Create and update IAM authentication kubeconfig

Prev Next

Available in VPC

Ncloud Kubernetes Service uses the ncp-iam-authenticator for IAM cluster authentication. You can update an existing file or create a new file by importing kubeconfig with IAM authentication through the ncp-iam-authenticator.

Note
  • For SubAccount, View/getClusterDetail and View/getClusterList permissions are required to create or update a kubeconfig file using the ncp-iam-authenticator.
  • If authentication using ncp-iam-authenticator is difficult due to third-party services like Jenkins or GitHub Actions, you can use service account tokens as an alternative by referring to Control cluster permissions.

Setting ncp-iam-authenticator API Authentication Key Value

To use the ncp-iam-authenticator, you must first configure the API authentication key value.

Note

You can check the API authentication key under My Account > Manage account and security > Manage security > Manage access > API Authentication Key in the NAVER Cloud Platform console.

Set the API key in the OS environment variable or configure file. (OS environment variables take precedence over configure files.)

  • Set the OS environment variable.
    $ export NCLOUD_ACCESS_KEY=ACCESSKEYIDACCESSKEY
$ export NCLOUD_SECRET_KEY=SECRETACCESSKEYSECRETACCESSKEYSECRETACCE
$ export NCLOUD_API_GW=https://ncloud.apigw.ntruss.com
  • The configure file in the user environment home directory's .ncloud folder.
    $ cat ~/.ncloud/configure
[DEFAULT]
ncloud_access_key_id = ACCESSKEYACCESSKEYAC
ncloud_secret_access_key = SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECR
ncloud_api_url = https://ncloud.apigw.ntruss.com

[project]
ncloud_access_key_id = ACCESSKEYACCESSKEYAC
ncloud_secret_access_key = SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECR
ncloud_api_url = https://ncloud.apigw.ntruss.com
  • If the authentication keys are not preconfigured, the ncp-iam-authenticator will prompt for API keys during execution.
    Ncloud Access Key Id []: ACCESSKEYACCESSKEYAC
Ncloud Secret Access Key []: SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECR
Ncloud API URL []: https://ncloud.apigw.ntruss.com
  • In addition, you can set the Ncloud authentication key and whether to debug for each command using the following options:
    Name Description Required Default
    credentialConfig ncloud configure file path X
    profile Profile in the ncloud configure file X
    debug debug log output Y/N X

Use the ncp-iam-authenticator update-kubeconfig command

Note

If the ncp-iam-authenticator is not the latest version, some commands are limited. Therefore, reinstalling the latest version is recommended.

  1. Make sure that the ncp-iam-authenticator is installed. Refer to the ncp-iam-authenticator installation guide for installation.

  2. Check the options to use for the command.

    Note

    If kubeconfig does not exist in the kubeconfig file path, create a new file in that path.
    If clusterName or userName is set, the contextName will be configured as userName@clusterName. Otherwise, it will be set to nks_<regionCode>_<clusterName>_<clusterUuid> as default.

    Name Description Required Default
    clusterUuid Uuid of the cluster to be created in kubeconfig O
    region regionCode of the cluster to be created in kubeconfig
    • KR, SGN, JPN
    		 O
    clusterName Name of the cluster to be set in kubeconfig X
    userName User name to be set in kubeconfig X
    currentContext Whether to edit current-context to the newly applied context X
    overwrite Whether to overwrite them if the cluster name, user name, and context name to be applied to kubeconfig overlap with the existing file X
    kubeconfig File path of kubeconfig to be updated X
    format File format of kubeconfig to be created
    • yaml, json
    		 X

  3. Referring to the table above, use the ncp-iam-authenticator update-kubeconfig command to add the cluster's config to the existing kubeconfig file.

    ncp-iam-authenticator update-kubeconfig --region <region-code> --clusterUuid <cluster-uuid>

  4. Test the kubectl command with the created Kubeconfig file.

    $ kubectl get namespaces --kubeconfig kubeconfig.yaml
NAME                    STATUS   AGE
default                 Active   1h
kube-node-lease         Active   1h
kube-public             Active   1h
kube-system             Active   1h
kubernetes-dashboard    Active   1h

Use ncp-iam-authenticator create-kubeconfig command

Note

If the ncp-iam-authenticator is not the latest version, some commands are limited. Therefore, reinstalling the latest version is recommended.

  1. Make sure that the ncp-iam-authenticator is installed. Refer to the ncp-iam-authenticator installation guide for installation.

  2. Check the options to use for the command.

    Note

    If clusterName or userName is set, the contextName will be configured as userName@clusterName. Otherwise, it will be set to nks_<regionCode>_<clusterName>_<clusterUuid> as default.

    Name Description Required Default
    clusterUuid Uuid of the cluster to be created in kubeconfig O
    region regionCode of the cluster to be created in kubeconfig
    • KR, SGN, JPN
    		 O
    clusterName Name of the cluster to be set in kubeconfig X
    userName Name of the cluster to be set in kubeconfig X
    output File path where kubeconfig will be saved (including filename) X
    format File format of kubeconfig to be created
    • yaml, json
    		 X

  3. Referring to the above table, use the ncp-iam-authenticator create-kubeconfig command to create kubeconfig for the cluster.

    ncp-iam-authenticator create-kubeconfig --region <region-code> --clusterUuid <cluster-uuid> --output kubeconfig.yaml

  4. Test the kubectl command with the created Kubeconfig file.

    $ kubectl get namespaces --kubeconfig kubeconfig.yaml
NAME                    STATUS   AGE
default                 Active   1h
kube-node-lease         Active   1h
kube-public             Active   1h
kube-system             Active   1h
kubernetes-dashboard    Active   1h