated Kubernetes cluster
by using SSH, see
Connect to the master nodes of a dedicated Kubernetes cluster by using SSH.

Step 4: Verify the connectivity
After you add the cluster credentials, run the kubectl command to verify the connectivity to the cluster. Run the following command to query
the namespaces of the cluster:
kubectl get namespace
Expected output:
NAME STATUS AGE
default Active 4h39m
kube-node-lease Active 4h39m
kube-public Active 4h39m
kube-system Active 4h39m
Generate a temporary kubeconfig
You can use a temporary kubeconfig to store cluster credentials and set the validity
period of the temporary kubeconfig. This allows you to access the cluster in a more
flexible manner.
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, click Clusters.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster
or click Details in the Actions column. The details page of the cluster appears.
- On the Cluster Information page, click the Connection Information tab, and then click Generate Temporary kubeconfig.
- In the Temporary kubeconfig dialog box, set the validity period of the temporary kubeconfig and select a connection
mode: Public Access or Internal Access.

- To connect to the cluster over the Internet, select Public Access and click Generate Temporary kubeconfig. Then, click Copy to copy the content in the code block to the
$HOME/.kube/config
file on your client.
- To connect to the cluster through a private connection, select Internal Access and click Generate Temporary kubeconfig. Then, click Copy to copy the content in the code block to the
$HOME/.kube/config
file on your client.
Then, you can connect to the cluster by using the temporary kubeconfig. You cannot
connect to the cluster after the temporary kubeconfig expires.
Revoke a kubeconfig
You can revoke a kubeconfig that is no longer in use to ensure the security of the
cluster. For more information, see Revoke a KubeConfig credential.