Demystifying Kubeconfig File
Tips to use it like a pro!
Kube… what?
Kubeconfig is a file used to configure access to Kubernetes by storing information about clusters, users, and contexts.
It provides a way for users to easily switch between different clusters and accounts and specify authentication credentials to access the Kubernetes API.
It is normally used in conjunction with the
kubectlcommand-line tool as well as by libraries and another tooling that interacts with the Kubernetes API.
A typical kubeconfig file could have the following structure:
apiVersion: v1
kind: Config
preferences: {}
clusters:
- cluster:
certificate-authority: /Users/test/.minikube/ca.crt
server: https://127.0.0.1:62040
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
namespace: default
name: minikube
current-context: minikube
users:
- name: minikube
user:
client-certificate: /Users/test/.minikube/profiles/minikube/client.crt
client-key: /Users/test/.minikube/profiles/minikube/client.keyClusters: this section lists each cluster you have access to, each one containing details about the cluster name, the URL of the K8s API server, and how to access it (in this case, via a certificate authority).
Contexts: this section lists each context that you can use to specify, for instance, which user and cluster to use for a given command. It comes with information such as cluster and context name, user, and namespace.
Users: this section lists each user you can use to authenticate with the K8s API by providing a unique user name and authentication credentials such as credentials, client certificates, bearer tokens, or even a proxy.
Now that we all know what a kubeconfig file is and what it consists of, let’s see some useful tips to manage it like a pro!
Tips
1. Loading hierarchy
Assuming we are using the kubectl tool, this is the loading hierarchy from most to least preference to choose which kubeconfig file is used.
- The
--kubeconfigflag. - The
$KUBECONFIGenvironment variable. - Otherwise,
${HOME}/.kube/configdefault file is used.
#1
kubectl get deployments --kubeconfig=custom_config
#2
KUBECONFIG=custom_config kubectl get deployments2. Concatenate multiple kubeconfig files
Imagine you need to work with multiple clusters, and you don’t want to be switching from one kubeconfig file to another one every time you switch the cluster. To avoid this, you can load multiple files to be used at once as follows:
KUBECONFIG=~/.kube/config:file2:file3 kubectl --context=minikube get pods
Note the --context flag to decide on what kubeconfig context we are performing the request to get the pods.
3. Merging and extracting multiple kubeconfig files
Alternatively, to tip number 2 and to avoid having to search for multiple files on your disk, we can merge all the files into one where we’ll have all of our contexts in a single place.
KUBECONFIG=~/.kube/config:file2:file3 \
kubectl config view --merge --flatten > config.yamlReversely, you can extract a given context from a kubeconfig file into a separate file:
KUBECONFIG=config.yaml kubectl config view \
--minify --context?minikube > minikube.yaml4. Using kubectl without a config file
Probably we’ll never need nor want to do this, but there’s a way of running kubectl without a kubeconfig file. We need to set the $KUBECONFIGenvironment variable to blank and pass the server, user, client key, and certificate as flags.
KUBECONFIG= kubectl --server=https://127.0.0.1:62040 \
--user=minikube \
--client-certificate=client.crt \
--client-key=client.keyInteresting Tools
I work with a couple of tools that I strongly recommend for their ease of use when working with multiple clusters:
- kubectx: a tool to switch between contexts on kubectl easily.
Bonus: the repository comes with the
kubenstool as well to switch between Kubernetes namespaces. - kube-ps1: a Kubernetes prompt for
bashandzshthat adds the current Kubernetes context and namespace to your prompt.
Thank you for reading! I hope this article makes your experience with kubeconfig files a much easier and more rewarding experience!