Generate a kubeconfig for a managed cluster using API¶
This section describes how to generate a managed cluster kubeconfig
using
the Container Cloud API. You can also download a managed cluster kubeconfig
using the Download Kubeconfig option in the Container Cloud web
UI. For details, see Connect to a Mirantis Container Cloud cluster.
To generate a managed cluster kubeconfig using API:
Obtain the following Container Cloud details:
Your
<username>
with the corresponding password that were created after the management cluster bootstrap as described in Create initial users after a management cluster bootstrap.The
kubeconfig
of your<username>
that you can download through the Container Cloud web UI using Download Kubeconfig located under your<username>
on the top-left of the page.
Obtain the
<cluster>
object of the<cluster_name>
managed cluster:kubectl get cluster <cluster_name> -n <project_name> -o yaml
Obtain the access token from Keycloak for the
<username>
user:curl -d 'client_id=<cluster.status.providerStatus.oidc.clientId>' --data-urlencode 'username=<username>' --data-urlencode 'password=<password>' -d 'grant_type=password' -d 'response_type=id_token' -d 'scope=openid' <cluster.status.providerStatus.oidc.issuerURL>/protocol/openid-connect/token
Generate the managed cluster
kubeconfig
using the data from<cluster.status>
and<token>
obtained in the previous steps. Use the following template as an example:apiVersion: v1 clusters: - name: <cluster_name> cluster: certificate-authority-data: <cluster.status.providerStatus.apiServerCertificate> server: https://<cluster.status.providerStatus.loadBalancerHost>:443 contexts: - context: cluster: <cluster_name> user: <username> name: <username>@<cluster_name> current-context: <username>@<cluster_name> kind: Config preferences: {} users: - name: <username> user: auth-provider: config: client-id: <cluster.status.providerStatus.oidc.clientId> idp-certificate-authority-data: <cluster.status.providerStatus.oidc.certificate> idp-issuer-url: <cluster.status.providerStatus.oidc.issuerUrl> refresh-token: <token.refresh_token> id-token: <token.id_token> name: oidc