It is convenient to be able to access the Kubernetes API server via kubectl on your workstation. It means that you can submit any manifests that you may have been developing to your cluster running on AWS.
We need to allow traffic from the bastion server to access the API server. Let's add a rule to the K8S-MASTER security group to allow this traffic, as follows:
$ aws ec2 authorize-security-group-ingress \
--group-id $K8S_MASTER_SG_ID \
--protocol tcp \
--port 6443 \
--source-group $BASTION_SG_ID
If you haven't already installed kubectl on your workstation, turn back to Chapter 2, Start Your Engines, to learn how.
Now we can copy the kubeconfig file from the master instance.
If you do not already have any clusters configured in your local ~/.kube/config file, you can copy the file from the master, as follows:
$ scp...
