Creating/updating IAM authentication kubeconfig
- Print
- PDF
Creating/updating IAM authentication kubeconfig
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in VPC
Ncloud Kubernetes Service uses the ncp-iam-authenticator for IAM cluster authentication. You can update an existing file or create a new file by importing kubeconfig with IAM authentication through the ncp-iam-authenticator.
Note
- For SubAccount, View/getClusterDetail and View/getClusterList permissions are required to create/update kubeconfig through
ncp-iam-authenticator. - If authentication using
ncp-iam-authenticatoris difficult as 3rd-party services like Jenkins and GitHub Action are used, you can use authentication through service account tokens by referring to cluster permission control.
Set the ncp-iam-authenticator API authentication key value
API authentication key value must first be set up to use ncp-iam-authenticator.
Note
You can check the API authentication key in the My Page>Manage account>Manage authentication key menu after logging into the NAVER Cloud platform portal.
Set the API key in the OS environment variable or configure file. (OS environment variables take precedence over configure files.)
Set the OS environment variable.
$ export NCLOUD_ACCESS_KEY=ACCESSKEYIDACCESSKEY $ export NCLOUD_SECRET_KEY=SECRETACCESSKEYSECRETACCESSKEYSECRETACCE $ export NCLOUD_API_GW=https://ncloud.apigw.ntruss.comThe configure file in the user environment home directory's .ncloud folder
$ cat ~/.ncloud/configure [DEFAULT] ncloud_access_key_id = ACCESSKEYACCESSKEYAC ncloud_secret_access_key = SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECR ncloud_api_url = https://ncloud.apigw.ntruss.com [project] ncloud_access_key_id = ACCESSKEYACCESSKEYAC ncloud_secret_access_key = SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECR ncloud_api_url = https://ncloud.apigw.ntruss.comIf the Authentication key value cannot be checked, API key input is required during execution of the
ncp-iam-authenticatorcommand.Ncloud Access Key Id []: ACCESSKEYACCESSKEYAC Ncloud Secret Access Key []: SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECR Ncloud API URL []: https://ncloud.apigw.ntruss.comIn addition, you can set the Ncloud authentication key and whether to debug for each command using the following options:
Name Description Requirement status Default value credentialConfig Ncloud configure file path X ~/.ncloud/configure profile Profile in the Ncloud configure file X DEFAULT debug debug log output Y/N X false
Use the ncp-iam-authenticator update-kubeconfig command
Note
If it is not the latest version of ncp-iam-authenticator, some commands are limited. So, it is recommended to reinstall the latest version.
Check if
ncp-iam-authenticatorhas been installed. To installncp-iam-authenticator, see Install ncp-iam-authenticator.Check the options to be used for the command.
NoteIf kubeconfig does not exist in the kubeconfig file path, create a new file in that path. If clusterName or userName is set, contextName will be set to
userName@clusterName, but otherwise, it will be set tonks_<regionCode>_<clusterName>_<clusterUuid>.Name Description Requirement status Default value clusterUuid Uuid of the cluster to be created in kubeconfig O region regionCode of the cluster to be created in kubeconfig
- KR, SGN, JPNO clusterName Name of the cluster to be set in kubeconfig X nks_<regionCode><clusterName><clusterUuid> userName Name of the cluster to be set in kubeconfig X nks_<regionCode><clusterName><clusterUuid> currentContext Whether to edit current-context to the newly applied context X true overwrite Whether to overwrite them if the cluster name, user name, and context name to be applied to kubeconfig overlap with the existing file X false kubeconfig File path of kubeconfig to be updated X First path set in the KUBECONFIG environment variable
If the KUBECONFIG environment variable is not set, ~/.kube/config.format File format of kubeconfig to be created
- yaml, jsonX yaml Referring to the table above, use the
ncp-iam-authenticator update-kubeconfigcommand to add the cluster's config to the existing kubeconfig file.ncp-iam-authenticator update-kubeconfig --region <region-code> --clusterUuid <cluster-uuid>Test the
kubectlcommand with thekubeconfigfile created.$ kubectl get namespaces --kubeconfig kubeconfig.yaml NAME STATUS AGE default Active 1h kube-node-lease Active 1h kube-public Active 1h kube-system Active 1h kubernetes-dashboard Active 1h
Use the ncp-iam-authenticator create-kubeconfig command
Note
If it is not the latest version of ncp-iam-authenticator, some commands are limited. So, it is recommended to reinstall the latest version.
Check if
ncp-iam-authenticatorhas been installed. To installncp-iam-authenticator, refer toncp-iam-authenticatorInstalling.Check the options to be used for the command.
NoteIf clusterName or userName is set, contextName will be set to
userName@clusterName, but otherwise, it will be set tonks_<regionCode>_<clusterName>_<clusterUuid>.Name Description Requirement status Default value clusterUuid Uuid of the cluster to be created in kubeconfig O region regionCode of the cluster to be created in kubeconfig
- KR, SGN, JPNO clusterName Name of the cluster to be set in kubeconfig X nks_<regionCode><clusterName><clusterUuid> userName Name of the cluster to be set in kubeconfig X nks_<regionCode><clusterName><clusterUuid> output File path where kubeconfig will be saved (including filename) X kubeconfig-<clusterUuid>.<format> format File format of kubeconfig to be created
- yaml, jsonX yaml Referring to the above table, use the
ncp-iam-authenticator create-kubeconfigcommand to create kubeconfig for the cluster.ncp-iam-authenticator create-kubeconfig --region <region-code> --clusterUuid <cluster-uuid> --output kubeconfig.yamlTest the
kubectlcommand with thekubeconfigfile created.$ kubectl get namespaces --kubeconfig kubeconfig.yaml NAME STATUS AGE default Active 1h kube-node-lease Active 1h kube-public Active 1h kube-system Active 1h kubernetes-dashboard Active 1h
Was this article helpful?