we recommend https://github.com/int128/kubelogin
kube-config is a simple command line tool to authenticate and generate kubernetes configurations for your clusters
At its core, kube-config is based on the reference documentation of a dex client, that heavily utilizes go-oidc and golang package oauth2
- Tier-based approach to cluster configs and authentication (
-t) to allow for varying environments (i.e.dev,prod) - Ability to directly select current-context cluster, namespace and username (
-c,-n,-uresp.) - Specify config directory location with (
-o)
Upon execution, kube-config will:
- Open up the user's default web browser to localhost, and prompt the user to login
- Pass all the login information through to Dex which will generate a Kubernetes token
- Generate a kubernetes bearer token which can be used to authenticate to the cluster
- Create a kubeconfig file at the default
~/.kube/config.d/or specified location
$ brew tap apptio/tap
$ brew update
$ brew install kube-config$ go version # Ensure you have go at least
go version go1.12.6 linux/amd64
$ git clone https://github.com/apptio/kube-config
$ cd kube-config
$ GOBIN=$HOME/go/bin go install
$ mkdir -p ~/.kube-config
$ cp ./kube-config.yml ~/.kube-config/Note: Ensure
$HOME/go/bin/is added to your path like so:PATH="${PATH}:${HOME}/go/bin"at the end of your~/.bashrcor~/.zshrc
There are a lot of options for kube-config, but the defaults should be fine for 99% of use cases. All you need is a YAML configuration file at $HOME/.kube-config/kube-config.yml that describes your various clusters and tiers:
client-secret: <your_dex_secret_here>
clusters:
- name: cluster1
address: cluster1.example.com
tier: dev
- name: cluster2
address: cluster2.example.com
tier: devOnce you have your configuration file, simply run the tool:
# defaults to "--tier=dev"
kube-config
If you want to write your KUBECONFIG to a specific directory, use --output|-o and specify the path:
# defaults to outputting "<tier>-config.conf" in the specified dir
kube-config --output /home/lbriggs/.kube/config.d
kube-config flags from the --help output:
Flags:
--caservername string Servername for CA service
-c, --cluster string Cluster to use as current-context (default is first in config)
--debug Print all request and responses from the OpenID Connect issuer
-h, --help help for kube-config
--list-tiers If specified, the program will list the available tiers and then exit
-n, --namespace string Set your default namespace across ALL contexts in the tier
-k, --no-verify-ssl If specified, disable SSL cert checking (WARNING: UNSAFE)
-o, --output string Path to write Kubeconfig file (default "/home/lbriggs/.kube/config.d")
-g, --print-groups If specified, will print out the AD groups you belong to
-t, --tier string Tier to authenticate for (default "dev")
-u, --username string Username for login
Run kube config with a tier and cluster target:
$ kube-config --tier=dev --cluster=cluster1 # OR
$ kube-config -t dev -c cluster1Targeting a specific tier, cluster and namespace:
$ kube-config --tier=dev --cluster=cluster1 --namespace=kube-system #OR
$ kube-config -t dev -c cluster1 -n kube-systemNote:
kubectxis a great tool to change contexts quickly, but it's covenient sometimes to just start where you want withkube-configif you haven't yet auth'd for the day.Note: Without
-c / --clusterkube-configwill select the first cluster in the config for yourcurrent-context.
We use go itself for dependencies, so simply download them by running:
cd kube-config
go mod downloadand then build using the standard GO build tools:
go build -o kube-config .