Skip to content

NimTechnology

Trình bày các công nghệ CLOUD một cách dễ hiểu.

  • Kubernetes & Container
    • Docker
    • Kubernetes
      • Ingress
    • Helm Chart
    • Isito-EnvoyFilter
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Vault
    • Longhorn – Storage
    • VictoriaMetrics
  • CI/CD
    • ArgoCD
    • ArgoWorkflows
    • Spinnaker
    • Jenkins
    • Harbor
    • TeamCity
    • Git
      • Bitbucket
  • Coding
    • Terraform
      • GCP – Google Cloud
      • AWS – Amazon Web Service
    • Golang
    • Laravel
    • Python
    • Jquery & JavaScript
    • Selenium
  • Log & Monitor
    • Prometheus
    • Grafana
    • ELK
      • Kibana
      • Logstash
  • BareMetal
  • Toggle search form

[kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd

Posted on January 12, 2023 By nim No Comments on [kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd

Bài này mình sẽ note 1 số thứ kiên quan đến việc tạo kube configuration từ 1 service account đã tồn tại
bạn có thể lấy nó từ k8s hay argocd.

Contents

  • Create a kubectl config file for serviceaccount
  • Create a kubectl config file from the cluster secret of Argocd

Create a kubectl config file for serviceaccount

Bạn có thể tham khảo link bên dưới:

https://stackoverflow.com/questions/47770676/how-to-create-a-kubectl-config-file-for-serviceaccount

# your server name goes here
server=https://localhost:8443
# the name of the secret containing the service account token goes here
name=default-token-sg96k

ca=$(kubectl get secret/$name -o jsonpath='{.data.ca\.crt}')
token=$(kubectl get secret/$name -o jsonpath='{.data.token}' | base64 --decode)
namespace=$(kubectl get secret/$name -o jsonpath='{.data.namespace}' | base64 --decode)

echo "
apiVersion: v1
kind: Config
clusters:
- name: default-cluster
  cluster:
    certificate-authority-data: ${ca}
    server: ${server}
contexts:
- name: default-context
  context:
    cluster: default-cluster
    namespace: default
    user: default-user
current-context: default-context
users:
- name: default-user
  user:
    token: ${token}
" > sa.kubeconfig

Create a kubectl config file from the cluster secret of Argocd

Bạn cũng sẽ thấy là khi bạn add 1 k8s cluster trên argocd.
thì argocd sẽ create 1 secret.

Chúng ta sẽ để ý key “config” trong này có 2 thứ là bearerToken và caData là helpful

Mình tiến hành phân tích bearerToken bằng https://devtoys.app/

Bạn sẽ thấy là Token trên lưu dữ thông tin serviceacount của argocd ở phần payload.
You can imagine that when you add the K8S cluster into Argocd. It will create a service account that is assigned permission based on RBAC.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: "<config->caData>"
    server: <server-in-cluster-secret>
  name: k8s-cluster
contexts:
- context:
    cluster: k8s-cluster
    namespace: default
    user: admin
  name: k8s-cluster
current-context: k8s-cluster
kind: Config
users:
- name: admin
  user:
   token: "<bearerToken-of-argocd>"

Then you modify the content inside “.kube/config” file and Run "kubectl get ns“

ArgoCD

Post navigation

Previous Post: [Helm/Github] Create a public Helm chart repository with GitHub Pages
Next Post: [Smartctl] Instruction check the health disk of Raspberry.

More Related Articles

[ArgoCD] Sử dụng ArgoCD deploy lên k8s. ArgoCD
[ArgoCD] Add other Cluster ranchers, k8s, or EKS into ArgoCD. ArgoCD
[Argocd] Creating an Application of Argocd is related to helm public and repo helm ArgoCD
[Argo-Notification] fix the problem: bad character U+005B ‘[‘  ArgoCD
[ArgoCD/KSOPS] Encrypting Resource on kustomize and Argocd. ArgoCD
[ArgoCD] Hướng dẫn tạo “local user” trên argocd ArgoCD

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Tham Gia Group DevOps nhé!
Để Nim có nhiều động lực ra nhiều bài viết.
Để nhận được những thông báo mới nhất.

Recent Posts

  • [Smartctl] Instruction check the health disk of Raspberry. January 16, 2023
  • [kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd January 12, 2023
  • [Helm/Github] Create a public Helm chart repository with GitHub Pages January 8, 2023
  • [AWS] How to increase the disk size of a Windows EC2 machine? January 4, 2023
  • [Redis] ElastiCache-Redis Cross-Region Replication|Global DataStore January 3, 2023

Archives

  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021

Categories

  • BareMetal
  • CI/CD
    • ArgoCD
    • ArgoWorkflows
    • Git
      • Bitbucket
    • Harbor
    • Jenkins
    • Spinnaker
    • TeamCity
  • Coding
    • Golang
    • Jquery & JavaScript
    • Laravel
    • Python
    • Selenium
    • Terraform
      • AWS – Amazon Web Service
      • GCP – Google Cloud
  • Kubernetes & Container
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Docker
    • Helm Chart
    • Isito-EnvoyFilter
    • Kubernetes
      • Ingress
    • Longhorn – Storage
    • Vault
    • VictoriaMetrics
  • Log & Monitor
    • ELK
      • Kibana
      • Logstash
    • Grafana
    • Prometheus
  • Uncategorized
  • Admin

Copyright © 2023 NimTechnology.