Breaking Down Kubeconfigs (Quick Start)

Michael Levan - Sep 21 '22 - - Dev Community

In this quickstart guide, you’re going to learn about what consists of a Kubeconfig and what each piece of the YAML means.

First, capture one of your Kubeconfigs on your local computer. It’s typically under ~/.kube.

Image description

Next, open up the config in an editor of your choosing or by using the cat command to view it.

Below is a sample config. Let’s break it down by splitting it piece by piece.



clusters:
- cluster:
    certificate-authority-data: some_string_here
    server: https://kubernetes.docker.internal:6443
  name: docker-desktop
- cluster:
    certificate-authority: /Users/michael/.minikube/ca.crt
    extensions:
    - extension:
        last-update: Thu, 08 Sep 2022 12:50:41 EDT
        provider: minikube.sigs.k8s.io
        version: v1.25.1
      name: cluster_info
    server: https://127.0.0.1:64599
  name: minikube
contexts:
- context:
    cluster: docker-desktop
    user: docker-desktop
  name: docker-desktop
- context:
    cluster: minikube
    extensions:
    - extension:
        last-update: Thu, 08 Sep 2022 12:50:41 EDT
        provider: minikube.sigs.k8s.io
        version: v1.25.1
      name: context_info
    namespace: default
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: docker-desktop
  user:
    client-certificate-data: some_string_here
    client-key-data: some_string_here
- name: minikube
  user:
    client-certificate: /Users/michael/.minikube/profiles/minikube/client.crt
    client-key: /Users/michael/.minikube/profiles/minikube/client.key


Enter fullscreen mode Exit fullscreen mode

First things first - a kubeconfig is how you, the user, interacts with Kubernetes. To interact with a Kubernetes cluster, the kubeconfig needs information about your cluster. The first section of the config is the server name, certificate authority, server URL, Kubernetes API version, and metadata information about when the cluster has been updated. This is the actual connection piece to a cluster. You can have more than one cluster listed in a Kubeconfig depending on how many clusters you connect to.



clusters:
- cluster:
    certificate-authority-data: some_string_here
    server: https://kubernetes.docker.internal:6443
  name: docker-desktop
- cluster:
    certificate-authority: /Users/michael/.minikube/ca.crt
    extensions:
    - extension:
        last-update: Thu, 08 Sep 2022 12:50:41 EDT
        provider: minikube.sigs.k8s.io
        version: v1.25.1
      name: cluster_info
    server: https://127.0.0.1:64599
  name: minikube


Enter fullscreen mode Exit fullscreen mode

Next, there’s the context. The context is the configuration itself to the cluster. Like the cluster section of a config, you can have multiple contexts. The context consist of the username of the user using the Kubernetes cluster, the users default namespace, and the cluster information that the user is connecting to.



contexts:
- context:
    cluster: docker-desktop
    user: docker-desktop
  name: docker-desktop
- context:
    cluster: minikube
    extensions:
    - extension:
        last-update: Thu, 08 Sep 2022 12:50:41 EDT
        provider: minikube.sigs.k8s.io
        version: v1.25.1
      name: context_info
    namespace: default
    user: minikube
  name: minikube


Enter fullscreen mode Exit fullscreen mode

The current context states what Kubernetes cluster inside of the config you have on your computer you’re currently connected to. You can change this to point to another cluster as long as you have appropriate access to said cluster.



current-context: minikube


Enter fullscreen mode Exit fullscreen mode

The last piece is the config, which is a Kubernetes resource/object itself. It specifies the user that’ll be used to connect to the current Kubernetes cluster, the name of the current Kubernetes cluster in the context, and the authorization (client cert and key) used so the current user that’s associated with the config can connect to the cluster.



kind: Config
preferences: {}
users:
- name: docker-desktop
  user:
    client-certificate-data: some_string_here
    client-key-data: some_string_here
- name: minikube
  user:
    client-certificate: /Users/michael/.minikube/profiles/minikube/client.crt
    client-key: /Users/michael/.minikube/profiles/minikube/client.key


Enter fullscreen mode Exit fullscreen mode
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .