kubeconfig
Last updated
Was this helpful?
Last updated
Was this helpful?
references:
others:
more usage:
$ kubectl config set-cluster k8s-cluster --server=127.0.0.1:8087
$ kubectl config set-cluster NAME --server=https://10.69.114.92:6443
# or
$ kubectl config set-cluster $(kubectl config current-context) --server=https://10.69.114.92:6443
using token
$ kubectl config set-credentials my-user --token=Py93bt12mT
using basic authentication
$ kubectl config set-credentials my-user --username=redhat-username --password=redhat-password
using certificates
$ kubectl config set-credentials my-user --client-certificate=redhat-certificate.crt --client-key=redhat-key.key
$ kubectl config set-context --cluster=k8s-cluster --user=my-user
by namespace
$ kubectl config set-context my-context --cluster=k8s-cluster --user=my-user --namespace=redhat-dev
$ kubectl config set-context --current --namespace=<my_namespace>
$ kubectl config use-context my-context
verify
$ kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* my-context 172.0.7.2:6443 my-user redhat-dev
my-context-2 172.1.8.0:6443 my-user-2
$ kubectl config current-context
my-context
[!NOTE|label:references:]
$ kubectl config set-credentials USER_NAME \ --auth-provider=oidc \ --auth-provider-arg=idp-issuer-url=( issuer url ) \ --auth-provider-arg=client-id=( your client id ) \ --auth-provider-arg=client-secret=( your client secret ) \ --auth-provider-arg=refresh-token=( your refresh token ) \ --auth-provider-arg=idp-certificate-authority=( path to your ca certificate ) \ --auth-provider-arg=id-token=( your id_token )
echo "-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
" \ > ca-kubernetes-staging.pem
## set cluster
kubectl config set-cluster kubernetes-staging \
--server=https://127.0.7.2:6443 \
--certificate-authority=ca-kubernetes-staging.pem \
--embed-certs
## set credential
kubectl config set-credentials marslo@kubernetes-staging \
--auth-provider=oidc \
--auth-provider-arg='idp-issuer-url=https://dex-k8s.domain.com/' \
--auth-provider-arg='client-id=dex-k8s-authenticator' \
--auth-provider-arg='client-secret=Z**********************0' \
--auth-provider-arg='refresh-token=C**********************************************************************n' \
--auth-provider-arg='id-token=e**********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************A'
## set context
kubectl config set-context kubernetes-staging --cluster=kubernetes-staging --user=marslo@kubernetes-staging
## use context
kubectl config use-context kubernetes-staging
verify
# get id-token
$ kubectl config view -o jsonpath='{.users[?(@.name == "marslo@kubernetes-staging")].user.auth-provider.config.id-token}'
# get the password for the `e2e` user
$ kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'
[!TIP] a configuration file describes
clusters
,users
, andcontexts
set clusters
# cluster development
$ kubectl config --kubeconfig=config-demo \
set-cluster development \
--server=https://1.2.3.4 \
--certificate-authority=fake-ca-file
# cluster test
$ kubectl config --kubeconfig=config-demo \
set-cluster test \
--server=https://5.6.7.8 \
--insecure-skip-tls-verify
set user
[!NOTE]
To delete a user you can run
kubectl --kubeconfig=config-demo config unset users.<name>
To remove a cluster, you can run
kubectl --kubeconfig=config-demo config unset clusters.<name>
To remove a context, you can run
kubectl --kubeconfig=config-demo config unset contexts.<name>
# with CA
$ kubectl config --kubeconfig=config-demo \
set-credentials developer \
--client-certificate=fake-cert-file \
--client-key=fake-key-seefile
# with basic authentication
$ kubectl config --kubeconfig=config-demo \
set-credentials experimenter \
--username=exp \
--password=some-password
add context
# user developer namespace frontend
$ kubectl config --kubeconfig=config-demo \
set-context dev-frontend \
--cluster=development \
--namespace=frontend \
--user=developer
# user developer namespace storage
$ kubectl config --kubeconfig=config-demo \
set-context dev-storage \
--cluster=development \
--namespace=storage \
--user=developer
# user experimenter
$ kubectl config --kubeconfig=config-demo \
set-context exp-test \
--cluster=test \
--namespace=default \
--user=experimenter
result
$ kubectl config --kubeconfig=config-demo get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
dev-frontend development developer frontend
dev-storage development developer storage
exp-test test experimenter default
$ kubectl config --kubeconfig=config-demo view
apiVersion: v1
clusters:
- cluster:
certificate-authority: fake-ca-file
server: https://1.2.3.4
name: development
- cluster:
insecure-skip-tls-verify: true
server: https://5.6.7.8
name: test
contexts:
- context:
cluster: development
namespace: frontend
user: developer
name: dev-frontend
- context:
cluster: development
namespace: storage
user: developer
name: dev-storage
- context:
cluster: test
namespace: default
user: experimenter
name: exp-test
current-context: ""
kind: Config
preferences: {}
users:
- name: developer
user:
client-certificate: fake-cert-file
client-key: fake-key-seefile
- name: experimenter
user:
password: some-password
username: exp
use context
$ kubectl config --kubeconfig=config-demo use-context dev-frontend
Switched to context "dev-frontend".
$ kubectl config --kubeconfig=config-demo get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* dev-frontend development developer frontend
dev-storage development developer storage
exp-test test experimenter default
$ kubectl config --kubeconfig=config-demo view --minify
apiVersion: v1
clusters:
- cluster:
certificate-authority: fake-ca-file
server: https://1.2.3.4
name: development
contexts:
- context:
cluster: development
namespace: frontend
user: developer
name: dev-frontend
current-context: dev-frontend
kind: Config
preferences: {}
users:
- name: developer
user:
client-certificate: fake-cert-file
client-key: fake-key-seefile
KUBECONFIG
environment variable
linux
$ export KUBECONFIG_SAVED="$KUBECONFIG"
windows
> $Env:KUBECONFIG_SAVED=$ENV:KUBECONFIG
temporarily append two paths to your kubeconfig environment variable
linux
$ export KUBECONFIG="${KUBECONFIG}:config-demo:config-demo-2"
windows
> $Env:KUBECONFIG=("config-demo;config-demo-2")
linux
$ export KUBECONFIG="${KUBECONFIG}:${HOME}/.kube/config"
windows
> $Env:KUBECONFIG="$Env:KUBECONFIG;$HOME\.kube\config"
linux
$ export KUBECONFIG="$KUBECONFIG_SAVED"
windows
> $Env:KUBECONFIG=$ENV:KUBECONFIG_SAVED
[!NOTE] references:
$ kubectl config set-cluster <k8s-cluster-name> --proxy-url=<my-proxy-url>
# i.e.
$ kubectl config set-cluster development --proxy-url=http://sample.proxy.com:3128
result
apiVersion: v1
kind: Config
clusters:
- cluster:
proxy-url: http://proxy.example.org:3128
server: https://k8s.example.org/k8s/clusters/c-xxyyzz
name: development
users:
- name: developer
contexts:
- context:
name: development
[!INFO|label:references:]
get contexts list
$ kubectl config --kubeconfig=config-demo get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* dev-frontend development developer frontend
dev-storage development developer storage
exp-test test experimenter default
get current context
$ kubectl config --kubeconfig=config-demo current-context
dev-frontend
get clusters
$ kubectl config --kubeconfig=config-demo get-clusters
NAME
development
test
get users
$ kubectl config --kubeconfig=config-demo get-users
NAME
developer
experimenter
by cluster name
# get all cluster name
$ kubectl config --kubeconfig=config-demo view -o jsonpath="{.clusters[*].name}"
development test
$ kubectl config --kubeconfig=config-demo view \
-o jsonpath='{.clusters[?(@.name == "development")].cluster.server}'
https://1.2.3.4
current in-use via --minify
[!NOTE]
--minify=false: Remove all information not used by current-context from the output
$ kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'
https://1.2.3.4
# or
$ kubectl config view --minify -o jsonpath="{.clusters[].cluster.server}"
https://1.2.3.4
# more info
$ kubectl config view --minify -o jsonpath="{.clusters[*].name}"
development
# or
$ kubectl config view --minify -o jsonpath="{.clusters[].name}"
development
current in-use via current-context
# or get current cluster IP
$ kubectl config --kubeconfig=config-demo current-context
development
$ kubectl config --kubeconfig=config-demo view \
-o jsonpath="{.clusters[?(@.name == \"$(kubectl config --kubeconfig=config-demo current-context)\")].cluster.server}"
$ kubectl config --kubeconfig=config-demo view -o jsonpath='{.users[*].name}'
developer experimenter
$ kubectl config --kubeconfig=config-demo view -o jsonpath='{.users[?(@.name == "experimenter")]}'
{"name":"experimenter","user":{"password":"some-password","username":"exp"}}
$ kubectl config --kubeconfig=config-demo view -o jsonpath='{.users[?(@.name == "experimenter")].user.password}'
some-password
$ kubectl config --kubeconfig=config-demo view -o jsonpath='{.users[?(@.name == "developer")]}'
{"name":"developer","user":{"client-certificate":"fake-cert-file","client-key":"fake-key-seefile"}}
# or via base64 decoding
$ kubectl config --kubeconfig=config-demo view -o jsonpath='{.users[?(@.name == "developer")]}' | base64 -d
--minify=false:
Remove all information not used by current-context from the output
$ kubectl config --kubeconfig=config-demo view -o jsonpath='{.users[?(@.name == "developer")].user.client-key}'
fake-key-seefile
# or via base64 decoding
$ kubectl config --kubeconfig=config-demo view -o jsonpath='{.users[?(@.name == "developer")].user.client-key}' | base64 -d
[!NOTE|label:references:]
$ kubectl get cm kubeadm-config -n kube-system -o=jsonpath="{.data.ClusterConfiguration}"
exec >/tmp/output &&
CONTEXT_NAME=kubernetes-admin@kubernetes \
CONTEXT_CLUSTER=$(kubectl config view -o=jsonpath="{.contexts[?(@.name==\"${CONTEXT_NAME}\")].context.cluster}") \
CONTEXT_USER=$(kubectl config view -o=jsonpath="{.contexts[?(@.name==\"${CONTEXT_NAME}\")].context.user}") && \
echo "[" && \
kubectl config view -o=json | jq -j --arg CONTEXT_NAME "$CONTEXT_NAME" '.contexts[] | select(.name==$CONTEXT_NAME)' && \
echo "," && \
kubectl config view -o=json | jq -j --arg CONTEXT_CLUSTER "$CONTEXT_CLUSTER" '.clusters[] | select(.name==$CONTEXT_CLUSTER)' && \
echo "," && \
kubectl config view -o=json | jq -j --arg CONTEXT_USER "$CONTEXT_USER" '.users[] | select(.name==$CONTEXT_USER)' && \
echo -e "\n]\n" && \
exec >/dev/tty && \
cat /tmp/output | jq && \
rm -rf /tmp/output
$ kubectl config view -o json |
jq '. as $o
| ."current-context" as $current_context_name
| $o.contexts[] | select(.name == $current_context_name) as $context
| $o.clusters[] | select(.name == $context.context.cluster) as $cluster
| $o.users[] | select(.name == $context.context.user) as $user
| {"current-context-name": $current_context_name, context: $context, cluster: $cluster, user: $user}'