Reputation: 519
How to add certificates to Kube config file
I have an local Kubernetes environment and I basically copy .kube/config file to my local and added "context", "users", and "cluster" informations to my current ".kube/config" file. That's ok, I can connect to my local file.
But I want to add these informations to my local config file with commands.
So regarding to this page, I can use "certificate-authority-data" as parameter like below: ---> https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/
PS C:\Users\user\.kube> kubectl config --kubeconfig=config set-cluster local-kubernetes --server=https://10.10.10.10:6443 --certificate-authority-data=LS0tLSAASDASDADAXXXSDETRDFDJHFJWEtGCmx0YVR2SE45Rm9IVjAvQkdwRUM2bnFNTjg0akd2a3R4VUpabQotLS0tLUVORCBDADADADDAADS0tXXXCg==
Error: unknown flag: --certificate-authority-data
See 'kubectl config set-cluster --help' for usage.
PS C:\Users\user\.kube>
But it throws error like above. I'm using kubernetes latest version.
How can I add these informations to my local file with kubectl config command?
Thanks!
Upvotes: 10
Views: 42296
Answers (2)
Reputation: 11
kubectl config set-cluster only accepts --certificate-authority, which needs a file.
You can simply create the file by base64 decode your string.
echo LS0tLSAASDASDADAXXXSDETRDFDJHFJWEtGCmx0YVR2SE45Rm9IVjAvQkdwRUM2bnFNTjg0akd2a3R4VUpabQotLS0tLUVORCBDADADADDAADS0tXXXCg== | base64 -d > cert.pem
kubectl config --kubeconfig=config set-cluster local-kubernetes --server=https://10.10.10.10:6443 --certificate-authority=cert.pem
Upvotes: 1
Reputation: 6853
Possible solution for that is to use --flatten flag with config command:
➜ ~ kubectl config view --flatten=true
flatten the resulting kubeconfig file into self contained output (useful for creating portable kubeconfig files)
That can be also exported to a file (portable config):
kubectl config view --flatten > out.txt
You can read more about kube config in Mastering the KUBECONFIG file document.
Once you run this command on the server where the appropriate certificate are present you will receive base64 encoded keys: certificate-authority-data, client-certificate-data and client-key-data.
Then you can use the command provided in the official config document:
➜ ~ kubectl config set clusters.my-cluster.certificate-authority-data $(echo "cert_data_here" | base64 -i -)
Then you have to replace (echo "cert_data_here" | base64 -i -) with data from flatten config file.
Worth to mention that this info is also available with -help flag for kubectl config:
kubectl config set --help
Sets an individual value in a kubeconfig file
PROPERTY_VALUE is the new value you wish to set. Binary fields such as 'certificate-authority-data'
expect a base64 encoded string unless the --set-raw-bytes flag is used.
Specifying a attribute name that already exists will merge new fields on top of existing values.
Examples:
# Set certificate-authority-data field on the my-cluster cluster.
kubectl config set clusters.my-cluster.certificate-authority-data $(echo "cert_data_here" | base64
-i -)
Upvotes: 19
Related Questions
- How to use Kubernetes SSL certificates
- Provide certificate file into pod in k8s
- Get permanent certificate to access to kubectl
- How do you add a certificate authority (CA) to k8s?
- How Do I Properly Set --kubelet-certificate-authority apiserver parameter?
- Kubernetes doesnt create certificates
- Installing certificates on Kubernetes
- client certificate needed when configuring kubectl
- Passing certificates/keys in kubeconfig throws an JSON error
- Kubernetes on localhost: setup certificates