Skip to content

NimTechnology

Trình bày các công nghệ CLOUD một cách dễ hiểu.

  • Kubernetes & Container
    • Docker
    • Kubernetes
      • Ingress
      • Pod
    • Helm Chart
    • OAuth2 Proxy
    • Isito-EnvoyFilter
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Vault
    • Longhorn – Storage
    • VictoriaMetrics
    • MetalLB
    • Kong Gateway
  • CI/CD
    • ArgoCD
    • ArgoWorkflows
    • Argo Events
    • Spinnaker
    • Jenkins
    • Harbor
    • TeamCity
    • Git
      • Bitbucket
  • Coding
    • DevSecOps
    • Terraform
      • GCP – Google Cloud
      • AWS – Amazon Web Service
      • Azure Cloud
    • Golang
    • Laravel
    • Python
    • Jquery & JavaScript
    • Selenium
  • Log, Monitor & Tracing
    • DataDog
    • Prometheus
    • Grafana
    • ELK
      • Kibana
      • Logstash
  • BareMetal
    • NextCloud
  • Toggle search form

[kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd

Posted on January 12, 2023 By nim 1 Comment on [kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd

Bài này mình sẽ note 1 số thứ kiên quan đến việc tạo kube configuration từ 1 service account đã tồn tại
bạn có thể lấy nó từ k8s hay argocd.

Contents

Toggle
  • Create a kubectl config file for serviceaccount
  • Create a kubectl config file from the cluster secret of Argocd

Create a kubectl config file for serviceaccount

Bạn có thể tham khảo link bên dưới:

https://stackoverflow.com/questions/47770676/how-to-create-a-kubectl-config-file-for-serviceaccount

# your server name goes here
server=https://localhost:8443
# the name of the secret containing the service account token goes here
name=default-token-sg96k

ca=$(kubectl get secret/$name -o jsonpath='{.data.ca\.crt}')
token=$(kubectl get secret/$name -o jsonpath='{.data.token}' | base64 --decode)
namespace=$(kubectl get secret/$name -o jsonpath='{.data.namespace}' | base64 --decode)

echo "
apiVersion: v1
kind: Config
clusters:
- name: default-cluster
  cluster:
    certificate-authority-data: ${ca}
    server: ${server}
contexts:
- name: default-context
  context:
    cluster: default-cluster
    namespace: default
    user: default-user
current-context: default-context
users:
- name: default-user
  user:
    token: ${token}
" > sa.kubeconfig

Create a kubectl config file from the cluster secret of Argocd

Bạn cũng sẽ thấy là khi bạn add 1 k8s cluster trên argocd.
thì argocd sẽ create 1 secret.

Chúng ta sẽ để ý key “config” trong này có 2 thứ là bearerToken và caData là helpful

Mình tiến hành phân tích bearerToken bằng https://devtoys.app/

Bạn sẽ thấy là Token trên lưu dữ thông tin serviceacount của argocd ở phần payload.
You can imagine that when you add the K8S cluster into Argocd. It will create a service account that is assigned permission based on RBAC.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: "<config->caData>"
    server: <server-in-cluster-secret>
  name: k8s-cluster
contexts:
- context:
    cluster: k8s-cluster
    namespace: default
    user: admin
  name: k8s-cluster
current-context: k8s-cluster
kind: Config
users:
- name: admin
  user:
   token: "<bearerToken-of-argocd>"

Then you modify the content inside “.kube/config” file and Run "kubectl get ns“

ArgoCD

Post navigation

Previous Post: [Helm/Github] Create a public Helm chart repository with GitHub Pages
Next Post: [Smartctl] Instruction check the health disk of Raspberry.

More Related Articles

[ArgoCD] Cài đặt argocd cli và connect với ArgoCD ArgoCD
[Argocd/Vault] Integrate Vault inside Argocd by the plugin ArgoCD
[Gitops] Evolving DevOps to GitOps ArgoCD
[ArgoCD/KSOPS/AWS] Encrypt secrets before pushing them to GitHub. ArgoCD
[AWS] Login Argocd via Cognito in AWS ArgoCD
[ArgoCD Image Updater] How does Argocd trigger images on Dockerhub and deploy workload on k8s automatically? ArgoCD

Comment (1) on “[kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd”

  1. whoiscall says:
    May 19, 2023 at 8:20 am

    Thanks again!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Tham Gia Group DevOps nhé!
Để Nim có nhiều động lực ra nhiều bài viết.
Để nhận được những thông báo mới nhất.

Recent Posts

  • [AWS/EKS] Cache Docker image to accelerate EKS container deployment. July 10, 2025
  • [Laravel] Laravel Helpful June 26, 2025
  • [VScode] Hướng dẫn điều chỉnh font cho terminal June 20, 2025
  • [WordPress] Hướng dấn gửi mail trên WordPress thông qua gmail. June 15, 2025
  • [Bitbucket] Git Clone/Pull/Push with Bitbucket through API Token. June 12, 2025

Archives

  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021

Categories

  • BareMetal
    • NextCloud
  • CI/CD
    • Argo Events
    • ArgoCD
    • ArgoWorkflows
    • Git
      • Bitbucket
    • Harbor
    • Jenkins
    • Spinnaker
    • TeamCity
  • Coding
    • DevSecOps
    • Golang
    • Jquery & JavaScript
    • Laravel
    • NextJS 14 & ReactJS & Type Script
    • Python
    • Selenium
    • Terraform
      • AWS – Amazon Web Service
      • Azure Cloud
      • GCP – Google Cloud
  • Kubernetes & Container
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Docker
    • Helm Chart
    • Isito-EnvoyFilter
    • Kong Gateway
    • Kubernetes
      • Ingress
      • Pod
    • Longhorn – Storage
    • MetalLB
    • OAuth2 Proxy
    • Vault
    • VictoriaMetrics
  • Log, Monitor & Tracing
    • DataDog
    • ELK
      • Kibana
      • Logstash
    • Fluent
    • Grafana
    • Prometheus
  • Uncategorized
  • Admin

Copyright © 2025 NimTechnology.