The kubeconfig files are used in Kubernetes to store cluster authentication information and configuration details such as API server endpoint, client certificates, and API access tokens. They allow you to easily switch between different clusters and authentication contexts, making it easier to manage multiple Kubernetes clusters and control access to resources within those clusters.
The kubeconfig file is used by the kubectl command line tool, as well as other Kubernetes tools, to communicate with a specific cluster and perform operations on the resources in that cluster.
Pre-Requisite
kubectl
Generating Kubernetes Configuration Files for Authentication
It's always a good practice to use exact file paths for certificates in kubeconfigs that will be used later on by other services. When the certificates are updated, it's not necessary to generate the config files again. But if the certificate data was embedded in the config, it would have to be regenerated with the new certificate data.
kubeconfig generation.User configs, like admin.kubeconfig will have the certificate info embedded within them.
Generating kubeconfig files
We will now generate kubeconfig files for the different components in our cluster, like the controller manager, cluster-admin, kube-proxy and kube-scheduler .
For thekubeconfig to work correctly, it requires a Kubernetes API Server to connect to, without which it's unusable. We'll provide the public IP of our master node into a shell variable so that it can be used later during the generation of kubeconfigs for the services that run on worker nodes. The controller manager and scheduler need to talk to the local API server; hence they use the localhost address in their respective configs.
MASTER="192.168.1.22"Let's work on generating the Kubernetes configuration files one by one.
1. kube-proxy
To generate a kubeconfig file for the kube-proxy service, follow the commands below:
#Commands to generate kubeconfig for kube-proxy service
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=/var/lib/kubernetes/pki/ca.crt \
--server=https://${MASTER}:6443 \
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-credentials system:kube-proxy \
--client-certificate=/var/lib/kubernetes/pki/kube-proxy.crt \
--client-key=/var/lib/kubernetes/pki/kube-proxy.key \
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=system:kube-proxy \
--kubeconfig=kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfigkubeconfig for kube-proxy service2. kube-controller-manager
To generate a kubeconfig file for the kube-controller-manager service, follow the commands below:
#Commands to generate kubeconfig for kube-controller-manager service
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=/var/lib/kubernetes/pki/ca.crt \
--server=https://127.0.0.1:6443 \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-credentials system:kube-controller-manager \
--client-certificate=/var/lib/kubernetes/pki/kube-controller-manager.crt \
--client-key=/var/lib/kubernetes/pki/kube-controller-manager.key \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=system:kube-controller-manager \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
kubeconfig for kube-controller-manager service3. kube-scheduler
To generate a kubeconfig file for the kube-scheduler service, follow the commands below:
#Commands to generate kubeconfig file for kube-scheduler service
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=/var/lib/kubernetes/pki/ca.crt \
--server=https://127.0.0.1:6443 \
--kubeconfig=kube-scheduler.kubeconfig
kubectl config set-credentials system:kube-scheduler \
--client-certificate=/var/lib/kubernetes/pki/kube-scheduler.crt \
--client-key=/var/lib/kubernetes/pki/kube-scheduler.key \
--kubeconfig=kube-scheduler.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=system:kube-scheduler \
--kubeconfig=kube-scheduler.kubeconfig
kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfigkubeconfig for kube-scheduler service4. cluster-admin
To generate a kubeconfig file for the admin user, follow the commands below:
#Commands to generate kubeconfig for admin user
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=ca.crt \
--embed-certs=true \
--server=https://127.0.0.1:6443 \
--kubeconfig=admin.kubeconfig
kubectl config set-credentials admin \
--client-certificate=admin.crt \
--client-key=admin.key \
--embed-certs=true \
--kubeconfig=admin.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=admin \
--kubeconfig=admin.kubeconfig
kubectl config use-context default --kubeconfig=admin.kubeconfig
kubeconfig for admin userNow, we need to copy the generated kubeconfig files to the worker node. To do so, we'll run the command below:
scp kube-proxy.kubeconfig kube-scheduler.kubeconfig kube-controller-manager.kubeconfig admin.kubeconfig username@192.168.1.5:~/Conclusion
In this article, we learned to generate configuration files for our Kubernetes components. We also learned the purpose of using kubeconfig files and took another step towards building an entire Kubernetes cluster from scratch.
For more, subscribe! Leave a comment below if you have any queries or find any discrepancies in the article.