Difference between revisions of "Tutorials:Set up your Kubernetes user account"
m (→Set up a .kube/config file) |
m (→Set up a .kube/config file) |
||
| Line 11: | Line 11: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | Create a file ".kube/config" and edit its contents as follows: | + | Create a file ".kube/config" and edit its contents as follows. To make sure you get the certificate authority data right, better download it here: [[File:kubeconfig_template_ccu]]. |
<syntaxhighlight lang="yaml"> | <syntaxhighlight lang="yaml"> | ||
| Line 28: | Line 28: | ||
cluster: ccu | cluster: ccu | ||
namespace: tf-test | namespace: tf-test | ||
| − | user: | + | user: your.username |
| − | name: | + | name: me@ccu |
current-context: ccu | current-context: ccu | ||
kind: Config | kind: Config | ||
preferences: {} | preferences: {} | ||
users: | users: | ||
| − | - name: | + | - name: your.username |
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 06:41, 6 June 2019
Unfortunately, making your identity known to the cluster on any machine is a decidedly manual process, which involves editing a local configuration that resides in ".kube/config".
Set up a .kube/config file
Create the subdirectory ".kube" in your home and set restrictive permissions. It will contain your cluster credentials, and anyone who has access to the files in there can steal your identity and impersonate you. We do not want this.
> cd ~
> mkdir .kube
> chmod 700 .kube
Create a file ".kube/config" and edit its contents as follows. To make sure you get the certificate authority data right, better download it here: File:Kubeconfig template ccu.
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1EVXlOekUwTWpBeU5Gb1hEVEk1TURVeU5ERTBNakF5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGk0Ck01bTNCODZxR3g1TkRKa2RxWVkxMEsvRUZCVGNJemJpZDJEdktBZVNpRkJ6UGN6UnJvanFwUm1YanVXSkNyekQKMDBBZDVpODRFTDJlbVJWNUJYcWU0V0RpMnhGWlRSVkF6Qm1MM3RERTRmSGNZNVFPcStHR3kxN05KaTBpaERqVQo0NzVjRk1yVXZLUFcvUlBtN3hadnVvSFF0NHp2WG1TWXRRdXZSbjhHSlRtZnpFeEpCdk5XTVVkU2FUb084ekZ4CnowMFlPRUlsM0tWVW9IQTU0RlpBUU5ZdXMvSFRscW55VTUxMFQ5OS83bHQrUTFjSUd0a2ZqVlBOTmZSeVFWTlYKakx6NWdGb2cyL1BQWEZFcmpLdEhPZUIwenRSd3JYdmRwaC9SS0hOQ0N1TklGTU1IQzFWbzhXQzVPRlRvcmlDTQpMQWxMSEJMdDFDa1o5bWRILzc4Q0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDS3FOZTFmVWluSEhRcHVXdDhDc3RPNWxieWUKT0tlbG1sNWRCZHlJd3k0MmRubjgrdnlIQTQzVHdKOE9CbDNvd1d2b2JhOVQxcENkUzJXbnJ1K25ldGpYVDdSUwpUaVJXVDQ3bmdhQndoNTdlZTZNKzBSRmZmTTVzbXlXVDFwNTRoV3VnSmNwSlZsem9FMWVPNWF6bUk0VFo1eXE4Cm1kUE9uMkljRTE3aEttcjZGeTZ0WXJ4M1cwVVlXeWVDSVduZXNUeWorWU9nYm9LdXluTnRtT1RjTlN0K1hDSTgKWFlQcWp3MVAzNlZpUUt0ZXRFUFFOVVlSMDlFdXBVc0w4RTB4a1IwRGtyVGtaTXhXOEt0eTY2bnltbSsvbW15YQp3eHFZTWpzK2ZBTkZzaUpmZDBDV3VvWFJpb3NuZktHK3piNDR0SFRZbnZBTEdRYVl0b09jRmVGbG5DUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://ccu.uni-konstanz.de:6443
name: ccu
contexts:
- context:
cluster: ""
user: ""
name: ccu
- context:
cluster: ccu
namespace: tf-test
user: your.username
name: me@ccu
current-context: ccu
kind: Config
preferences: {}
users:
- name: your.username
Of course, substitute your own username at the indicated locations.
Get your user credentials (an OAuth ID token) from our server
The next step is to authenticate against our server, which will then create a credential (basically a secret token which only you should know) so that you can prove to the cluster that you are indeed who you claim you are. Go to [] and enter your CCU login. You will get something like this in return:
Copy your credentials to the config and enter the CCU context
Finally, copy paste the above output from your web browser to your ".kube/config" so that it looks like this:
If you have some background in programming, the structure of the config file should be pretty obvious, and you will be able to extend it to include e.g. multiple identities and contexts which access different namespaces. This is quite useful for quickly switching between them without having to type so much.
