kube config file

By mikado on

3 parts:

  • clusters
  • users
  • contexts
    • current-context

By default, kubectl looks for config in:

~/.kube/config

to authenticate against k8s cluster

  • Context maps cluster & user
  • user holds the credentials: client.key & client.crt

Add a user:

k config set-credentials <username> \
--client-certificate devuser.crt \
--client-key devuser.key

Set context:

k config set-context <name> \
--cluster c1
--user devuser

kubectx

Order

kubectl looks at this order:

  • –kubeconfig to kubectl command
  • $KUBECONFIG environment variable
  • ${HOME}/.kube/config

Multiple config files

export KUBECONFIG=~/.kube/config:~/kube/config_2
kubectx

Generate key and certificate

Generate private key:

openssl genrsa -out mika.key 2048

Create a CSR for this key:

openssl req -new -key mika.key -out mika.csr -subj "/CN=mika/O=devops"

Sign the request

openssl x509 -req -in mika.csr \
-CA /etc/kubernetes/pki/ca.crt \
-CAkey /etc/kubernetes/pki/ca.key \
-CAcreateserial \
-out mika.crt \
-days 30

Set user/credentials in kube config

k config set-credentials --client-certificate mika.crt --client-key mika.key

Set context in kube config

k set-context mika-c1 --user mika --cluster c1

Check context is added

kubectx

Category: Container