Menu
I have a kubernetes cluster on Azure and I created 2 namespaces and 2 service accounts because I have two teams deploying on the cluster. I want to give each team their own kubeconfig file for the serviceaccount I created.
I am pretty new to Kubernetes and haven't been able to find a clear instruction on the kubernetes website. How do I create a kube config file for a serviceaccount? Hopefully someone can help me out :), I rather not give the default kube config file to the teams.
With kind regards,
Bram
953
To create your kubeconfig file manuallyRetrieve the endpoint for your cluster and store the value in a variable. Retrieve the Base64-encoded certificate data required to communicate with your cluster and store the value in a variable. Create the default ~/. kube directory if it doesn't already exist.
# your server name goes here server=https://localhost:8443 # the name of the secret containing the service account token goes here name=default-token-sg96k ca=$(kubectl get secret/$name -o jsonpath='{.data.ca\.crt}') token=$(kubectl get secret/$name -o jsonpath='{.data.token}' | base64 --decode) namespace=$(kubectl get secret/$name -o jsonpath='{.data.namespace}' | base64 --decode) echo " apiVersion: v1 kind: Config clusters: - name: default-cluster cluster: certificate-authority-data: ${ca} server: ${server} contexts: - name: default-context context: cluster: default-cluster namespace: default user: default-user current-context: default-context users: - name: default-user user: token: ${token} " > sa.kubeconfig I cleaned up Jordan Liggitt's script a little.
Unfortunately I am not yet allowed to comment so this is an extra answer:
# The script returns a kubeconfig for the service account given # you need to have kubectl on PATH with the context set to the cluster you want to create the config for # Cosmetics for the created config clusterName=some-cluster # your server address goes here get it via `kubectl cluster-info` server=https://157.90.17.72:6443 # the Namespace and ServiceAccount name that is used for the config namespace=kube-system serviceAccount=developer ###################### # actual script starts set -o errexit secretName=$(kubectl --namespace $namespace get serviceAccount $serviceAccount -o jsonpath='{.secrets[0].name}') ca=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.ca\.crt}') token=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.token}' | base64 --decode) echo " --- apiVersion: v1 kind: Config clusters: - name: ${clusterName} cluster: certificate-authority-data: ${ca} server: ${server} contexts: - name: ${serviceAccount}@${clusterName} context: cluster: ${clusterName} namespace: ${namespace} user: ${serviceAccount} users: - name: ${serviceAccount} user: token: ${token} current-context: ${serviceAccount}@${clusterName} " If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
