In order to use our products, a Kubernetes credentials file – commonly called kubeconfig file – is required to grant us access and permissions to your cluster.
This guide will walk you through the generation process of a kubeconfig file for a specific service account of your cluster.
Automatic generation
If you’re in a hurry, or don’t want to get lost in commands, you can use our hand-crafted Bash script which will do the heavy lifting for you! It takes the service account name as its sole argument and will generate the file in the current directory.
Change <myserviceaccount> with the name of the service account you wish to create a kubeconfig file for. For KuboScore, it should be ksa-kuboscore. For KuboVisor, it should be ksa-kubovisor.
If you want to use a different namespace, cluster or context, just use the --namespace, --cluster and --context flags like you would normally do with kubectl.
Manual generation
Don’t trust our Bash script? Don’t have Bash? We got you covered!
Prerequisites
Following content assumes that kubectl binaryis installed on your system and you have permissions to get the following objects from the namespace where the service account lives:
ServiceAccounts
Secrets
Execute the following commands to make sure you have enough permissions.
Replace <namespace> with the actual name of the namespace.
If you have the right permissions, both commands should return yes as a result.
If the output to one of these commands is no, it means the credentials you’re using don’t have enough permissions to get the requested resource. Make sure you’re using the correct credentials or contact your cluster administrator.
Prepare your environment
Replace <namespace> by the actual namespace name and <service_account_name> by the actual service account name.
Differences between Kubernetes 1.24+ and before
If your cluster version is 1.24+ (or if you have the LegacyServiceAccountTokenNoAutoGeneration feature gate enabled), you will have to manually generate an authentication token by creating the following Secret for the ServiceAccount.