search

LAB06: Play with Cluster

hashtag
LAB15 Play with cluster

Changing the Kubernetes cluster name (the one shown in kubeconfig as cluster: kubernetes) to an FQDN such as prod-k8s.xyz depends on whether your cluster is:

kubeadm-created clusterself-managed control planeManaged clusters (EKS, AKS, GKE) → not possible (fixed by provider)

Below are the exact methods.

hashtag
If You Are Using kubeadm (MOST COMMON)

hashtag
The cluster name is embedded in these places:

  1. /etc/kubernetes/kubeadm-config.yaml (ClusterConfiguration)

  2. /etc/kubernetes/*.conf (Admin/kubelet kubeconfigs)

  3. /root/.kube/config and your local kubeconfigs

You cannot just edit it live — kubeadm generates certificates with the cluster name & FQDN.

Two possible approaches:

hashtag
🅰️ (Recommended) Use kubeadm to Reconfigure the Cluster Name

hashtag
Step 1: Edit your kubeadm config file

Check if it exists:

Look for:

Modify it to:

hashtag
Step 2: Apply kubeadm upgrades

OR for initial cluster-created config:

hashtag
Step 3: Regenerate kubeconfigs

This regenerates:

  • /etc/kubernetes/admin.conf

  • /etc/kubernetes/controller-manager.conf

  • /etc/kubernetes/scheduler.conf

  • /var/lib/kubelet/kubeconfig

hashtag
Step 4: Replace your local kubeconfig

hashtag
🅱️ (Unsafe but Works) Manually Change Kubeconfig Cluster Name

If you only want kubeconfig to DISPLAY the FQDN (not cluster identity):

Edit your kubeconfig:

Find:

Change to:

Also update the context:

This DOES NOT modify the cluster internally—it only changes kubeconfig display.

✔ Works ✔ No downtime ❌ Does not change internal kubeadm cluster name

hashtag
🅲️ Full Reinstall (Only if You Want Clean & Correct Setup)

During kubeadm init, you can set:

In kubeadm-config.yaml:

This gives the cleanest result.

hashtag
⚡ SUMMARY

Method
Changes Internal Cluster Name?
Changes Kubeconfig?
Risk

A. kubeadm reconfigure (recommended)

✔ Yes

✔ Yes

Low

B. Manual kubeconfig edit

❌ No

✔ Yes

None

C. Reinstall (cleanest)

✔ Yes

✔ Yes

Medium/High

kube-public is one of the three system namespaces Kubernetes creates automatically:

  • kube-system

  • kube-public

  • kube-node-lease

Among these, kube-public is the only namespace that is readable by everyone (unauthenticated access).

hashtag
Purpose of kube-public Namespace

hashtag
1. Publicly readable, cluster-wide information

Kubernetes uses kube-public for storing information that should be accessible to all users, including those who are not authenticated.

This is mainly for:

  • Bootstrapping new clients

  • Sharing cluster-level public data

  • Testing access

Kubernetes defines an RBAC rule allowing unauthenticated read access to this namespace.

hashtag
What is stored there by default?

Typically only one important ConfigMap:

hashtag
📌 kube-public/cluster-info ConfigMap

This contains public cluster configuration, such as:

  • Public CA certificate

  • API server endpoint

  • Information required for kubeadm join

It helps worker nodes bootstrap securely.

hashtag
Why keep it public?

Because:

  • Joining nodes need the cluster's CA cert

  • Users who need kubeconfig may read public CA

  • During bootstrap, unauthenticated clients cannot yet authenticate

So Kubernetes makes this namespace globally readable but not writable.

hashtag
Security Implications

✔ Safe — it contains only public data ❌ Do NOT store secrets here ✔ Kubernetes protects it: only admins can write inside it

hashtag
Summary

Namespace
Purpose

kube-system

System pods (kube-dns, controller-manager, scheduler, CNI)

kube-public

Public, read-only cluster info (CA cert, cluster-info)

kube-node-lease

Heartbeats and node leases

hashtag
Typical usage (admins):

PreviousBLOG06: Containerization ConceptsNextBLOG07: What is Kubernetes Operator

Last updated