Misusing kubeconfigs

When you use kubectl to do something on a cluster, it iterates through each file listed in the KUBECONFIG environment variable and it uses the first one that matches. This can be a problem if you have multiple contexts with the same name as it’ll choose the first one it finds rather than the one you expected.


These can be use to provision access tokens when required, https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins

minikube kubectl –ssh – get ns

minikube kubectl –ssh – create ns example-admin minikube kubectl –ssh – –namespace example-admin create sa example-admin

minikube kubectl –ssh – create clusterrolebinding example-admin-binding –clusterrole=cluster-admin –serviceaccount=example-admin:example-admin

minikube kubectl –ssh – –names pace example-admin create token example-admin –duration 10m

Turn this in to a blog post

apiVersion: v1 clusters:

  • cluster: certificate-authority: /home/rtweed/.minikube/ca.crt extensions:
    • extension: last-update: Thu, 16 Nov 2023 17:17:01 GMT provider: minikube.sigs.k8s.io version: v1.30.1 name: cluster_info server: name: minikube-manual contexts:
  • context: cluster: minikube-manual user: minikube-manual name: minikube-manual current-context: minikube-manual kind: Config preferences: {} users:
  • name: minikube-manual user: auth-provider: config: cmd-args: kubectl –ssh – –namespace example-admin create token example-admin –duration 10m -ojson cmd-path: minikube expiry-key: ‘{.status.expirationTimestamp}’ token-key: ‘{.status.token}’ name: gcp # magic to make this work

Copyright © 2024 Richard Finlay Tweed. All rights reserved. All views expressed are my own