Day 22/#30daysofK8s

Using client public-private key pair and cert file to fetch information from k8s API can be done like —

curl https://localhost-k8s:6443/api/v1/pods --key admin.key --cert admin.crt --cacert ca.crt

The same thing can be run with kubectl like —

kubectl get pods --server https://localhost-k8s:6443 --client-key admin.key --client-certificate admin.crt --certificate-authority ca.crt

Instead of specifying these configs every time, they can be moved to a configuration file and this file can be specified while calling the kubectl command like — kubectl get pods --kubeconfig config

By default, it looks under $HOME/.kube/config if --kubeconfig is not passed.

This config consists mainly of 3 parts — 1) clusters, 2) contexts, 3) users

It looks like this—

apiVersion: v1
kind: Config
clusters:
- name: minishift
  certificate-authority-data: <base64_encoded_ca.crt_file>
  server: https://local-minishift:8443/
- name: minikube
  certificate-authority-data: <base64_encoded_ca.crt_file>
  server: https://local-minikube:8443/
contexts:
- context:
    cluster: minishift
    namespace: myproject
    user: developer-minishift
- context:
    cluster: minikube
    namespace: default
    user: developer-minikube
users:
- name: developer-minishift
  user:
    token: _adsflmlkdsfldf
- name: developer-minikube
  user:
    client-key-data: <base64_encoded_client.key_file>
    client-certificate-data: <base64_encoded_client.crt_file>
current-context: "myproject"

current-context indicates the default context and can be changed by — kubectl config use-context <context_name>