.kube config: Difference between revisions
(→Users) |
|||
Line 24: | Line 24: | ||
=Users= | =Users= | ||
The "users" section of $HOME/.kube/config contains definitions of users that might have different levels of permissions for each cluster. Each user definition has a friendly name, a username and a set of credentials. | |||
<syntaxhighlight lang='yaml'> | <syntaxhighlight lang='yaml'> |
Revision as of 18:11, 6 January 2020
Internal
Overview
$HOME/.kube/config is kubectl configuration file. It contains definitions for clusters, users and contexts. The content of the file can be displayed with:
kubectl config view
Clusters
The "clusters" section of $HOME/.kube/config contains the definition of one or more clusters. Each cluster definition has a name, certificate info and the API server's endpoint.
clusters:
- cluster:
certificate-authority-data: LS0tLS1...tLQo=
server: https://kubernetes.docker.internal:6443
name: docker-desktop
Users
The "users" section of $HOME/.kube/config contains definitions of users that might have different levels of permissions for each cluster. Each user definition has a friendly name, a username and a set of credentials.
users:
- name: docker-desktop
user:
client-certificate-data: LS0tL...LS0K
client-key-data: LS0tL...tLQo=
Contexts
Contexts bring together clusters and users under a friendly name.
current-context: docker-desktop
contexts:
- context:
cluster: docker-desktop
user: docker-desktop
name: docker-desktop
Current Context
The current context can be viewed with:
kubectl config current-context
and can be changed with:
kubectl config use-context new-context-name
Creating a Client Configuration from Scratch
This procedure is useful if we install kubectl only on a remote client machine and we need it to configure it to connect to a Kubernetes cluster.
- Download kubectl and install it as described here: kubectl Installation.
- Create a ~/.kube directory.
- Create a ~/.kube/config file with the following content:
apiVersion: v1
kind: Config
clusters:
- name: kubernetes-kubespray
cluster:
certificate-authority-data: LS0tL...LQo=
server: https://10.10.2.146:6443
users:
- name: kubernetes-kubespray-admin
user:
client-certificate-data: LS0t...tLQo=
client-key-data: LS0tLS...S0tLQo=
contexts:
- name: kubernetes-kubespray
context:
cluster: kubernetes-kubespray
user: kubernetes-kubespray-admin
current-context: kubernetes-kubespray
preferences: {}
The cluster certificate-authority-data is obtained as follows.
The user client-certificate-data is obtained as follows.
The user client-key-data is obtained as follows.