Skip to Content

Kubectl - configuration

Kubernetes client tools configuration - cheat sheet!

Share on:

Kubectl client gives us possibility to configure and switch easy between multiple K8s clusters.

Config files location for kubectl

Main location for kubectl config files is $HOME/.kube, by default we have single config file named config:

[node1 ~]$ cd $HOME/.kube
[node1 .kube]$ ls -lah
total 4.0K
drwxr-xr-x 1 root root   37 Mar 12 20:48 .
dr-xr-x--- 1 root root   19 Nov 29 11:46 ..
drwxr-x--- 3 root root   23 Mar 12 20:48 cache
lrwxrwxrwx 1 root root   26 Nov 29 11:46 config -> /etc/kubernetes/admin.conf
drwxr-x--- 3 root root 4.0K Mar 12 20:48 http-cache

Multiple config files and KUBECONFIG variable

We can have multiple config files by setting proper KUBECONFIG shell variable.
For example:

export KUBECONFIG=$KUBECONFIG:/root/.kube/additional_config

Check config from kubectl

We can check current config(it will be empty because I don’t have anything in additional_config file - we’ll add something later - and this is only file in my KUBECONFIG variable):

[node1 ~]$ kubectl config view
apiVersion: v1
clusters: []
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []

Or from specific file - let’s see default file:

[node1 ~]$ kubectl config --kubeconfig=.kube/config view
apiVersion: v1
- cluster:
    certificate-authority-data: DATA+OMITTED
  name: kubernetes
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
- name: kubernetes-admin
    client-certificate-data: REDACTED
    client-key-data: REDACTED

If you don’t set KUBECONFIG variable all configuration will be taken from $HOME/.kube/config

Objects in kubectl config

kubectl has in his config files following object types:

  • clusters - info about K8s cluster - contain cluster name and connection parameters
  • users - info about users by which you want connect to K8s clusters
  • contexts - triple of cluster/user/namespace

Modifying config from kubectl

Add cluster

[node1 ~]$ kubectl config --kubeconfig=.kube/additional_config set-cluster dev --server= --certificate-authority=fake-ca
Cluster "dev" set.
[node1 ~]$ kubectl config --kubeconfig=.kube/additional_config set-cluster prod --server= --certificate-authority=fake-ca
Cluster "prod" set.

Add users

[node1 ~]$ kubectl config --kubeconfig=.kube/additional_config set-credentials developer --client-certificate=fake-cert-file --client-key=fake-key-seefile
User "developer" set.
[node1 ~]$ kubectl config --kubeconfig=.kube/additional_config set-credentials prod_admin --client-certificate=fake-cert-file --client-key=fake-key-seefile
User "prod_admin" set.

Add contexts

[node1 ~]$ kubectl config --kubeconfig=.kube/additional_config set-context simple_app_development --cluster=dev --namespace=simple_app_dev --user=developer
Context "simple_app_development" created.
[node1 ~]$ kubectl config --kubeconfig=.kube/additional_config set-context simple_app_production --cluster=prod --namespace=simple_app_prod --user=prod_admin
Context "simple_app_production" created.

Delete cluster/user/context from config

kubectl --kubeconfig=.kube/additional_config config unset users.<name>
kubectl --kubeconfig=.kube/additional_config config unset clusters.<name>
kubectl --kubeconfig=.kube/additional_config config unset contexts.<name>

Sample config

[node1 ~]$ kubectl config --kubeconfig=.kube/additional_config view
apiVersion: v1
- cluster:
    certificate-authority: /root/fake-ca
  name: dev
- cluster:
    certificate-authority: /root/fake-ca
  name: prod
- context:
    cluster: dev
    namespace: simple_app_dev
    user: developer
  name: simple_app_development
- context:
    cluster: prod
    namespace: simple_app_prod
    user: prod_admin
  name: simple_app_production
current-context: ""
kind: Config
preferences: {}
- name: developer
    client-certificate: /root/fake-cert-file
    client-key: /root/fake-key-seefile
- name: prod_admin
    client-certificate: /root/fake-cert-file
    client-key: /root/fake-key-seefile

Changing context we working with

To get list of contexts(no need for --kubeconfig because we have our additional_config added to KUBECONFIG variable):

[node1 ~]$ kubectl config get-contexts
          simple_app_development   dev       developer    simple_app_dev
          simple_app_production    prod      prod_admin   simple_app_prod

To set context:

[node1 ~]$ kubectl config use-context simple_app_development
Switched to context "simple_app_development".

To get current context:

[node1 ~]$ kubectl config current-context

For those that want to know even more… Worth to read!

Kubeconfig context as bash prompt - Georgi from Gardener - shell tricks and Windows CLI aproach