Generate a kubeconfig for a MOSK cluster using API¶
This section describes how to generate a MOSK cluster
kubeconfig
using the Container Cloud API. You can also download a
MOSK cluster kubeconfig
using the
Download Kubeconfig option in the Container Cloud web UI. For
details, see Connect to a MOSK cluster.
To generate a MOSK cluster kubeconfig using API:
Obtain the following details:
Your
<username>
with the corresponding password that were created after the management cluster bootstrap as described in Container Cloud documentation: Create initial users after a management cluster bootstrap.The
kubeconfig
of your<username>
that you can download through the Container Cloud web UI using Download Kubeconfig located under your<username>
on the top-left of the page.
Obtain the
<cluster>
object of the<cluster_name>
MOSK cluster:kubectl get cluster <cluster_name> -n <project_name> -o yaml
Obtain the access token from Keycloak for the
<username>
user:curl -d 'client_id=<cluster.status.providerStatus.oidc.clientId>' --data-urlencode 'username=<username>' --data-urlencode 'password=<password>' -d 'grant_type=password' -d 'response_type=id_token' -d 'scope=openid' <cluster.status.providerStatus.oidc.issuerURL>/protocol/openid-connect/token
Generate the MOSK cluster
kubeconfig
using the data from<cluster.status>
and<token>
obtained in the previous steps. Use the following template as an example:apiVersion: v1 clusters: - name: <cluster_name> cluster: certificate-authority-data: <cluster.status.providerStatus.apiServerCertificate> server: https://<cluster.status.providerStatus.loadBalancerHost>:443 contexts: - context: cluster: <cluster_name> user: <username> name: <username>@<cluster_name> current-context: <username>@<cluster_name> kind: Config preferences: {} users: - name: <username> user: auth-provider: config: client-id: <cluster.status.providerStatus.oidc.clientId> idp-certificate-authority-data: <cluster.status.providerStatus.oidc.certificate> idp-issuer-url: <cluster.status.providerStatus.oidc.issuerUrl> refresh-token: <token.refresh_token> id-token: <token.id_token> name: oidc