Ben's Words

About me

Kubeconfig

2024-06-08

This document's examples have been focused on what you can do on a single-node cluster on your own local machine. But when you build your application and put it in production it'll actually reside in a remote cluster. This might be a cluster many others have access to, in which case there'll likely be limits on what each person can view and change.

A common way to allow access to only the resources you're approved for is through kubeconfigs. You receive a kubeconfig file from your cluster administrator that'll contain both what you need to authenticate and also the means of telling kubectl and other tools where to find your cluster.

Below is an example of a kubeconfig file. The kubeconfig you receive for your cluster might not have precisely this structure, but it'll be similar.

  apiVersion: "v1"
  clusters: 
    - 
      cluster: 
        certificate-authority-data: "<base64-encoded-certificate-authority-data>"
        server: "https://my.cluster.url"
      name: "my-cluster-name"
  contexts: 
    - 
      context: 
        cluster: "my-cluster-name"
        namespace: "my-namespace"
        user: "my-service-account"
      name: "context-name"
  current-context: "context-name"
  kind: "Config"
  preferences: {}
  users: 
    - 
      name: "my-service-account"
      user: 
        token: "<base64-encoded-token>"

You have 3 options for how to use this file to access your cluster via kubectl:

Save this file, and create an environment variable called KUBECONFIG that contains a path to this file. When you run kubectl, it'll use this variable to find the kubeconfig.

or

Use the --kubeconfig= option, giving the path to your kubeconfig file as the value (e.g. --kubeconfig=/path/to/your/kubeconfig.yml). This is useful if you make frequent use of different kubeconfigs.

or

Add to or replace the contents of the ~/.kube/config file with that of your kubeconfig. This file was probably created when you installed kubectl, but if not, create it. (It'll be in your home directory as indicated by ~. The folder it's in starts with a dot, so you'll need to enable displaying of hidden files in order to find it.)

The ~/.kube/config file is itself a kubeconfig. (If you've been using Rancher Desktop or Minikube, they've been modifying this file so that you can communicate with their clusters via kubectl). If you choose to add your kubeconfig's contents to it instead of replacing the whole file, add only the items in the three lists (clusters, contexts, and users). Then, to make your context active, do one of the following:

In the file, set the value of current-context to the name of your context

or

From the command line, use kubectl config use-context <context-name>