# Enable Kubectl Shell

Enabling kubectl shell access in GCP is part of a one-time DuploCloud Portal setup process.

## Step 1: Create a Node Pool

1. In the **Tenant** list box, select the **Tools** Tenant.
2. Navigate to **Kubernetes** -> **Nodes**.
3. Select the **Node Pool** tab, and click **Add.**

<figure><img src="/files/OlmmYzCdy4ckKo9udiKh" alt=""><figcaption><p>The <strong>Add Node Pool</strong> pane</p></figcaption></figure>

4. Complete the required fields, and click **Create**.
5. Once the node pool is complete, it will display on the **GCP VM** tab with a status of **Running**.

<figure><img src="/files/zmS5duAmhhbU2ijsbrkr" alt=""><figcaption><p>The <strong>GCE VM</strong> tab in the DuploCloud Portal</p></figcaption></figure>

## Step 2. Create a DuploCloud Service

1. In the **Tenant** list box, select the **Tools** Tenant.
2. Navigate to **Kubernetes** -> **Services**.
3. Click **Add**. The **Add Service** page displays.
4. From the table below, enter the values that correspond to the fields on the **Add Service** page. Accept default values for fields not specified.

| Add Service page field | Value                                    |
| ---------------------- | ---------------------------------------- |
| **Name**               | `kubectl`                                |
| **Cloud**              | `Google`                                 |
| **Platform**           | `GKE Linux`                              |
| **Docker Image**       | `duplocloud/shell:terraform_kubectl_v15` |

4. In the **Environment Variables** field, enter the following YAML. Replace the flask app secret (b33d13ab-5b46-443d-a19d-asdfsd443 in this example) with a string of random numbers and letters in the same format and replace ***CUSTOMER\_PREFIX*** with your customer URL prefix.

```yaml
- Name: FLASK_APP_SECRET
 Value: b33d13ab-5b46-443d-a19d-asdfsd443
- Name: DUPLO_AUTH_URL
 Value: https://<CUSTOMER_PREFIX>.duplocloud.net
```

4. Click **Next**. The **Advanced Options** page displays.
5. Click **Create**. The Service is created.

## Step 3: Create a Load Balancer

1. Navigate to **Kubernetes** -> **Services**.
2. Select the **kubectl** Service from the **NAME** column.
3. Select the **Load Balancers** tab, and click **Configure Load Balancer**. The **Add Load Balancer Listener** pane displays.
4. In the **Select Type** list box, select **K8s Cluster IP**.
5. In the **Container port** and **External port** fields, enter **80**.
6. In the **Health Check** field, enter **/duplo\_auth**.
7. In the **Backend Protocol** list box, select **TCP**
8. Select **Advanced Kubernetes settings** and **Set HealthCheck annotations for Ingress.**
9. Click **Add**. The Load Balancer listener is added.

<div align="left"><figure><img src="/files/eZT9yEfG6s044RgtZ0ap" alt="" width="332"><figcaption><p>The <strong>Add Load Balancer Listener</strong> pane</p></figcaption></figure></div>

## Step 4: Add an Ingress

1. In the **Tenant** list box, select the **Tools** Tenant.
2. Navigate to **Kubernetes** -> **Ingress**.
3. Click **Add**. The **Add Kubernetes Ingress** page displays.
4. In the **Ingress Name** field, enter `kubect-shell`.
5. From the **Ingress Controller** list box, select **gce**.
6. In the **Visibility** list box, select **Public**.
7. In the **DNS Prefix** fiel&#x64;**,** enter the DNS name prefix.
8. In the **Certificate ARN** list box, select the ARN added to the Plan in the **Certificate for Load Balancer and Ingress** step.

<figure><img src="/files/v9twd2fLagMIfSSzF4om" alt=""><figcaption><p>The <strong>Add Kubernetes Ingress</strong> page</p></figcaption></figure>

9. Click **Add Rule**. The **Add Ingress Rule** pane displays.
10. In the **Path** field, enter (**/**)
11. In the **Service Name** list box, select the Service previously created (**kubectl:80**)
12. Click **Add Rule**. A rule directing all traffic to the **kubectl** Service is created.

<div align="left"><figure><img src="/files/APlv0uOuxNG6X36tcoSu" alt="" width="344"><figcaption></figcaption></figure></div>

\
13\. On the **Add Kubernetes Ingress** page, click **Add**. The Ingress is created.

## Step 5: Add the DNS name to System Settings

1. Navigate to **Administrator** -> **Systems Settings**.
2. Select the **System Config** tab, and click **Add**. The **Add Config** pane displays.<br>

   <div align="left"><figure><img src="/files/P5NJ9Vql0JhA29ffZcWd" alt="" width="371"><figcaption><p>The <strong>Add Config</strong> pane</p></figcaption></figure></div>
3. From the **Config Type** list box, select **AppConfig**.
4. From the **Key** list box, select **Other**.
5. In the second **Key** field, enter **DuploShellfqdn**
6. In the **Value** field, paste the Ingress DNS. To find the Ingress DNS, navigate to **Kubernetes** -> **Ingress**, and copy the DNS from the **DNS** column.<br>

   <figure><img src="/files/5yo1W9oxYpyhuIQEwBIz" alt=""><figcaption></figcaption></figure>
7. Click **Submit**. `kubectl` shell access is enabled.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.duplocloud.com/docs/automation-platform/overview-1/prerequisites/tools-tenant/enable-kubectl-shell.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.