[kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd

Posted on By nim 1 Comment on [kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd

Bài này mình sẽ note 1 số thứ kiên quan đến việc tạo kube configuration từ 1 service account đã tồn tại
bạn có thể lấy nó từ k8s hay argocd.

Create a kubectl config file for serviceaccount

Bạn có thể tham khảo link bên dưới:

https://stackoverflow.com/questions/47770676/how-to-create-a-kubectl-config-file-for-serviceaccount

# your server name goes here
server=https://localhost:8443
# the name of the secret containing the service account token goes here
name=default-token-sg96k

ca=$(kubectl get secret/$name -o jsonpath='{.data.ca\.crt}')
token=$(kubectl get secret/$name -o jsonpath='{.data.token}' | base64 --decode)
namespace=$(kubectl get secret/$name -o jsonpath='{.data.namespace}' | base64 --decode)

echo "
apiVersion: v1
kind: Config
clusters:
- name: default-cluster
  cluster:
    certificate-authority-data: ${ca}
    server: ${server}
contexts:
- name: default-context
  context:
    cluster: default-cluster
    namespace: default
    user: default-user
current-context: default-context
users:
- name: default-user
  user:
    token: ${token}
" > sa.kubeconfig

Create a kubectl config file from the cluster secret of Argocd

Bạn cũng sẽ thấy là khi bạn add 1 k8s cluster trên argocd.
thì argocd sẽ create 1 secret.

Chúng ta sẽ để ý key “config” trong này có 2 thứ là bearerToken caData là helpful

Mình tiến hành phân tích bearerToken bằng https://devtoys.app/

Bạn sẽ thấy là Token trên lưu dữ thông tin serviceacount của argocd ở phần payload.
You can imagine that when you add the K8S cluster into Argocd. It will create a service account that is assigned permission based on RBAC.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: "<config->caData>"
    server: <server-in-cluster-secret>
  name: k8s-cluster
contexts:
- context:
    cluster: k8s-cluster
    namespace: default
    user: admin
  name: k8s-cluster
current-context: k8s-cluster
kind: Config
users:
- name: admin
  user:
   token: "<bearerToken-of-argocd>"

Then you modify the content inside “.kube/config” file and Run "kubectl get ns

ArgoCD

More Related Articles

[Argocd] Creating an Application of Argocd is related to helm public and repo helm ArgoCD
[ArgoCD] Hướng dẫn tạo “local user” trên argocd ArgoCD
[Gitops] Evolving DevOps to GitOps ArgoCD
[Argocd] Designing Gitops model is implemented by argocd ArgoCD
[Argocd/Vault] Integrate Vault inside Argocd by the plugin ArgoCD
[ArgoCD/KSOPS/AWS] Encrypt secrets before pushing them to GitHub. ArgoCD

Comment (1) on “[kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd”

Leave a Reply

Your email address will not be published. Required fields are marked *