Kubernetes Credentials and Context Management

Understanding the kubeconfig file structure with clusters, users, and contexts sections, and managing Kubernetes context switching using kubectl config commands.

2 min read

For the kubectl command to communicate with a Kubernetes cluster, it needs cluster connection information, user authentication credentials, and their combination (Context). This information is typically stored in a kubeconfig file.

kubeconfig File

The kubeconfig file is a YAML-formatted file containing configuration information for kubectl to connect to Kubernetes clusters. By default, it is located at ~/.kube/config.

The kubeconfig file consists of three main sections.

  1. clusters:
    • Defines information about the Kubernetes clusters to connect to (API server URL, certificates, etc.).
    • Multiple cluster configurations can be registered.
  2. users:
    • Defines user authentication credentials for accessing clusters (client certificates, tokens, username/password, etc.).
    • Multiple user configurations can be registered.
  3. contexts:
    • Specifies a pair of cluster and user, along with the default namespace to use.
    • Defines which cluster kubectl connects to, as which user, and in which Namespace.

Example kubeconfig file:

apiVersion: v1
kind: Config
clusters: # Kubernetes cluster connection information
- cluster:
    certificate-authority: /Users/USER/.minikube/ca.crt # Cluster CA certificate
    server: https://127.0.0.1:55537 # API server endpoint
  name: minikube # Cluster name (arbitrary identifier)
users: # User authentication information
- name: minikube # User name (arbitrary identifier)
  user:
    client-certificate: /Users/USER/.minikube/profiles/minikube/client.crt # Client certificate
    client-key: /Users/USER/.minikube/profiles/minikube/client.key # Client private key
contexts: # Combination of cluster and authentication information
- context:
    cluster: minikube # Referenced cluster name
    namespace: default # Default Namespace to use
    user: minikube # Referenced user name
  name: minikube # Context name (arbitrary identifier)
current-context: minikube # Name of the currently active Context
preferences: {}

kubeconfig Operations

The kubectl command provides subcommands for operating the kubeconfig file. This allows easy switching and management of multiple Kubernetes clusters, different credentials, and Namespaces.

Listing Contexts

Displays all currently configured Contexts. The currently active Context is marked with an asterisk *.

kubectl config get-contexts

Switching Contexts

Switches to the specified Context. Subsequent kubectl commands will be executed according to that Context’s settings.

kubectl config use-context <context_name>
# Example: kubectl config use-context minikube

Displaying the Current Context

Displays the name of the currently active Context.

kubectl config current-context

Adding a Context

To add a new Context, use a combination of set-cluster, set-credentials, and set-context commands.

# Add cluster information
kubectl config set-cluster my-new-cluster --server=https://<api-server-ip> --certificate-authority=/path/to/ca.crt

# Add user credentials
kubectl config set-credentials my-new-user --client-certificate=/path/to/client.crt --client-key=/path/to/client.key

# Add Context (link cluster and user)
kubectl config set-context my-new-context --cluster=my-new-cluster --user=my-new-user --namespace=default

# Switch to the new Context
kubectl config use-context my-new-context

Properly managing the kubeconfig file enables efficient and secure operation of multiple Kubernetes environments.

References

関連記事