Welcome to our latest blog post, where we delve into the world of Kubernetes kubeconfig files or config files. Whether you're new to Kubernetes or a seasoned pro, this guide will equip you with why we need kubeconfig files. Let's get started!
so what is a kubeconfig file?
kubeconfig is the default way to authenticate to a Kubernetes cluster. It can be a little cryptic, but it is easy to understand if you look closely.
Whether you use Kubernetes in a bare-metal cluster, the cloud, or a simple virtual machine created with minikube, you always have a kubeconfig file. The file contents may differ in some cases, but the principle is the same. This post uses a minikube installation to explain the kubeconfig file.
kubeconfig file components
Kubernetes components like kubelet, kube-controller-manager, or kubectl use the kubeconfig file to interact with the Kubernetes API. Usually, the kubectl commands use the kubeconfig file.
The kubeconfig file's default location for kubectl is the ~/.kube directory. Instead of using the full kubeconfig name, the file is just named config. The default location of the kubeconfig file is ~/.kube/config. There are other ways to specify the kubeconfig location, such as the KUBECONFIG environment variable or the kubectl --kubeconfig parameter.
The kubeconfig file is a YAML file containing groups of clusters, users, and contexts.
A cluster is a Kubernetes cluster.
A user is a credential used to interact with the Kubernetes API.
A context is a combination of a cluster and a user. Every time you execute an
kubectlcommand, you reference a context insidekubeconfig.
The following is a sample kubeconfig file from a new minikube installation:
apiVersion: v1
kind: Config
clusters:
- name: minikube
cluster:
certificate-authority: /home/hector/.minikube/ca.crt
server: https://192.168.39.217:8443
users:
- name: minikube
user:
client-certificate: /home/hector/.minikube/profiles/minikube/client.crt
client-key: /home/hector/.minikube/profiles/minikube/client.key
contexts:
- name: minikube
context:
cluster: minikube
namespace: default
user: minikube
current-context: minikube
clusters section lists all clusters that you already connected. In this case, there is only one, named minikube. This name is arbitrary and can be any name you like. Inside the cluster are two keys:
certificate-authority contains a certificate for the certificate authority (CA) that signed all internal Kubernetes certificates. This can be a file path or a Base64 string of the certificate's Privacy Enhanced Mail (PEM) format.
server is the address of the server.
users section lists all users already used to connect to a cluster. In this case, there is only a single user, named minikube. This name is arbitrary, and there is no relationship with any object inside Kubernetes or OpenShift. There are some possible keys for a user:
client-certificate contains a certificate for the user signed by the Kubernetes CA. This can be a file path or a Base64 string in the certificate PEM format.
client-key contains the key that signed the client certificate.
token contains a token for this user when there is no certificate.
contexts section specifies a combination of a user and a cluster. It also defines a default namespace for this pair. The context name is arbitrary, but the user and cluster should be predefined inside the kubeconfig file. If the namespace does not exist inside Kubernetes, the commands will fail and display the default Kubernetes message for a nonexistent namespace.
Kubeconfig to Access Multiple Clusters
By doing this example you will understand how kubeconfig files are written and how you can access multiple Kubernetes clusters with one kubeconfig file.
Step - 1 (Create to Clusters)
For this example, we need 2 Kubernetes clusters. So I can show you how you can switch to both Kubernetes clusters. In my case I have created a Minikube cluster and other Kubernetes cluster I have created on Azure with Azure Kubernetes service.
This is my Minikube Cluster
This is my Azure Kubernetes Services Cluster
Step - 2 (Get both config files)
First thing first we will make a copy of our config. Use this command to make a copy
cp ~/.kube/config ~/.kube/config.bak
Now create a folder on your desktop and then move the config file of the Minikube to this folder so that we can edit this config file. You can use this command to move the file.
mv ~/.kind/config .
Now open that config file into a code editor. So this is our config file for our Minikube Cluster.
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: /home/codespace/.minikube/ca.crt
server: https://192.168.49.2:8443
name: minikube
contexts:
- context:
cluster: minikube
namespace: default
user: minikube
name: minikube
current-context: minikube
preferences: {}
users:
- name: minikube
user:
client-certificate: /home/codespace/.minikube/profiles/minikube/client.crt
client-key: /home/codespace/.minikube/profiles/minikube/client.key
Now we will download or get the config file for the Azure Kubernetes Services. To do so you can connect to the Azure Kubernetes Services Cluster using Azure Cloud shell.
This is my Azure Kubernetes Services Cluster
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU2RENDQXRDZ0F3SUJBZ0lRTkWWG1kQzEzckNtVlI
name: azure-cluster
contexts:
- context:
cluster: azure-cluster
user: clusterUser_az-400_azure-cluster
name: azure-cluster
current-context: azure-cluster
kind: Config
preferences: {}
users:
- name: clusterUser_az-400_azure-cluster
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZIakNDQXdhZ0F3SUJBZ0lSQU15dHlpb3pTQm8vN
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBeGdkVEdjLytLbnN0R0NzT1A2b05
token: kdgbulnfv6rhfha8gcey99a5f2b4935ash98gvss5f1mpw7ecu5lzap3935n6xqgxgsu0mnmso5
Step - 3 (Merge Kubeconfig file)
Now that we have both the files we merge both files in one config so that we can use that config file to assess both clusters just with one config file.
To merge kubeconfig file we have a command that we are going to use.
$ KUBECONFIG=~/.kube/config:/path/to/other/config kubectl config view --flatten > /tmp/new_config
This command will create a new config file which will be the merger of both config files.
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0
name: azure-cluster
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1
cluster: azure-cluster
user: clusterUser_az-400_azure-cluster
name: azure-cluster
- context:
cluster: minikube
namespace: default
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: clusterUser_az-400_azure-cluster
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZIakNDQXdhZ0F3SUJBZ
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBeGdkVEdjLy
token: kdgbulnfv6rhfha8gcey99a5f2b4935ash98gvss5f1mpw7ecu5lzap3935n6xqgxgsu0mnmso5lv4dfi71tj6
- name: minikube
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVB
Now we have merged both config files into one config file.
Step - 4 (Access both Cluster)
First, if you have remembered we have moved our config file to a working dir. This means right now we don't have any config files in ~/.kube/ a folder. So now we will move this file newly made config file. To ~/.kube
Use the mv command to move the file
$ mv /config-folder/new_config ~/.kube/config
Now that we have moved our latest config file to the .kube file. Let's check whether it's working or not. To do so we can use this command that will show all the clusters that we can access.
kubectl config get-clusters
There are other commands like
kubectl config get-users #to get all users
kubectl config get-contexts # to get all the contexts
If you look closely at the last command it shows the contexts and if look at the CURRENT there is * on the Minikube because that Minikube is selected.
If you want to change the contexts from Minikube to the Azure Kubernetes then we have to use this command to access that cluster.
kubectl config use-contexts <name>
As you can see you have changed the cluster from Minikube to Azure-cluster.
Some Commands to Manage Cluster & Contexts
$ kubectl config --help
$ kubectl config view
$ kubectl config view --minify
$ kubectl config get-clusters
$ kubectl config get-users
$ kubectl config current-context
$ kubectl config set-context <CONTEXT_NAME> --namespace=dev
$ kubectl config set-context $(kubectl config current-context) --namespace=dev
$ kubectl config use-context <CONTEXT_NAME>
THE END
That is all for today we learned a lot today if you have any questions please let me I will answer that. One more suggestion please write down those commands on a piece of paper that will be always on your table so that whenever you need it you can refer from that. Let me know if you are stuck at any point I will be happy to help.