The kubeconfig files are used in Kubernetes to store cluster authentication information and configuration details such as API server endpoint, client certificates, and API access tokens. They allow you to easily switch between different clusters and authentication contexts, making it easier to manage multiple Kubernetes clusters and control access to resources within those clusters.
The kubeconfig file is used by the kubectl command line tool, as well as other Kubernetes tools, to communicate with a specific cluster and perform operations on the resources in that cluster.
Generating Kubernetes Configuration Files for Authentication
It's always a good practice to use exact file paths for certificates in kubeconfigs that will be used later on by other services. When the certificates are updated, it's not necessary to generate the config files again. But if the certificate data was embedded in the config, it would have to be regenerated with the new certificate data.
The certs will be placed later on as the certificate files don't exist in the paths we specify during kubeconfig generation.
User configs, like admin.kubeconfig will have the certificate info embedded within them.
Generating kubeconfig files
We will now generate kubeconfig files for the different components in our cluster, like the controller manager, cluster-admin, kube-proxy and kube-scheduler .
For thekubeconfig to work correctly, it requires a Kubernetes API Server to connect to, without which it's unusable. We'll provide the public IP of our master node into a shell variable so that it can be used later during the generation of kubeconfigs for the services that run on worker nodes. The controller manager and scheduler need to talk to the local API server; hence they use the localhost address in their respective configs.
The IP address can be different in your case. Use the actual IP of your node, whether public or private. Also, make sure that the master and worker nodes can communicate with each other. This can be done with a simple ping test on Linux machines.
Let's work on generating the Kubernetes configuration files one by one.
To generate a kubeconfig file for the kube-proxy service, follow the commands below:
To generate a kubeconfig file for the kube-controller-manager service, follow the commands below:
To generate a kubeconfig file for the kube-scheduler service, follow the commands below:
To generate a kubeconfig file for the admin user, follow the commands below:
Now, we need to copy the generated kubeconfig files to the worker node. To do so, we'll run the command below:
The above files will be placed in the user's home directory, and the file location will be updated in later articles.
In this article, we learned to generate configuration files for our Kubernetes components. We also learned the purpose of using kubeconfig files and took another step towards building an entire Kubernetes cluster from scratch.
For more, subscribe! Leave a comment below if you have any queries or find any discrepancies in the article.