{"id":20681,"date":"2021-03-26T10:18:04","date_gmt":"2021-03-26T10:18:04","guid":{"rendered":"http:\/\/www.devopsschool.com\/blog\/?p=20681"},"modified":"2025-01-23T12:45:31","modified_gmt":"2025-01-23T12:45:31","slug":"what-is-kubectl-and-how-to-configure-it-for-accessing-kubernetes","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/what-is-kubectl-and-how-to-configure-it-for-accessing-kubernetes\/","title":{"rendered":"What is kubectl and How to configure it for accessing kubernetes?"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\"><strong>Use of kubeconfig file<\/strong><\/h3>\n\n\n\n<p>In order for kubectl to find and access a Kubernetes cluster, it needs a kubeconfig file, which is created automatically<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>When you create a cluster using kube-up.sh or<\/li><li>Successfully deploy a Minikube cluster.<\/li><\/ul>\n\n\n\n<p>By default, kubectl configuration is located at ~\/.kube\/config<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>kubeconfig file Loading order<\/strong><\/h3>\n\n\n\n<p>kubectl configuration loading order follows these rules:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>If the &#8211;kubeconfig flag is set, then only that file is loaded. The flag may only be set once and no merging takes place.<\/li><li>If $KUBECONFIG environment variable is set, then it is used a list of paths (normal path delimitting rules for your system). These paths are merged. When a value is modified, it is modified in the file that defines the stanza. When a value is created, it is created in the first file that exists. If no files in the chain exist, then it creates the last file in the list.<\/li><li>Otherwise, ${HOME}\/.kube\/config is used and no merging takes place.<\/li><\/ol>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Terminology in kubeconfig file<\/strong><\/h3>\n\n\n\n<p>There are following terminology used in kubectl configuration file.<\/p>\n\n\n\n<p><strong>clusters<\/strong><br>A cluster contains endpoint data for a kubernetes cluster. This includes the fully qualified url for the kubernetes apiserver, as well as the cluster\u2019s certificate authority or insecure-skip-tls-verify: true, if the cluster\u2019s serving certificate is not signed by a system trusted certificate authority. A cluster has a name (nickname) which acts as a dictionary key for the cluster within this kubeconfig file. You can add or modify cluster entries using &#8220;kubectl config set-cluster&#8221;.<\/p>\n\n\n\n<p>clusters -&gt; cluster -&gt; certificate-authority<br>clusters -&gt; cluster -&gt; server<br>clusters -&gt; cluster -&gt; name<\/p>\n\n\n\n<p><strong>contexts<\/strong><br>A context element in a kubeconfig file is used to group access parameters under a convenient name. A context defines a named cluster,user,namespace tuple which is used to send requests to the specified cluster using the provided authentication info and namespace. Each of the three is optional; it is valid to specify a context with only one of cluster, user,namespace, or to specify none. Unspecified values, or named values that don\u2019t have corresponding entries in the loaded kubeconfig (e.g. if the context specified a pink-user for the above kubeconfig file) will be replaced with the default. See Loading and merging rules below for override\/merge behavior. You can add or modify context entries with kubectl config set-context. By default, the kubectl command-line tool uses parameters from the current context to communicate with the cluster.<\/p>\n\n\n\n<p>contexts -&gt; context -&gt; cluster<br>contexts -&gt; context -&gt; user<br>contexts -&gt; context -&gt; name<\/p>\n\n\n\n<p><strong>users<\/strong><br>A user defines client credentials for authenticating to a kubernetes cluster. A user has a name (nickname) which acts as its key within the list of user entries after kubeconfig is loaded\/merged. Available credentials are client-certificate, client-key, token, and username\/password. username\/password and token are mutually exclusive, but client certs and keys can be combined with them.<br>users -&gt; name<br>users -&gt; user -&gt; client-certificate # Path to a client certificate file for TLS<br>users -&gt; user -&gt; client-key # Path to a client key file for TLS<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Example of kubectl configuration file<\/strong><\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">apiVersion: v1\n<span class=\"hljs-attr\">clusters<\/span>:\n- cluster:\n    certificate-authority: C:\\Users\\Rajesh\\.minikube\\ca.crt\n    <span class=\"hljs-attr\">server<\/span>: https:<span class=\"hljs-comment\">\/\/192.168.99.100:8443<\/span>\n  name: minikube\n<span class=\"hljs-attr\">contexts<\/span>:\n- context:\n    cluster: minikube\n    <span class=\"hljs-attr\">user<\/span>: minikube\n  <span class=\"hljs-attr\">name<\/span>: minikube\ncurrent-context: minikube\n<span class=\"hljs-attr\">kind<\/span>: Config\n<span class=\"hljs-attr\">preferences<\/span>: {}\n<span class=\"hljs-attr\">users<\/span>:\n- name: minikube\n  <span class=\"hljs-attr\">user<\/span>:\n    client-certificate: C:\\Users\\Rajesh\\.minikube\\client.crt\n    client-key: C:\\Users\\Rajesh\\.minikube\\client.key<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\"><strong>kubeconfig for multiple clusters &amp; users<\/strong><\/h3>\n\n\n\n<p>Suppose you have several clusters, and your users and components authenticate in a variety of ways. For example:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>A running kubelet might authenticate using certificates.<\/li><li>A user might authenticate using tokens.<\/li><li>Administrators might have sets of certificates that they provide to individual users.<\/li><\/ol>\n\n\n\n<p>With kubeconfig files, you can organize your clusters, users, and namespaces. You can also define contexts to quickly and easily switch between clusters and namespaces.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Most frequently used kubectl commands<\/h2>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\"># Check that kubectl is properly configured by getting the cluster state:\n$ kubectl cluster-info\n\n# If kubectl cluster-info returns the url response but you can\u2019t access your cluster, to check whether it is configured properly, use:\n$ kubectl cluster-info dump\n\n#Display the current-context\n$ kubectl config current-context\n\n# Delete the minikube cluster\n$ kubectl config delete-cluster minikube\n\n# Delete the context for the minikube cluster\n$ kubectl config delete-context minikube\n\n# List the clusters kubectl knows about\n$ kubectl config get-clusters\n\n# List all the contexts in your kubeconfig file\n$ kubectl config get-contexts\n\n# Describe one context in your kubeconfig file.\n$ kubectl config get-contexts my-context\n\n# Rename the context 'old-name' to 'new-name' in your kubeconfig file\n$ kubectl config rename-context old-name new-name\n\n# Set only the server field on the e2e cluster entry without touching other values.\n$ kubectl config set-cluster e2e --server=https:\/\/1.2.3.4\n\n# Embed certificate authority data for the e2e cluster entry\n$ kubectl config set-cluster e2e --certificate-authority=~\/.kube\/e2e\/kubernetes.ca.crt\n\n# Disable cert checking for the dev cluster entry\n$ kubectl config set-cluster e2e --insecure-skip-tls-verify=true\n\n# Set the user field on the gce context entry without touching other values\n$ kubectl config set-context gce --user=cluster-admin\n\n# Set only the \"client-key\" field on the \"cluster-admin\" # entry, without touching other values:\n$ kubectl config set-credentials cluster-admin --client-key=~\/.kube\/admin.key\n\n# Set basic auth for the \"cluster-admin\" entry\n$ kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif\n\n# Embed client certificate data in the \"cluster-admin\" entry\n$ kubectl config set-credentials cluster-admin --client-certificate=~\/.kube\/admin.crt --embed-certs=true\n\n# Enable the Google Compute Platform auth provider for the \"cluster-admin\" entry\n$ kubectl config set-credentials cluster-admin --auth-provider=gcp\n\n# Enable the OpenID Connect auth provider for the \"cluster-admin\" entry with additional args\n$ kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar\n\n# Remove the \"client-secret\" config value for the OpenID Connect auth provider for the \"cluster-admin\" entry\n$ kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-\n\n# Unset the current-context.\n$ kubectl config unset current-context\n\n# Unset namespace in foo context.\n$ kubectl config unset contexts.foo.namespace\n\n# Use the context for the minikube cluster\n$ kubectl config use-context minikube\n\n# Show Merged kubeconfig settings.\n$ kubectl config view\n\n# Get the password for the e2e user\n$ kubectl config view -o jsonpath='{.users&#91;?(@.name == \"e2e\")].user.password}'<\/code><\/span><\/pre>\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_94474\"><iframe loading=\"lazy\"  id=\"_ytid_87691\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_94474\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Use of kubeconfig file In order for kubectl to find and access a Kubernetes cluster, it needs a kubeconfig file, which is created automatically When you create a cluster using&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[4859],"tags":[],"class_list":["post-20681","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/20681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=20681"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/20681\/revisions"}],"predecessor-version":[{"id":24468,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/20681\/revisions\/24468"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=20681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=20681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=20681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}