How to create a kubectl config file for serviceaccount How to create a kubectl config file for serviceaccount kubernetes kubernetes

How to create a kubectl config file for serviceaccount


azure kubernetes kubectl 

# your server name goes hereserver=https://localhost:8443# the name of the secret containing the service account token goes herename=default-token-sg96kca=$(kubectl get secret/$name -o jsonpath='{.data.ca\.crt}')token=$(kubectl get secret/$name -o jsonpath='{.data.token}' | base64 --decode)namespace=$(kubectl get secret/$name -o jsonpath='{.data.namespace}' | base64 --decode)echo "apiVersion: v1kind: Configclusters:- name: default-cluster  cluster:    certificate-authority-data: ${ca}    server: ${server}contexts:- name: default-context  context:    cluster: default-cluster    namespace: default    user: default-usercurrent-context: default-contextusers:- name: default-user  user:    token: ${token}" > sa.kubeconfig

azure kubernetes kubectl

Kubectl can be initialized to use a cluster account. To do so, get the cluster url, cluster certificate and account token.

KUBE_API_EP='URL+PORT'KUBE_API_TOKEN='TOKEN'KUBE_CERT='REDACTED'echo $KUBE_CERT >deploy.crtkubectl config set-cluster k8s --server=https://$KUBE_API_EP \     --certificate-authority=deploy.crt  \    --embed-certs=truekubectl config set-credentials gitlab-deployer --token=$KUBE_API_TOKENkubectl config set-context k8s --cluster k8s --user gitlab-deployerkubectl config use-context k8s

The cluster file is stored under: ~/.kube/config. Now the cluster can be accessed using:

kubectl --context=k8s get pods -n test-namespace

add this flag --insecure-skip-tls-verify if you are using self signed certificate.

azure kubernetes kubectl

I cleaned up Jordan Liggitt's script a little.

Unfortunately I am not yet allowed to comment so this is an extra answer:

# The script returns a kubeconfig for the service account given# you need to have kubectl on PATH with the context set to the cluster you want to create the config for# Cosmetics for the created configclusterName=some-cluster# your server address goes here get it via `kubectl cluster-info`server=https://157.90.17.72:6443# the Namespace and ServiceAccount name that is used for the confignamespace=kube-systemserviceAccount=developer####################### actual script startsset -o errexitsecretName=$(kubectl --namespace $namespace get serviceAccount $serviceAccount -o jsonpath='{.secrets[0].name}')ca=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.ca\.crt}')token=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.token}' | base64 --decode)echo "---apiVersion: v1kind: Configclusters:  - name: ${clusterName}    cluster:      certificate-authority-data: ${ca}      server: ${server}contexts:  - name: ${serviceAccount}@${clusterName}    context:      cluster: ${clusterName}      namespace: ${serviceAccount}      user: ${serviceAccount}users:  - name: ${serviceAccount}    user:      token: ${token}current-context: ${serviceAccount}@${clusterName}"

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last