Portainer can act as a proxy for other Kubernetes management tools, providing access to the Kubernetes cluster while still retaining the security and governance that Portainer provides. A user can download their own
kubeconfigfile and use it with their favorite tool to access the Kubernetes cluster with only the permissions afforded to that user. To generate and download your
kubeconfigfile, from the Home page click the kubeconfig button.
You must be accessing Portainer via HTTPS for the kubeconfig button to appear. If you are logged in with HTTP, you will not see the option.
You will be asked to select the Kubernetes environments that you would like in your
kubeconfigfile. If you have configured a kubeconfig expiry value, this will also be shown.
Tick the boxes for the environments you need and click Download File.
kubeconfigfile will look something like the example below.
Note that the server URL is set to the Portainer Server instance, not the Kubernetes cluster.
- name: portainer-sa-clusteradmin
Each environment in the
kubeconfigwill be accessible via contexts. Access is set based on the specific user that created the
Unless set to never expire, tokens will expire after the defined period, at which point a new
kubeconfigfile will need to be generated. An administrator can adjust the token expiry behavior on the Settings page.
Adjusting the token expiry will not affect previously generated