Skip to content

Instantly share code, notes, and snippets.

@snoby

snoby/setup_credentials.md

Created March 12, 2018 12:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save snoby/c7258e3691bdf8c1b2eba33632e59a47 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save snoby/c7258e3691bdf8c1b2eba33632e59a47 to your computer and use it in GitHub Desktop.
Download ZIP
Configuring kubecfg and github authrizatino
Raw
setup_credentials.md

Setup your own personal kubeconfig

Generate the Token

Take the blank version of the kubeconfig file located here:

xxxxxxxx

And now you need to generate your own token to access the kubernetes token. We use the public github to authenticate against ( Just like we do with vault). To generate your own pwersonal access token:

  • go to github.com ( make sure you are part of the tropo/tropo-operations organization)
  • Click on your profile picture and go down to settings -> Developer settings->Personal access tokens
  • Next click Generate new token
  • For Token description put in whatever will identify this to you. I usually put in for which cluster this token is used for.
  • For Scopes all you have to select is under (admin:org) just select read:org. That is all the information that we need.
  • Now select Generate

You will now have a new Personal Access Token, you must write this down as you will not see this ever again.

Create your kubeconfig

** Before you do this step **

Your cluster admin needs to have created a cluster role for you!!!!

We now have to configure you kubeconfig file to use this new personal access token with the kubernetes cluster.

  • Download the blank version of the kubeconfig file. This can be found in vault under xxx/xxxx/xxxx/xxx
  • Tell kubectl to use this new kubeconfig file... There are lots and lots of ways to handle manipulating your kubeconfig file. For now let's backup your current file and replace it with or blank version.
    • cd ~/.kube/ && cp -rf config backup_config
    • copy your blank version into your ~/.kube/ directory as config

This is what kubectl config view should report to you:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://proxy.api.east-prod.k8s.example.com
  name: east-prod.k8s.example.com
contexts:
- context:
    cluster: east-prod.k8s.example.com
    user: east-prod.k8s.example.com
  name: east-prod.k8s.example.com
current-context: east-prod.k8s.example.com
kind: Config
preferences: {}
users: []

Now we need to customize this config file for your personal github access token. ** NOTE: ** The user must be github

kubectl config set-credentials github --token e64c1aae4ac0e2fafafaafafafa64084cf17addf8c

Now we have to create a context that is associated with the cluster and your credentials you just set. ** NOTE: ** The user must be github

kubectl config set-context east-prod --user github --cluster east-prod.k8s.example.com

Now test out to see if you have authorization to list the pods:

[:~/.kube] $ kubectl auth can-i list pods --context east-prod
yes

If it says no here it could be because your admin has not associated your github name to a cluster role. THIS MUST BE DONE!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment