Introduction to KubeConfig
What is KubeConfig? KubeCofig enables clients like Kubectl and many programming languages, to securely access your Kubernetes Cluster. Specifically, KubeConfig is a YAML file that contains either a username and password combination or a secure token that when read programmatically removes the need for the Kubernetes client to ask for interactive authentication. KubeConfig is the secure and standard method to enable access to your Kubernetes clusters.
Kubectl provides a command line tool for interacting with Kubernetes; tasks like listing Pods, autoscaling, changing labels and run are available to control and transform your Kubernetes environment.
Kubectl depends on KubeConfig for authentication, by default Kubectl will expect KubeConfig, represented as a file named
config to be present in the
$HOME/.kube directory. Without KubeConfig you cannot use Kubectl.
Obtaining KubeConfig for a Cluster
In order to access your PMK clusters outside of the PMK UI, you need to have a kubeconfig file that is properly configured with either of the following:
- an access token generated by Platform9 for your specific user account, or
- the username and password for your user account stored in encrypted format
You can specify the authentication method to use while downloading the
kubeconfig file through PMK. Once the method is specified, the respective value is retrieved from PMK for authentication and stored in the
The KubeConfig file can be downloaded from the API dashboard.
Token Based KubeConfig
Token-based authentication is a more secure way of authentication.
Once generated, a token is valid for a 24-hour duration, as compared to a username-password combination that is valid as long as the password is valid.
Follow the steps given below to download the
kubeconfig file with a token.
kubeconfigfile through PMK.
- Click Kubernetes>API Access.
Click the Download Config link for the desired cluster from the cluster list.
- Select Token as the Authentication Method and click Download Config.
The token field in the
kubeconfig file is populated with the Keystone token for the user. The
kubeconfig file is downloaded to your default download folder.
You can view the
kubeconfig file content for the cluster by selecting the option for the respective cluster in PMK.