Problem scenario
You want to manually create a config file for Kubernetes. (You do not want to run aws eks update-kubeconfig --name foobar
.) How do you do this?
Solution
These directions are most suited for Amazon EKS. But they could be adapted for clusters running in other environments (not just AWS). If you are using GCP, go to the very bottom of the directions and skip the rest.
1. Go to your home directory: cd ~
2. Create a .kube file: mkdir .kube
3. Go inside this directory: cd .kube
4. Replace "foobar" with the name of your cluster, and run this: vi config-foobar
5. Paste the following inside it:
apiVersion: v1
clusters:
- cluster:
server: <endpoint-url>
certificate-authority-data: <base64-encoded-ca-cert>
name: <role-arn>
contexts:
- context:
cluster: <role-arn>
user: <role-arn>
name: <role-arn>
current-context: <role-arn>
kind: Config
preferences: {}
users:
- name: <role-arn>
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- "token"
- "-i"
- "<cluster-name>"
command: aws-iam-authenticator
6. Follow these four steps (each quoted from https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html ), and get the values you need by going to this link https://us-east-2.console.aws.amazon.com/eks/home? in a web UI and then click on the cluster for which you want to configure and use.
- Replace the <endpoint-url> with the endpoint URL that was created for your cluster. (It will appear under the "API server endpoint" value.)
- Replace the <base64-encoded-ca-cert> with the certificateAuthority.data that was created for your cluster. (It will appear under the "Certificate Authority" value.)
- Replace the <cluster-name> with your cluster name.
- Replace the <role-arn> with the value for the "Role ARN" as the web UI shows.
For GCP
To automatically generate a new kubeconfig file when you are using GCP's Kubernetes, run this command: gcloud container clusters get-credentials "CONTINT"
Replace "CONTINT" with the name of the cluster you want the kubeconfig file to be for.