Kubernetes Security 101 : The kubeconfig file
We could send the same information with a request to the API server to get a list of service (svc) running on the cluster for example:
Using a kubeconfig file:
Instead of typing all the above information each time we make a request to the API-server for example, we can put it in a file and pass it to our command.
That file is called the "kubeconfig" file.
The file is located by default in $HOME/.kube/config or in
"~/. kube/config ".
If we don't specify a path for the config file, kubernetes uses the above default one.
Kubeconfig file elements:
The kubeconfig file consists of three elements:
- Clusters : the list the different kubernetes clusters you want to access.
- Users : represent the different accounts accessing the clusters.
- Contexts : contexts are a combination or a pair made up of a user account and a cluster name.
We can for example create a context for an "admin" user accessing a "test" cluster, or a "developer" user for a "development" cluster.
The kubeconfig Yaml file:
Below is an example of a Yaml configuration file:
We can see in our file above the field: current-context, which is the default context to use.
We can add entries for other users, contexts or clusters.
The file is read by the kubectl command in our earlier example.
The file is read by the kubectl command in our earlier example.
According to our config file above, the kubectl command will use the user "user" to access the "kubernetes_cluster" cluster.
Displaying a config file:
To display the config file , we use the command:
We can also specify the config file name in the kubectl command:
If we have different contexts we can switch to another one using the below command:
- Contexts live in namespaces.
- Certificates live in "/etc/kubernetes/pki".
Comments