.kube config
Internal
Overview
$HOME/.kube/config is kubectl configuration file. It contains definitions for clusters, users and contexts. The content of the file can be displayed with:
kubectl config view
Clusters
The "clusters" section of $HOME/.kube/config contains the definition of one or more clusters. Each cluster definition has a name, certificate info and the API server's endpoint.
clusters:
- cluster:
certificate-authority-data: LS0tLS1...tLQo=
server: https://kubernetes.docker.internal:6443
name: docker-desktop
Cluster Operations
List all Clusters
kubectl config get-clusters
Users
The "users" section of $HOME/.kube/config contains definitions of users that might have different levels of permissions for each cluster. Each user definition has a friendly name, a username and a set of credentials. The credentials are the certificate the user needs to connect to the API server. In OpenShift's case, the original content of ~/.kube/config for the Unix root account of the master server is created by copying it from /etc/openshift/master/admin.kubeconfig.
users:
- name: docker-desktop
user:
client-certificate-data: LS0tL...LS0K
client-key-data: LS0tL...tLQo=
- name: test-admin
user:
password: M1...0K
username: admin
User Operations
Adding a User
Simply add the section to $HOME/.kube/config. Also see:
Contexts
Contexts bring together clusters and users under a friendly name. The contexts are declared in the "contexts" section of $HOME/.kube/config. They are represented by a formal syntax element ("context"), which has three parameters: cluster, namespace and user.
current-context: docker-desktop
contexts:
- context:
cluster: docker-desktop
user: docker-desktop
name: docker-desktop
Current Context
At any moment, there's a context that is "current" - meaning that all kubectl invocations are directed to the cluster designated by the current context, with the identity set as part of the current context.
Context Operations
List All Contexts
All contexts can be obtained with:
kubectl config get-contexts
Show Current Context
The current context can be viewed with:
kubectl config current-context
and can be changed with:
kubectl config use-context new-context-name
Set a Current Context
kubectl config use-context <context-name>
Delete a Context
kubectl config delete-context <context-name>
Rename a Context
TODO
Creating a Client Configuration from Scratch
This procedure is useful if we install kubectl only on a remote client machine and we need it to configure it to connect to a Kubernetes cluster.
- Download kubectl and install it as described here: kubectl Installation.
- Create a ~/.kube directory.
- Create a ~/.kube/config file with the following content:
apiVersion: v1
kind: Config
clusters:
- name: kubernetes-kubespray
cluster:
certificate-authority-data: LS0tL...LQo=
server: https://10.10.2.146:6443
users:
- name: kubernetes-kubespray-admin
user:
client-certificate-data: LS0t...tLQo=
client-key-data: LS0tLS...S0tLQo=
contexts:
- name: kubernetes-kubespray
context:
cluster: kubernetes-kubespray
user: kubernetes-kubespray-admin
current-context: kubernetes-kubespray
preferences: {}
The cluster certificate-authority-data is obtained as follows.
The user client-certificate-data is obtained as follows.
The user client-key-data is obtained as follows.
KUBECONFIG and Multiple Configuration Files
kubectl first look at the the KUBECONFIG environment variable to determine where its configuration is. As such, different terminals (environments) can set the value of the environment variable differently and access different sets of Kubernetes contexts:
export KUBECONFIG=~/some-kubeconfig
This way you can set up different terminals "dedicated" to different clusters.
.kube/config and OpenShift
OpenShift oc updates .kube/config during the oc login operation.