- Print
- PDF
Creating/updating IAM authentication kubeconfig
- Print
- PDF
Available in VPC
Ncloud Kubernetes Service uses the ncp-iam-authenticator for IAM cluster authentication. You can update an existing file or create a new file by importing kubeconfig with IAM authentication through the ncp-iam-authenticator.
- For SubAccount, View/getClusterDetail and View/getClusterList permissions are required to create/update kubeconfig through
ncp-iam-authenticator
. - If authentication using
ncp-iam-authenticator
is difficult as 3rd-party services like Jenkins and GitHub Action are used, you can use authentication through service account tokens by referring to cluster permission control.
Set the ncp-iam-authenticator API authentication key value
API authentication key value must first be set up to use ncp-iam-authenticator
.
You can check the API authentication key in the My Page>Manage account>Manage authentication key menu after logging into the NAVER Cloud platform portal.
Set the API key in the OS environment variable or configure file. (OS environment variables take precedence over configure files.)
Set the OS environment variable.
$ export NCLOUD_ACCESS_KEY=ACCESSKEYIDACCESSKEY $ export NCLOUD_SECRET_KEY=SECRETACCESSKEYSECRETACCESSKEYSECRETACCE $ export NCLOUD_API_GW=https://ncloud.apigw.ntruss.com
The configure file in the user environment home directory's .ncloud folder
$ cat ~/.ncloud/configure [DEFAULT] ncloud_access_key_id = ACCESSKEYACCESSKEYAC ncloud_secret_access_key = SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECR ncloud_api_url = https://ncloud.apigw.ntruss.com [project] ncloud_access_key_id = ACCESSKEYACCESSKEYAC ncloud_secret_access_key = SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECR ncloud_api_url = https://ncloud.apigw.ntruss.com
If the Authentication key value cannot be checked, API key input is required during execution of the
ncp-iam-authenticator
command.Ncloud Access Key Id []: ACCESSKEYACCESSKEYAC Ncloud Secret Access Key []: SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECR Ncloud API URL []: https://ncloud.apigw.ntruss.com
In addition, you can set the Ncloud authentication key and whether to debug for each command using the following options:
Name Description Requirement status Default value credentialConfig Ncloud configure file path X ~/.ncloud/configure profile Profile in the Ncloud configure file X DEFAULT debug debug log output Y/N X false
Use the ncp-iam-authenticator update-kubeconfig command
If it is not the latest version of ncp-iam-authenticator, some commands are limited. So, it is recommended to reinstall the latest version.
Check if
ncp-iam-authenticator
has been installed. To installncp-iam-authenticator
, see Install ncp-iam-authenticator.Check the options to be used for the command.
NoteIf kubeconfig does not exist in the kubeconfig file path, create a new file in that path. If clusterName or userName is set, contextName will be set to
userName@clusterName
, but otherwise, it will be set tonks_<regionCode>_<clusterName>_<clusterUuid>
.Name Description Requirement status Default value clusterUuid Uuid of the cluster to be created in kubeconfig O region regionCode of the cluster to be created in kubeconfig
- KR, SGN, JPNO clusterName Name of the cluster to be set in kubeconfig X nks_<regionCode><clusterName><clusterUuid> userName Name of the cluster to be set in kubeconfig X nks_<regionCode><clusterName><clusterUuid> currentContext Whether to edit current-context to the newly applied context X true overwrite Whether to overwrite them if the cluster name, user name, and context name to be applied to kubeconfig overlap with the existing file X false kubeconfig File path of kubeconfig to be updated X First path set in the KUBECONFIG environment variable
If the KUBECONFIG environment variable is not set, ~/.kube/config.format File format of kubeconfig to be created
- yaml, jsonX yaml Referring to the table above, use the
ncp-iam-authenticator update-kubeconfig
command to add the cluster's config to the existing kubeconfig file.ncp-iam-authenticator update-kubeconfig --region <region-code> --clusterUuid <cluster-uuid>
Test the
kubectl
command with thekubeconfig
file created.$ kubectl get namespaces --kubeconfig kubeconfig.yaml NAME STATUS AGE default Active 1h kube-node-lease Active 1h kube-public Active 1h kube-system Active 1h kubernetes-dashboard Active 1h
Use the ncp-iam-authenticator create-kubeconfig command
If it is not the latest version of ncp-iam-authenticator, some commands are limited. So, it is recommended to reinstall the latest version.
Check if
ncp-iam-authenticator
has been installed. To installncp-iam-authenticator
, refer toncp-iam-authenticator
Installing.Check the options to be used for the command.
NoteIf clusterName or userName is set, contextName will be set to
userName@clusterName
, but otherwise, it will be set tonks_<regionCode>_<clusterName>_<clusterUuid>
.Name Description Requirement status Default value clusterUuid Uuid of the cluster to be created in kubeconfig O region regionCode of the cluster to be created in kubeconfig
- KR, SGN, JPNO clusterName Name of the cluster to be set in kubeconfig X nks_<regionCode><clusterName><clusterUuid> userName Name of the cluster to be set in kubeconfig X nks_<regionCode><clusterName><clusterUuid> output File path where kubeconfig will be saved (including filename) X kubeconfig-<clusterUuid>.<format> format File format of kubeconfig to be created
- yaml, jsonX yaml Referring to the above table, use the
ncp-iam-authenticator create-kubeconfig
command to create kubeconfig for the cluster.ncp-iam-authenticator create-kubeconfig --region <region-code> --clusterUuid <cluster-uuid> --output kubeconfig.yaml
Test the
kubectl
command with thekubeconfig
file created.$ kubectl get namespaces --kubeconfig kubeconfig.yaml NAME STATUS AGE default Active 1h kube-node-lease Active 1h kube-public Active 1h kube-system Active 1h kubernetes-dashboard Active 1h