Closed gaedemischwarz closed 1 year ago
ahmetb
commented
1 year ago I think your problem is with the structure of the kubeconfig files you've created. I don't think kubectx does anything relevant here. It only updates current-context field --and if you are using KUBECONFIG files that contain only 1 cluster, I don't think you need to use kubectx.
I recommend reading up on the format of kubeconfig files and how user/cluster/context objects relate to one another.
gaedemischwarz
commented
1 year ago Hello Ahmet,
i am using for each Cluster one File. After adding different Files into a Folder and adding them each to the $KUBECONFIG
i needed to add the Client Key by executing the following Command.
$ kubectl config set-credentials $USER \ --client-key=$HOME/.ssh/id_rsa \ --embed-certs=true
to the first Cluster i am able to Connect. But not to the other ones which are in different Files.
ahmetb
commented
1 year ago I recommend actually editing the YAML file manually and not using kubectl config commands. When their contents are right in front of you, you can see what's missing between two files.
And again, this is not a kubectx problem.
What happened?
Hello,
we wan't to implement the X509 Authentication to different Kubernetes Clsuters. For this we followed and automated the kubeconfig creation like docuemnted on this Blog. https://betterprogramming.pub/k8s-tips-give-access-to-your-clusterwith-a-client-certificate-dfb3b71a76fe
so this means for every Cluster we have one kubeconfig which are loaded in the $KUBECONFIG ENV Variable.
the login to the 1st Cluster is working fine. To all the others mostly we then have the Problem of "You must be logged in"
-------------------------------------------------
gaedemi-shoot--aut8slzmrz--dev01 gaedemi-shoot--aut8slzmrz--infra gaedemi@SIT-SMBP1818 ~ % kubectl get pods NAME READY STATUS RESTARTS AGE chartmuseum-7d5997c447-zjpwp 1/1 Running 0 4d15h customer1-0 1/1 Running 0 4d15h gaedemi@SIT-SMBP1818 ~ % kubectx gaedemi-shoot--aut8slzmrz--dev01 gaedemi-shoot--aut8slzmrz--infra gaedemi@SIT-SMBP1818 ~ % kubectx gaedemi-shoot--aut8slzmrz--infra Switched to context "gaedemi-shoot--aut8slzmrz--infra". gaedemi@SIT-SMBP1818 ~ % kubectl get pods error: You must be logged in to the server (Unauthorized)
-----------------------
we are using the same Clusterrole, the same Rolebinding and also the same Way of approving the Certificate Signing Request. We tested this with config in multiple config Files and also with merged configs in one File. The Issue is the same.
Merging the Configs into one File by using "kubectl config view --flatten" and switching the Context in kubectl is working Fine.
Kind Regards Michael Gäde
What did you expect to happen?
create one ore more Configs to connect to each Cluster with a Client Certificate like documented on https://betterprogramming.pub/k8s-tips-give-access-to-your-clusterwith-a-client-certificate-dfb3b71a76fe How can we reproduce it (as minimally and precisely as possible)?
just try to connect to different Clusters like documented on the given Website Anything else we need to know?