Connect to Cluster via kubectl

CCE CCE

  • Function Release Records
  • Common Tools
    • Command Line Scenario Examples
  • API Reference
    • Overview
    • Common Headers and Error Responses
    • General Description
  • Product Announcement
    • Announcement on the Discontinuation of CCE Standalone Clusters
    • CCE New Cluster Management Release Announcement
    • Upgrade Announcement for CCE Cluster Audit Component kube-external-auditor
    • CCE Console Upgrade Announcement
    • Announcement on Management Fees for CCE Managed Clusters
    • Container Runtime Version Release Notes
    • Announcement on the Decommissioning of CCE Image Repository
    • Kubernetes Version Release Notes
      • CCE Release of Kubernetes v1_26 History
      • CCE Kubernetes Version Update Notes
      • CCE Release of Kubernetes v1_24 History
      • CCE Release of Kubernetes v1_30 History
      • CCE Release of Kubernetes v1_22 History
      • CCE Release of Kubernetes v1_18 History
      • CCE Release of Kubernetes v1_20 History
      • CCE Release of Kubernetes v1_28 History
      • Release Notes for CCE Kubernetes 1_31 Version
      • Kubernetes Version Overview and Mechanism
    • Security Vulnerability Fix Announcement
      • Vulnerability CVE-2019-5736 Fix Announcement
      • Vulnerability CVE-2021-30465 Fix Announcement
      • CVE-2025-1097, CVE-2025-1098, and Other Vulnerabilities Fix Announcement
      • CVE-2020-14386 Vulnerability Fix Announcement
      • Impact Statement on runc Security Issue (CVE-2024-21626)
  • Service Level Agreement (SLA)
    • CCE Service Level Agreement SLA (V1_0)
  • Typical Practices
    • Pod Anomaly Troubleshooting
    • Adding CGroup V2 Node
    • Common Linux System Configuration Parameters Description
    • Encrypting etcd Data Using KMS
    • Configuring Container Network Parameters Using CNI
    • CCE - Public Network Access Practice
    • Practice of using private images in CCE clusters
    • Unified Access for Virtual Machines and Container Services via CCE Ingress
    • User Guide for Custom CNI Plugins
    • CCE Cluster Network Description and Planning
    • Cross-Cloud Application Migration to Baidu CCE Using Velero
    • CCE Resource Recommender User Documentation
    • Continuous Deployment with Jenkins in CCE Cluster
    • CCE Best Practice-Guestbook Setup
    • CCE Best Practice-Container Network Mode Selection
    • CCE Usage Checklist
    • VPC-ENI Mode Cluster Public Network Access Practice
    • CCE Container Runtime Selection
    • Cloud-native AI
      • Elastic and Fault-Tolerant Training Using CCE AITraining Operator
      • Deploy the TensorFlow Serving inference service
      • Best Practice for GPU Virtualization with Optimal Isolation
  • FAQs
    • How do business applications use load balancer
    • Using kubectl on Windows
    • Cluster management FAQs
    • Common Questions Overview
    • Auto scaling FAQs
    • Create a simple service via kubectl
  • Operation guide
    • Prerequisites for use
    • Identity and access management
    • Permission Management
      • Configure IAM Tag Permission Policy
      • Permission Overview
      • Configure IAM Custom Permission Policy
      • Configure Predefined RBAC Permission Policy
      • Configure IAM Predefined Permission Policy
      • Configure Cluster OIDC Authentication
    • Configuration Management
      • Configmap Management
      • Secret Management
    • Traffic access
      • BLB ingress annotation description
      • Use K8S_Service via CCE
      • Use K8S_Ingress via CCE
      • Implement Canary Release with CCE Based on Nginx-Ingress
      • Create CCE_Ingress via YAML
      • LoadBalancer Service Annotation Description
      • Service Reuses Existing Load Balancer BLB
      • Use Direct Pod Mode LoadBalancer Service
      • NGINX Ingress Configuration Reference
      • Create LoadBalancer_Service via YAML
      • Use NGINX Ingress
    • Virtual Node
      • Configuring BCIPod
      • Configuring bci-profile
      • Managing virtual nodes
    • Node management
      • Add a node
      • Managing Taints
      • Setting Node Blocking
      • Setting GPU Memory Sharing
      • Remove a node
      • Customizing Kubelet Parameters
      • Kubelet Container Monitor Read-Only Port Risk Warning
      • Managing Node Tag
      • Drain node
    • Component Management
      • CCE CSI CDS Plugin Description
      • CCE Fluid Description
      • CCE CSI PFS L2 Plugin
      • CCE Calico Felix Description
      • CCE Ingress Controller Description
      • CCE QoS Agent Description
      • CCE GPU Manager Description
      • CCE Ingress NGINX Controller Description
      • CCE P2P Accelerator Description
      • CCE Virtual Kubelet Component
      • CoreDNS Description
      • CCE Log Operator Description
      • CCE Node Remedier Description
      • CCE Descheduler Description
      • CCE Dynamic Scheduling Plugin Description
      • Kube Scheduler Documentation
      • CCE NPU Manager Description
      • CCE CronHPA Controller Description
      • CCE LB Controller Description
      • Kube ApiServer Description
      • CCE Backup Controller Description
      • CCE Network Plugin Description
      • CCE CSI PFS Plugin Description
      • CCE Credential Controller Description
      • CCE Deep Learning Frameworks Operator Description
      • Component Overview
      • CCE Image Accelerate Description
      • CCE CSI BOS Plugin Description
      • CCE Onepilot Description
      • Description of Kube Controller Manager
      • CCE_Hybrid_Manager Description
      • CCE NodeLocal DNSCache Description
      • CCE Node Problem Detector Description
      • CCE Ascend Mindx DL Description
      • CCE RDMA Device Plugin Description
      • CCE AI Job Scheduler Description
    • Image registry
      • Image Registry Basic Operations
      • Using Container Image to Build Services
    • Helm Management
      • Helm Template
      • Helm Instance
    • Cluster management
      • Upgrade Cluster Kubernetes Version
      • CCE Node CDS Dilatation
      • Managed Cluster Usage Instructions
      • Create cluster
      • CCE Supports GPUSharing Cluster
      • View Cluster
      • Connect to Cluster via kubectl
      • CCE Security Group
      • CCE Node Resource Reservation Instructions
      • Operate Cluster
      • Cluster Snapshot
    • Serverless Cluster
      • Product overview
      • Using Service in Serverless Cluster
      • Creating a Serverless Cluster
    • Storage Management
      • Using Cloud File System
      • Overview
      • Using Parallel File System PFS
      • Using RapidFS
      • Using Object Storage BOS
      • Using Parallel File System PFS L2
      • Using Local Storage
      • Using Cloud Disk CDS
    • Inspection and Diagnosis
      • Cluster Inspection
      • GPU Runtime Environment Check
      • Fault Diagnosis
    • Cloud-native AI
      • Cloud-Native AI Overview
      • AI Monitoring Dashboard
        • Connecting to a Prometheus Instance and Starting a Job
        • NVIDIA Chip Resource Observation
          • AI Job Scheduler component
          • GPU node resources
          • GPU workload resources
          • GPUManager component
          • GPU resource pool overview
        • Ascend Chip Resource Observation
          • Ascend resource pool overview
          • Ascend node resource
          • Ascend workload resource
      • Task Management
        • View Task Information
        • Create TensorFlow Task
        • Example of RDMA Distributed Training Based on NCCL
        • Create PaddlePaddle Task
        • Create AI Training Task
        • Delete task
        • Create PyTorch Task
        • Create Mxnet Task
      • Queue Management
        • Modify Queue
        • Create Queue
        • Usage Instructions for Logical Queues and Physical Queues
        • Queue deletion
      • Dataset Management
        • Create Dataset
        • Delete dataset
        • View Dataset
        • Operate Dataset
      • AI Acceleration Kit
        • AIAK Introduction
        • Using AIAK-Training PyTorch Edition
        • Deploying Distributed Training Tasks Using AIAK-Training
        • Accelerating Inference Business Using AIAK-Inference
      • GPU Virtualization
        • GPU Exclusive and Shared Usage Instructions
        • Image Build Precautions in Shared GPU Scenarios
        • Instructions for Multi-GPU Usage in Single-GPU Containers
        • GPU Virtualization Adaptation Table
        • GPU Online and Offline Mixed Usage Instructions
        • MPS Best Practices & Precautions
        • Precautions for Disabling Node Video Memory Sharing
    • Elastic Scaling
      • Container Timing Horizontal Scaling (CronHPA)
      • Container Horizontal Scaling (HPA)
      • Implementing Second-Level Elastic Scaling with cce-autoscaling-placeholder
      • CCE Cluster Node Auto-Scaling
    • Network Management
      • How to Continue Dilatation When Container Network Segment Space Is Exhausted (VPC-ENI Mode)
      • Container Access to External Services in CCE Clusters
      • CCE supports dual-stack networks of IPv4 and IPv6
      • Using NetworkPolicy Network Policy
      • Traffic Forwarding Configuration for Containers in Peering Connections Scenarios
      • CCE IP Masquerade Agent User Guide
      • Creating VPC-ENI Mode Cluster
      • How to Continue Dilatation When Container Network Segment Space Is Exhausted (VPC Network Mode)
      • Using NetworkPolicy in CCE Clusters
      • Network Orchestration
        • Container Network QoS Management
        • VPC-ENI Specified Subnet IP Allocation (Container Network v2)
        • Cluster Pod Subnet Topology Distribution (Container Network v2)
      • Network Connectivity
        • Container network accesses the public network via NAT gateway
      • Network Maintenance
        • Common Error Code Table for CCE Container Network
      • DNS
        • CoreDNS Component Manual Dilatation Guide
        • DNS Troubleshooting Guide
        • DNS Principle Overview
    • Namespace Management
      • Set Limit Range
      • Set Resource Quota
      • Basic Namespace Operations
    • Workload
      • CronJob Management
      • Set Workload Auto-Scaling
      • Deployment Management
      • Job Management
      • View the Pod
      • StatefulSet Management
      • Password-Free Pull of Container Image
      • Create Workload Using Private Image
      • DaemonSet Management
    • Monitor Logs
      • Monitor Cluster with Prometheus
      • CCE Event Center
      • Cluster Service Profiling
      • CCE Cluster Anomaly Event Alerts
      • Java Application Monitor
      • Cluster Audit Dashboard
      • Logging
      • Cluster Audit
      • Log Center
        • Configure Collection Rules Using CRD
        • View Cluster Control Plane Logs
        • View Business Logs
        • Log Overview
        • Configure Collection Rules in Cloud Container Engine Console
    • Application management
      • Overview
      • Secret
      • Configuration dictionary
      • Deployment
      • Service
      • Pod
    • NodeGroup Management
      • NodeGroup Management
      • NodeGroup Node Fault Detection and Self-Healing
      • Configuring Scaling Policies
      • NodeGroup Introduction
      • Adding Existing External Nodes
      • Custom NodeGroup Kubelet Configuration
      • Adding Alternative Models
      • Dilatation NodeGroup
    • Backup Center
      • Restore Management
      • Backup Overview
      • Backup Management
      • Backup repository
  • Quick Start
    • Quick Deployment of Nginx Application
    • CCE Container Engine Usage Process Overview
  • Product pricing
    • Product pricing
  • Product Description
    • Application scenarios
    • Introduction
    • Usage restrictions
    • Features
    • Advantages
    • Core concepts
  • Solution-Fabric
    • Fabric Solution
  • Development Guide
    • EFK Log Collection System Deployment Guide
    • Using Network Policy in CCE Cluster
    • Creating a LoadBalancer-Type Service
    • Prometheus Monitoring System Deployment Guide
    • kubectl Management Configuration
  • API_V2 Reference
    • Overview
    • Common Headers and Error Responses
    • Cluster Related Interfaces
    • Instance Related Interfaces
    • Service domain
    • General Description
    • Kubeconfig Related Interfaces
    • RBAC Related Interfaces
    • Autoscaler Related Interfaces
    • Network Related Interfaces
    • InstanceGroup Related Interfaces
    • Appendix
    • Component management-related APIs
    • Package adaptation-related APIs
    • Task Related Interfaces
  • Solution-Xchain
    • Hyperchain Solution
  • SDK
    • Go-SDK
      • Overview
      • NodeGroup Management
      • Initialization
      • Install the SDK Package
      • Cluster management
      • Node management
All documents
menu
No results found, please re-enter

CCE CCE

  • Function Release Records
  • Common Tools
    • Command Line Scenario Examples
  • API Reference
    • Overview
    • Common Headers and Error Responses
    • General Description
  • Product Announcement
    • Announcement on the Discontinuation of CCE Standalone Clusters
    • CCE New Cluster Management Release Announcement
    • Upgrade Announcement for CCE Cluster Audit Component kube-external-auditor
    • CCE Console Upgrade Announcement
    • Announcement on Management Fees for CCE Managed Clusters
    • Container Runtime Version Release Notes
    • Announcement on the Decommissioning of CCE Image Repository
    • Kubernetes Version Release Notes
      • CCE Release of Kubernetes v1_26 History
      • CCE Kubernetes Version Update Notes
      • CCE Release of Kubernetes v1_24 History
      • CCE Release of Kubernetes v1_30 History
      • CCE Release of Kubernetes v1_22 History
      • CCE Release of Kubernetes v1_18 History
      • CCE Release of Kubernetes v1_20 History
      • CCE Release of Kubernetes v1_28 History
      • Release Notes for CCE Kubernetes 1_31 Version
      • Kubernetes Version Overview and Mechanism
    • Security Vulnerability Fix Announcement
      • Vulnerability CVE-2019-5736 Fix Announcement
      • Vulnerability CVE-2021-30465 Fix Announcement
      • CVE-2025-1097, CVE-2025-1098, and Other Vulnerabilities Fix Announcement
      • CVE-2020-14386 Vulnerability Fix Announcement
      • Impact Statement on runc Security Issue (CVE-2024-21626)
  • Service Level Agreement (SLA)
    • CCE Service Level Agreement SLA (V1_0)
  • Typical Practices
    • Pod Anomaly Troubleshooting
    • Adding CGroup V2 Node
    • Common Linux System Configuration Parameters Description
    • Encrypting etcd Data Using KMS
    • Configuring Container Network Parameters Using CNI
    • CCE - Public Network Access Practice
    • Practice of using private images in CCE clusters
    • Unified Access for Virtual Machines and Container Services via CCE Ingress
    • User Guide for Custom CNI Plugins
    • CCE Cluster Network Description and Planning
    • Cross-Cloud Application Migration to Baidu CCE Using Velero
    • CCE Resource Recommender User Documentation
    • Continuous Deployment with Jenkins in CCE Cluster
    • CCE Best Practice-Guestbook Setup
    • CCE Best Practice-Container Network Mode Selection
    • CCE Usage Checklist
    • VPC-ENI Mode Cluster Public Network Access Practice
    • CCE Container Runtime Selection
    • Cloud-native AI
      • Elastic and Fault-Tolerant Training Using CCE AITraining Operator
      • Deploy the TensorFlow Serving inference service
      • Best Practice for GPU Virtualization with Optimal Isolation
  • FAQs
    • How do business applications use load balancer
    • Using kubectl on Windows
    • Cluster management FAQs
    • Common Questions Overview
    • Auto scaling FAQs
    • Create a simple service via kubectl
  • Operation guide
    • Prerequisites for use
    • Identity and access management
    • Permission Management
      • Configure IAM Tag Permission Policy
      • Permission Overview
      • Configure IAM Custom Permission Policy
      • Configure Predefined RBAC Permission Policy
      • Configure IAM Predefined Permission Policy
      • Configure Cluster OIDC Authentication
    • Configuration Management
      • Configmap Management
      • Secret Management
    • Traffic access
      • BLB ingress annotation description
      • Use K8S_Service via CCE
      • Use K8S_Ingress via CCE
      • Implement Canary Release with CCE Based on Nginx-Ingress
      • Create CCE_Ingress via YAML
      • LoadBalancer Service Annotation Description
      • Service Reuses Existing Load Balancer BLB
      • Use Direct Pod Mode LoadBalancer Service
      • NGINX Ingress Configuration Reference
      • Create LoadBalancer_Service via YAML
      • Use NGINX Ingress
    • Virtual Node
      • Configuring BCIPod
      • Configuring bci-profile
      • Managing virtual nodes
    • Node management
      • Add a node
      • Managing Taints
      • Setting Node Blocking
      • Setting GPU Memory Sharing
      • Remove a node
      • Customizing Kubelet Parameters
      • Kubelet Container Monitor Read-Only Port Risk Warning
      • Managing Node Tag
      • Drain node
    • Component Management
      • CCE CSI CDS Plugin Description
      • CCE Fluid Description
      • CCE CSI PFS L2 Plugin
      • CCE Calico Felix Description
      • CCE Ingress Controller Description
      • CCE QoS Agent Description
      • CCE GPU Manager Description
      • CCE Ingress NGINX Controller Description
      • CCE P2P Accelerator Description
      • CCE Virtual Kubelet Component
      • CoreDNS Description
      • CCE Log Operator Description
      • CCE Node Remedier Description
      • CCE Descheduler Description
      • CCE Dynamic Scheduling Plugin Description
      • Kube Scheduler Documentation
      • CCE NPU Manager Description
      • CCE CronHPA Controller Description
      • CCE LB Controller Description
      • Kube ApiServer Description
      • CCE Backup Controller Description
      • CCE Network Plugin Description
      • CCE CSI PFS Plugin Description
      • CCE Credential Controller Description
      • CCE Deep Learning Frameworks Operator Description
      • Component Overview
      • CCE Image Accelerate Description
      • CCE CSI BOS Plugin Description
      • CCE Onepilot Description
      • Description of Kube Controller Manager
      • CCE_Hybrid_Manager Description
      • CCE NodeLocal DNSCache Description
      • CCE Node Problem Detector Description
      • CCE Ascend Mindx DL Description
      • CCE RDMA Device Plugin Description
      • CCE AI Job Scheduler Description
    • Image registry
      • Image Registry Basic Operations
      • Using Container Image to Build Services
    • Helm Management
      • Helm Template
      • Helm Instance
    • Cluster management
      • Upgrade Cluster Kubernetes Version
      • CCE Node CDS Dilatation
      • Managed Cluster Usage Instructions
      • Create cluster
      • CCE Supports GPUSharing Cluster
      • View Cluster
      • Connect to Cluster via kubectl
      • CCE Security Group
      • CCE Node Resource Reservation Instructions
      • Operate Cluster
      • Cluster Snapshot
    • Serverless Cluster
      • Product overview
      • Using Service in Serverless Cluster
      • Creating a Serverless Cluster
    • Storage Management
      • Using Cloud File System
      • Overview
      • Using Parallel File System PFS
      • Using RapidFS
      • Using Object Storage BOS
      • Using Parallel File System PFS L2
      • Using Local Storage
      • Using Cloud Disk CDS
    • Inspection and Diagnosis
      • Cluster Inspection
      • GPU Runtime Environment Check
      • Fault Diagnosis
    • Cloud-native AI
      • Cloud-Native AI Overview
      • AI Monitoring Dashboard
        • Connecting to a Prometheus Instance and Starting a Job
        • NVIDIA Chip Resource Observation
          • AI Job Scheduler component
          • GPU node resources
          • GPU workload resources
          • GPUManager component
          • GPU resource pool overview
        • Ascend Chip Resource Observation
          • Ascend resource pool overview
          • Ascend node resource
          • Ascend workload resource
      • Task Management
        • View Task Information
        • Create TensorFlow Task
        • Example of RDMA Distributed Training Based on NCCL
        • Create PaddlePaddle Task
        • Create AI Training Task
        • Delete task
        • Create PyTorch Task
        • Create Mxnet Task
      • Queue Management
        • Modify Queue
        • Create Queue
        • Usage Instructions for Logical Queues and Physical Queues
        • Queue deletion
      • Dataset Management
        • Create Dataset
        • Delete dataset
        • View Dataset
        • Operate Dataset
      • AI Acceleration Kit
        • AIAK Introduction
        • Using AIAK-Training PyTorch Edition
        • Deploying Distributed Training Tasks Using AIAK-Training
        • Accelerating Inference Business Using AIAK-Inference
      • GPU Virtualization
        • GPU Exclusive and Shared Usage Instructions
        • Image Build Precautions in Shared GPU Scenarios
        • Instructions for Multi-GPU Usage in Single-GPU Containers
        • GPU Virtualization Adaptation Table
        • GPU Online and Offline Mixed Usage Instructions
        • MPS Best Practices & Precautions
        • Precautions for Disabling Node Video Memory Sharing
    • Elastic Scaling
      • Container Timing Horizontal Scaling (CronHPA)
      • Container Horizontal Scaling (HPA)
      • Implementing Second-Level Elastic Scaling with cce-autoscaling-placeholder
      • CCE Cluster Node Auto-Scaling
    • Network Management
      • How to Continue Dilatation When Container Network Segment Space Is Exhausted (VPC-ENI Mode)
      • Container Access to External Services in CCE Clusters
      • CCE supports dual-stack networks of IPv4 and IPv6
      • Using NetworkPolicy Network Policy
      • Traffic Forwarding Configuration for Containers in Peering Connections Scenarios
      • CCE IP Masquerade Agent User Guide
      • Creating VPC-ENI Mode Cluster
      • How to Continue Dilatation When Container Network Segment Space Is Exhausted (VPC Network Mode)
      • Using NetworkPolicy in CCE Clusters
      • Network Orchestration
        • Container Network QoS Management
        • VPC-ENI Specified Subnet IP Allocation (Container Network v2)
        • Cluster Pod Subnet Topology Distribution (Container Network v2)
      • Network Connectivity
        • Container network accesses the public network via NAT gateway
      • Network Maintenance
        • Common Error Code Table for CCE Container Network
      • DNS
        • CoreDNS Component Manual Dilatation Guide
        • DNS Troubleshooting Guide
        • DNS Principle Overview
    • Namespace Management
      • Set Limit Range
      • Set Resource Quota
      • Basic Namespace Operations
    • Workload
      • CronJob Management
      • Set Workload Auto-Scaling
      • Deployment Management
      • Job Management
      • View the Pod
      • StatefulSet Management
      • Password-Free Pull of Container Image
      • Create Workload Using Private Image
      • DaemonSet Management
    • Monitor Logs
      • Monitor Cluster with Prometheus
      • CCE Event Center
      • Cluster Service Profiling
      • CCE Cluster Anomaly Event Alerts
      • Java Application Monitor
      • Cluster Audit Dashboard
      • Logging
      • Cluster Audit
      • Log Center
        • Configure Collection Rules Using CRD
        • View Cluster Control Plane Logs
        • View Business Logs
        • Log Overview
        • Configure Collection Rules in Cloud Container Engine Console
    • Application management
      • Overview
      • Secret
      • Configuration dictionary
      • Deployment
      • Service
      • Pod
    • NodeGroup Management
      • NodeGroup Management
      • NodeGroup Node Fault Detection and Self-Healing
      • Configuring Scaling Policies
      • NodeGroup Introduction
      • Adding Existing External Nodes
      • Custom NodeGroup Kubelet Configuration
      • Adding Alternative Models
      • Dilatation NodeGroup
    • Backup Center
      • Restore Management
      • Backup Overview
      • Backup Management
      • Backup repository
  • Quick Start
    • Quick Deployment of Nginx Application
    • CCE Container Engine Usage Process Overview
  • Product pricing
    • Product pricing
  • Product Description
    • Application scenarios
    • Introduction
    • Usage restrictions
    • Features
    • Advantages
    • Core concepts
  • Solution-Fabric
    • Fabric Solution
  • Development Guide
    • EFK Log Collection System Deployment Guide
    • Using Network Policy in CCE Cluster
    • Creating a LoadBalancer-Type Service
    • Prometheus Monitoring System Deployment Guide
    • kubectl Management Configuration
  • API_V2 Reference
    • Overview
    • Common Headers and Error Responses
    • Cluster Related Interfaces
    • Instance Related Interfaces
    • Service domain
    • General Description
    • Kubeconfig Related Interfaces
    • RBAC Related Interfaces
    • Autoscaler Related Interfaces
    • Network Related Interfaces
    • InstanceGroup Related Interfaces
    • Appendix
    • Component management-related APIs
    • Package adaptation-related APIs
    • Task Related Interfaces
  • Solution-Xchain
    • Hyperchain Solution
  • SDK
    • Go-SDK
      • Overview
      • NodeGroup Management
      • Initialization
      • Install the SDK Package
      • Cluster management
      • Node management
  • Document center
  • arrow
  • CCECCE
  • arrow
  • Operation guide
  • arrow
  • Cluster management
  • arrow
  • Connect to Cluster via kubectl
Table of contents on this page
  • Connect the Kubernetes cluster via kubectl
  • Prerequisites
  • Operation steps

Connect to Cluster via kubectl

Updated at:2025-10-27

Connect the Kubernetes cluster via kubectl

To connect from a personal computer to the Baidu AI Cloud Kubernetes Cluster, use the Kubernetes CLI tool, kubectl. Kubectl is a command-line tool provided by Kubernetes to manage and monitor cluster resources, deploy applications, debug issues, and more. It allows for seamless cluster management through the command line. There are two modes of access:

  • Intranet access: The client communicates with the cluster's API Server through an intranet IP address. This method avoids Internet traffic, enhancing security.
  • Public access: The cluster's API Server is accessible over the Internet, allowing clients to connect via public IP. Note: Enabling this requires activating public access for the API Server.

Prerequisites

  • A cluster has been created. For specific operations, please refer to Create Cluster.

Operation steps

To connect to a cluster using kubectl, first install kubectl on your local machine. Then, download the kubectl configuration file from your cluster, copy it to the appropriate directory on your computer, and complete the configuration. Below are the steps for accessing a CCE cluster via kubectl:

Note:

The operational steps in this guide are based on a Linux environment.

  1. Download kubectl
    You need to prepare a client computer with public network access permission. Refer to Installation Tools to find the corresponding steps for downloading kubectl based on the machine’s OS. If kubectl is already installed, skip this step. Execute the kubectl version command to verify installation status.
    Note: Download the kubectl version matching your cluster version. Refer to the image below for cluster version.

    Screenshot 5/27/2025 5.32.56 PM.png

  2. Download cluster credentials
    Check cluster credentials in the cluster list or in the cluster details page

a. VPC access credentials: In the cluster credentials pop-up window, select VPC access credentials, click Download Long-term Access Credentials or Download Temporary Access Credentials to obtain the cluster’s private network access credentials.
image.png

b. Public access credentials: In the cluster connection module under the basic information tab of the cluster, check whether API Server public access is enabled. If API Server public access is disabled, please enable it. In the cluster credentials pop-up window, select public network access credentials, click Download Long-term Access Credentials or Download Temporary Access Credentials to download the cluster’s public network access credentials.
image.png

  1. Configure kubectl: Save the downloaded cluster credentials in the default configuration path of kubectl.
    a. Log in to your client computer and copy the access credential file downloaded in Step 3 (e.g., kubeconfig.yaml) to the /home directory of your client computer.
    b. Configure the kubectl file.

    Plain Text 
    1```
2cd $HOME
3mkdir -p $HOME/.kube
4mv -f kubeconfig.yaml $HOME/.kube/config
5```

    c. Switch the kubectl access mode according to your specific usage scenarios.

    Plain Text 
    1*  For VPC intranet access, execute:
2
3```
4kubectl config use-context internal
5```
6 *  For Internet access (the cluster must be bound to a public address), execute:
7
8```
9kubectl config use-context external
10```

  2. After completing the configuration, execute the following command on your local machine to confirm the connection to the cluster using kubectl.

    Plain Text 
    1```
2kubectl cluster-info    # View the cluster information
3```

    If the echo result is displayed below, the client can successfully connect to the cluster via kubectl.

Plain Text 
1    Kubernetes control plane is running at https://xx.xx.xx.xx:5443
2    CoreDNS is running at https://xx.xx.xx.xx:5443/api/v1/namespaces/kube-system/services/coredns:dns/proxy
3    To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
4    ```
5
6
7## Create a simple service via kubectl
8
9### Create an Nginx application
10
11This command assumes that the kubectl command-line interface is already in the PATH and that you have permissions to operate the Kubernetes cluster (i.e., you have completed the setup to connect to the Kubernetes cluster via kubectl). Enter the following commands:
12
13    kubectl create deployment  my-nginx --image=registry.baidubce.com/cce/nginx-alpine-go:latest --replicas=3 --port=80
14
15This command will create three nginx containers, each exposing port 80.  
16
17The command to check the status of the created nginx container is as follows:
18
19    $ kubectl get pods
20    NAME                       READY     STATUS    RESTARTS   AGE
21    my-nginx-858393261-pfjdn   1/1       Running   0          14s
22    my-nginx-858393261-sn7g5   1/1       Running   0          14s
23    my-nginx-858393261-spv8w   1/1       Running   0          14s
24
25> **Note:**
26>  The symbol "$" represents the input command, while other lines represent the container information displayed after entering the command.
27
28### Expose service to the internet
29
30**Create service**
31
32In a public cloud environment, you can create a service of LoadBalancer by entering a command. This will also trigger the public cloud to create a load balancer and a public IP. The specific operation command is as follows:
33
34    kubectl expose deployment my-nginx --port=80 --type=LoadBalancer
35
36> **Note:**
37>
38> Load Balancer: virtualizes multiple Baidu Cloud Computes in the same region into a group, assigns an intranet or internet service address, and distributes concurrent front-end access to multiple real cloud servers, thus achieving balancing application traffic. You can obtain the public network IP of the service by querying the service. Then, find the BLB instance you created on the Baidu Load Balance (BLB) page in the Baidu AI Cloud console. For its pricing standards, refer to [Baidu Load Balance (BLB) Pricing](https://cloud.baidu.com/doc/BLB/s/Wkwn5lral).
39>  Public IP: A standalone service that provides users with public network bandwidth. You can query the public IP address you created by [viewing the service](CCE/Development Guide/kubectl Management Configuration.md#View service). For its pricing standards, refer to [Elastic Public IP (EIP) Pricing](EIP/Product pricing/EIP Instance Billing.md). By default, the billing method is postpay.
40
41**View service**
42
431. Run the command to check the service, along with its status and the assigned public IP.
44
45
46    ```
47    $ kubectl get services
48    NAME         CLUSTER-IP    EXTERNAL-IP      PORT(S)        AGE
49    kubernetes   172.17.0.1    <none>           443/TCP        1h
50    my-nginx     172.17.44.5   180.76.139.247   80:30356/TCP   47s
51    ```
52
532. By accessing the link 180.76.139.247, the created service can be viewed as shown in the figure:
54
55   ![](https://doc.bce.baidu.com/bce-documentation/CCE/ds11.PNG)
56
57> **Note:**
58>  The symbol "$" represents the input command, while other lines display the service information after entering the command. Here, 180.76.139.247 is the internet service URL.
59>  In addition to using the above commands to enable load balancing for the service, you can also create the service via the dashboard. For detailed operations, refer to [Create a Service via Kubernetes Dashboard](https://cloud.baidu.com/doc/CCE/s/6jxpotcn5#%E9%80%9A%E8%BF%87kubernetes-dashboard%E5%88%9B%E5%BB%BA%E6%9C%8D%E5%8A%A1).
60
61**Delete service**
62
63If you need to delete the service and ensure it is not exposed to the public network, you can directly remove it.
64
65    kubectl delete svc my-nginx
66
67> **Note:**
68>
69> Kubernetes will delete the newly generated public IP and load balancer, followed by the removal of the service.
70
71## Access the Kubernetes dashboard (Web UI) locally
72
73**Prerequisites**
74
75Before using the Kubernetes dashboard locally, users must configure kubectl to connect to the Baidu AI Cloud Kubernetes cluster.
76
77**Operation step**
78
791. Create the dashboard service locally by using the kubectl tool to set up a dashboard application within the Kubernetes cluster.

$ kubectl create -f dashboard.yaml secret "kubernetes-dashboard-certs" created serviceaccount "kubernetes-dashboard" created clusterrolebinding "kubernetes-dashboard" created deployment "kubernetes-dashboard" created service "kubernetes-dashboard" created

Plain Text 
1The corresponding dashboard.yaml file is:

apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque

apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system

apiVersion: v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects:

  • kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system

kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: registry.baidubce.com/public/dashboard:v1.8.3-caas ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule

kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard

Plain Text 
12. After creating the dashboard, use the kubectl proxy command to start a proxy and establish a connection to the Kubernetes API Server.

kubectl proxy

Plain Text 
13. After successfully enabling the proxy, you can access <http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login> your local browser. Log in to the dashboard, select token authentication. The method to create a token is as follows, and the returned result can be used as the token for login.

$ kubectl -n kube-system create token kubernetes-dashboard
eyJhbGciOiJSUzI1NiIsImtpZCI6ImREUzFpaHRJYnBLTV9jX1dmb05Bb2oxMXU0RE92QnhuejZ1WXJSYWo5MUEifQ.eyJhdWQiOlsia3ViZXJuZXRlcy5kZWZhdWx0LnN2YyJdLCJleHAiOjE3NDgzNDM0OTAsImlhdCI6MTc0ODMzOTg5MCwiaXNzIjoiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJqdGkiOiJiM2Y1NGY0Yy0wNzExLTQzZmItYjdjNy1iOGQ2ZGIwNmU4ODYiLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6Imt1YmUtc3lzdGVtIiwic2VydmljZWFjY291bnQiOnsibmFtZSI6ImNjZS12b2xjYW5vLWFkbWlzc2lvbiIsInVpZCI6IjJmOWVjYmMzLTAwMDItNDc3Zi05N2YzLThiMjkyODEwYWIwOSJ9fSwibmJmIjoxNzQ4MzM5ODkwLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06Y2NlLXZvbGNhbm8tYWRtaXNzaW9uIn0.bOw0vDkl2Q52H5Wa8X4N5QWlz3hOTGCK-ZkwSVT5A2gu0Qi2GjVKJPN00K4t19AXobzDmjIG-JEydVBN1n4SQ4GkW6_T_3lpwOV-P8JcAspTSi-0fHC5lR64TKVhS-HXNRECD2Z11K2eQuoZR0hP887sCGmuX1Xz6kb12YkBxuZgDaGEHS7fiVi67xTey2B2kYAzibn4KZfMBqLOBzmZ_aM2O_iWjUJ8isgwvwce5DAf8KT8YNsCW2pd6z7kaq-RWqmxUizXK3sFzvxoK4RLwGj1G1OSMpw6cFH0sLFuzR-gyIFLBOK9oyEsNnHhiqlpnBzVuamBpzwCLvvuwHVkKQ

Plain Text 
1![Screenshot 5/9/2025 6.09.58 PM.png](https://bce.bdstatic.com/doc/bce-doc/CCE/%E6%88%AA%E5%B1%8F2025-05-09%2018.09.58_c27eab9.png)
2
3> **Note:**
4>
5> Localhost refers to the user's local machine (not a virtual machine), with the corresponding IP address of 127.0.0.1
6
74. Once logged in successfully, the dashboard page will be displayed as shown below.
8<br>
9 ![](https://doc.bce.baidu.com/bce-documentation/CCE/ds12.png)
10
11## Create a service via Kubernetes dashboard
12
131.  After completing the setup for local access to the Kubernetes Dashboard (Web UI), go to the Dashboard page and click Create in the upper right corner to start creating the service;<br>
14
15     ![](https://doc.bce.baidu.com/bce-documentation/CCE/ds13.png)
16
172.  On the Create Application page, enter the name of the application to be created, the container image, and the number of pods;<br>
18
19     ![](https://doc.bce.baidu.com/bce-documentation/CCE/ds14.png)
20
213.  For the service type, select External. The system will automatically create an EIP and a BLB in the background. Configure ports: Enter 80 for both the service port and target port; select TCP as the protocol. Click the Deploy button to start creating the service;<br>
22
23    ![](https://doc.bce.baidu.com/bce-documentation/CCE/ds15.png)
24
254.  Wait for the service to be created successfully (you need to refresh the page manually);<br>
26
27    ![](https://doc.bce.baidu.com/bce-documentation/CCE/ds16.png)
28
295.  On the success page, click Services to enter the service page;<br>
30
31    ![](https://doc.bce.baidu.com/bce-documentation/CCE/ds17.png)
32
336.  This page will display the Internet address of the service;<br>
34
35    ![](https://doc.bce.baidu.com/bce-documentation/CCE/ds18.png)
36
377.  Enter the Internet address in a browser - if the service page is displayed, the service is created successfully;<br>
38
39    ![](https://doc.bce.baidu.com/bce-documentation/CCE/ds19.png)
40
41## Create a service using a private image
42
43If you need to use a private image, you must first configure [ImagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#bypassing-kubectl-create-secrets), and specify this ImagePullSecrets in the resource to be created. The following is a brief introduction to the creation steps. For more detailed information about ImagePullSecrets, refer to [the Official Kubernetes Documentation](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config).
44
451. Create ImagePullSecrets via kubectl
46
47      First, you need the username and password for your private registry. Use the following command to create an ImagePullSecret named `myregistrykey`
48
49    ```
50    $ kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
51    secret "myregistrykey" created.
52    ```
53
542. Use the ImagePullSecret in the resource to be created
55
56      For example, the following pod YAML file specifies that the pod uses the private image `registry.baidubce.com/private-online/awesomeapp:v1`, and pulls the image from the registry using the imagePullSecrets `myregistrykey`.
57
58          apiVersion: v1
59          kind: Pod
60          metadata:
61            name: foo
62            namespace: awesomeapps
63          spec:
64            containers:
65              - name: foo
66                image: registry.baidubce.com/private-online/awesomeapp:v1
67            imagePullSecrets:
68              - name: myregistrykey
69
70
713. Specify ImagePullSecrets for service creation in the dashboard
72
73      After successfully creating ImagePullSecrets via kubectl, you can also select to use the ImagePullSecret when creating an application in the dashboard.
74       For example, in the following scenario: <br>
75
76            ![](https://doc.bce.baidu.com/bce-documentation/CCE/c4647392bb3a9f523c2e7e12fb3901f2cb7f415b.png)
77
78<br>
79 We selected the previously created `myregistrykey` for the application to be created. This allows Kubernetes to have permission to pull the image from the private registry.
80
81## Use kubectl on Windows
82
831.   After creating a cluster, download the Windows version of the kubectl tool, such as the 64-bit tool as follows:
84<br>
85     ![](https://doc.bce.baidu.com/bce-documentation/CCE/18d64e55f26444a23d5c7d7c7cb4f6cdaeff9974.png)
86
87   > **Note:**
88   >  > Before downloading kubectl, users need to sign in to their server and use the command `kubectl version` to check the version No. of their created cluster, and then select the corresponding kubectl version to download. For example, if the user's cluster version is 1.8, the kubectl to be downloaded should also be version 1.8. The download link is <https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/README.md>. Users should download the corresponding version of the tool based on their cluster version.
89
902.   After downloading, extract it to any directory, such as placing it under the D drive
91<br>
92     ![](https://doc.bce.baidu.com/bce-documentation/CCE/8c46441090a055ea6440bf267dc304a44e4d9cc3.png)
93
943.   Navigate to the user folder under the directory `C:\users\`. For example, if the user name is foo, the folder should be `C:\users\foo`. And then, enter this directory and create the folder `.kube`
95<br>
96
97     ![](https://doc.bce.baidu.com/bce-documentation/CCE/9cf7c49990253d7bae5f3e475e41b7e03dd3447f.png)
98
994.    On the cluster list page, download the cluster configuration file, place it in the `.kube` folder created in the previous step, and rename it to `config`
100<br>
101
102      ![](https://doc.bce.baidu.com/bce-documentation/CCE/9e758cb188f8d1cb7ba71d026a693e16bb198557.png)
103
1045.   Open the Windows command prompt
105<br>  
106      ![](https://doc.bce.baidu.com/bce-documentation/CCE/eff16c12b649b962e8957bc2726cd473fcc99660.png)
107
1086.   Navigate to the directory containing kubectl files and run `kubectl.exe get node` to view cluster nodes.
109<br>
110
111      ![](https://doc.bce.baidu.com/bce-documentation/CCE/0d84469d4e5565027058fdf595e6575b67cb2ebb.png)
112
1137.   In the same directory, create a dashboard.yaml file with the content from the aforementioned dashboard.yaml, for example, it can be created using text editor:
114<br>
115
116      ![](https://doc.bce.baidu.com/bce-documentation/CCE/1bc1c104ceca1a4bb5d7caa68533091d1546d451.png)
117
1188.   And then enter `kubectl.exe create -f dashboard.yaml` to create dashboard
119<br>
120
121      ![](https://doc.bce.baidu.com/bce-documentation/CCE/3f831d71fd31e51318b2e78bcc51c76274437abc.png)
122
1239.   Use the `kubectl.exe get pod --all-namespaces` command to check if the creation is successful
124<br>
125
126      ![](https://doc.bce.baidu.com/bce-documentation/CCE/e1ab574960e4085291d65a7996745a1607f506d6.png)
127
12810.   Enter `kubectl.exe proxy` to open proxy, and then access dashboard via `127.0.0.1:8001/ui` in browsers
129<br>  
130      ![](https://doc.bce.baidu.com/bce-documentation/CCE/bb7a5980bdc2e1f0e8ba61443c4e347335173296.png)
131<br>  
132      ![](https://doc.bce.baidu.com/bce-documentation/CCE/87c96ce58f8e2045657dcc499481cb36d663d77e.png)

Previous
View Cluster
Next
CCE Security Group