fetch kubeconfig programmatically

[tareksha]

Hi,

I would like to fetch the kubeconfig of a cluster in my gardener project programmatically using REST calls (without a browser). Is there a REAPI API that I can call ?

I've noticed that the dashboard issues this request in order to fetch the kubeconfig of a cluster:

GET https://dashboard.garden.mydomain/api/namespaces/garden-myproject/shoots/mycluster/info

{
  "seedShootIngressDomain": "mycluster.myproject.ingress.blahblah",
  "kubeconfig": " ... ",
  "cluster_username": "...",
  "cluster_password": "...",
  "serverUrl": "https://api.mycluster.myproject.blahblah"
}

The request seems to contain a token in the Authorization header. Is it relevant? What REST doe this redirect to ?

[petersutter]

Hi @tareqhs,

with the dasboard you can create a service account / robot under the members section and download the kubeconfig for this service account. With that you can access the gardener cluster. Using this kubeconfig you can execute something like that to get the kubeconfig of your desired cluster.

kubectl -n garden-my-project get secret mycluster.kubeconfig -o json | jq -r .data.kubeconfig | base64 -d

IHTH

Best regards, Peter

[petersutter]

and when you use e.g. the kubectl -v=9 option you also see which api endpoint is called

GET https://my.gardener.host/api/v1/namespaces/garden-my-project/secrets/mycluster.kubeconfig

[tareksha]

hi @petersutter , thanks for the info. so there is no way to automate this on a cross-project level?

[petersutter]

No this is not possible with the service account that you can create under the members section in the dashboard. But in general it's possible but you need a more privileged user

[petersutter]

does this answer your question?

[grolu]

I will close the issue for now. Please reopen if your question is not answered.