What's the meaning of the sections of a kubeconfig file?

2 min read | by Jordi Prats

The configuration file kubeconfig (~/.kube/config) is used to get access to a Kubernetes cluster. It looks like a Kubernetes object that defines the cluster, the user and the context to use:

apiVersion: v1
kind: Config
preferences: {}

clusters:
(...)

users:
(...)

contexts:
(...)

Let's take a minikube kubeconfig as an example

On the clusters section we are defining how to connect to the cluster:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /home/pet2cattle/.minikube/ca.crt
    extensions:
    - extension:
        last-update: Wed, 23 Jun 2021 08:27:49 CEST
        provider: minikube.sigs.k8s.io
        version: v1.20.0
      name: cluster_info
    server: https://192.168.49.2:8443
  name: minikube
(...)

On the users section we are telling kubectl how to identify itself using SSL certificates:

apiVersion: v1
kind: Config
users:
- name: minikube
  user:
    client-certificate: /home/pet2cattle/.minikube/profiles/minikube/client.crt
    client-key: /home/pet2cattle/.minikube/profiles/minikube/client.key
(...)

Finally, the contexts section is the glue between the other sections telling which user to use to connect to which cluster. We can also fins which is the default namespace to use:

apiVersion: v1
kind: Config
contexts:
- context:
    cluster: minikube
    extensions:
    - extension:
        last-update: Wed, 23 Jun 2021 08:27:49 CEST
        provider: minikube.sigs.k8s.io
        version: v1.20.0
      name: context_info
    namespace: default
    user: minikube
  name: minikube
(...)

There's also the current-context which tell us which is context is currently in use. A complete example would be:

apiVersion: v1
current-context: minikube
kind: Config
preferences: {}
clusters:
- cluster:
    certificate-authority: /home/pet2cattle/.minikube/ca.crt
    extensions:
    - extension:
        last-update: Wed, 23 Jun 2021 08:27:49 CEST
        provider: minikube.sigs.k8s.io
        version: v1.20.0
      name: cluster_info
    server: https://192.168.49.2:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    extensions:
    - extension:
        last-update: Wed, 23 Jun 2021 08:27:49 CEST
        provider: minikube.sigs.k8s.io
        version: v1.20.0
      name: context_info
    namespace: default
    user: minikube
  name: minikube
users:
- name: minikube
  user:
    client-certificate: /home/pet2cattle/.minikube/profiles/minikube/client.crt
    client-key: /home/pet2cattle/.minikube/profiles/minikube/client.key

So, if we have two cluster with two different kubeconfig files we can create a new one with both clusters copying the three sections (users, clusters and contexts) and making sure it's names don't collide between them

Posted on 29/06/2021

Categories