Skip to main content

Connect to a Cluster

After a cluster reaches the Running state, connect to it with kubectl using the cluster's kubeconfig file, and optionally open the Kubernetes Dashboard with a token.

You download the kubeconfig and token from the cluster's Cluster Details tab. See Cluster Details for the full tab reference.

Prerequisites

  • A cluster in the Running state.
  • kubectl installed on your machine. Follow the official install guide.
  • A security group on the cluster that allows TCP port 6443 (the Kubernetes API server port). Without it, kubectl cannot reach the cluster.

Download the Kubeconfig

  1. Open Compute > Kubernetes and select your cluster.
  2. On the Cluster Details tab, find the Kubeconfig field.
  3. Select Download to save <cluster-name>-kubeconfig.yaml to your machine.

Use the file with kubectl by passing --kubeconfig, or set the KUBECONFIG environment variable:

export KUBECONFIG="$(pwd)/<cluster-name>-kubeconfig.yaml"
kubectl get nodes

Open the Kubernetes Dashboard

The cluster ships with the Kubernetes Dashboard, which you can reach through a local proxy and authenticate with a token.

  1. Start the proxy using the downloaded kubeconfig:

    kubectl --kubeconfig="<cluster-name>-kubeconfig.yaml" proxy

  2. Open the dashboard in your browser:

    http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

  3. On the login page, choose Token.

  4. Back on the cluster's Cluster Details tab, select View Token next to Kubeconfig Token, then copy the token. (The token is shown only while the cluster is Running.)

  5. Paste the token into the dashboard and select Sign In.

SSL Certificate Renewal

The cluster's API server uses an SSL certificate that is renewed automatically. When the certificate is within 5 days of expiry, the Cluster Details tab shows a banner:

The SSL certificate of this cluster is about to expire. Click here to renew.

  • Manual renewal - select the link in the banner to renew immediately.
  • Automatic renewal - if you take no action, the system renews the certificate automatically so connectivity is not interrupted.

Only one renewal runs at a time, and the cluster must be Running to renew.

Pull Images from a Private Registry

To let pods pull from a private container registry, create a Docker registry secret and reference it with imagePullSecrets. See Container Registry Secrets.

ResourceUse it for
Cluster DetailsKubeconfig, token, and cluster information.
Security GroupsOpen port 6443 for kubectl.
Kubernetes GuidesDeploy ingress, storage, and tools.
Troubleshoot KubernetesFix connectivity and access issues.
Last updated on June 24, 2026.