Portainer Documentation
Official WebsiteKnowledge BaseGet 5 Nodes of BE Free
Search…
2.15
Welcome
What's new in version 2.15
Release Notes
Getting Started
Introduction
Portainer architecture
Requirements and prerequisites
Install Portainer
Upgrading Portainer
Using Portainer
Home
Docker/Swarm
Kubernetes
Dashboard
kubectl shell
Kubeconfig
Custom Templates
Namespaces
Helm
Applications
ConfigMaps & Secrets
Volumes
Cluster
Azure ACI
Nomad
Edge Compute
Account settings
Administering Portainer
Users
Environments
Registries
Licenses
Authentication logs
Settings
Frequently Asked Questions
Portainer Concepts
Installing
Upgrading
Troubleshooting
Contributing
Advanced Topics
CLI configuration options
App templates
The Portainer Edge Agent
Access control
Reset the admin user's password
Security and compliance
Encrypting the Portainer database
Using your own SSL certificate with Portainer
Using Portainer with reverse proxies
Helm chart configuration options
Kubernetes roles and bindings
Deprecated and removed features
API
Accessing the Portainer API
API documentation
API usage examples
Get More Help
Knowledge Base
YouTube
Slack
Discord
Open a support request
Contribute to Portainer
Contribute
Build instructions
Powered By GitBook
Kubeconfig
Portainer can act as a proxy for other Kubernetes management tools, providing access to the Kubernetes cluster while still retaining the security and governance that Portainer provides. A user can download their own kubeconfig file and use it with their favorite tool to access the Kubernetes cluster with only the permissions afforded to that user. To generate and download your kubeconfig file, from the Home page click the kubeconfig button.
You must be accessing Portainer via HTTPS for the kubeconfig button to appear. If you are logged in with HTTP, you will not see the option.
You will be asked to select the Kubernetes environments that you would like in your kubeconfig file. If you have configured a kubeconfig expiry value, this will also be shown.
Tick the boxes for the environments you need and click Download File.
A downloaded kubeconfig file will look something like the example below.
Note that the server URL is set to the Portainer Server instance, not the Kubernetes cluster.
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://my-portainer-server:9443/api/endpoints/1/kubernetes
name: portainer-cluster-kubernetes
contexts:
- context:
cluster: portainer-cluster-kubernetes
user: portainer-sa-clusteradmin
name: portainer-ctx-kubernetes
current-context: portainer-ctx-kubernetes
kind: Config
preferences: {}
users:
- name: portainer-sa-clusteradmin
user:
token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Each environment in the kubeconfig will be accessible via contexts. Access is set based on the specific user that created the kubeconfig file.
Unless set to never expire, tokens will expire after the defined period, at which point a new kubeconfig file will need to be generated. An administrator can adjust the token expiry behavior on the Settings page.
Adjusting the token expiry will not affect previously generated kubeconfig files.
​
Previous
kubectl shell
Next
Custom Templates
Last modified 26d ago
Copy link
Edit on GitHub