Kubeconfig
Portainer can act as a proxy for other Kubernetes management tools, providing access to the Kubernetes cluster while still retaining the security and governance that Portainer provides. A user can download their own kubeconfig file and use it with their favorite tool to access the Kubernetes cluster with only the permissions afforded to that user. To generate and download your kubeconfig file, from the Home page click the kubeconfig button.
You will be asked to select the Kubernetes environments that you would like in your kubeconfig file. If you have configured a kubeconfig expiry value, this will also be shown.
Tick the boxes for the environments you need and click Download file.
A downloaded kubeconfig file will look something like the example below.
Note that the server URL is set to the Portainer Server instance, not the Kubernetes cluster.
1
apiVersion: v1
2
clusters:
3
- cluster:
4
insecure-skip-tls-verify: true
5
server: https://my-portainer-server:9443/api/endpoints/1/kubernetes
6
name: portainer-cluster-kubernetes
7
contexts:
8
- context:
9
cluster: portainer-cluster-kubernetes
10
user: portainer-sa-clusteradmin
11
name: portainer-ctx-kubernetes
12
current-context: portainer-ctx-kubernetes
13
kind: Config
14
preferences: {}
15
users:
16
- name: portainer-sa-clusteradmin
17
user:
18
token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Copied!
Each environment in the kubeconfig will be accessible via contexts. Access is set based on the specific user that created the kubeconfig file.
Unless set to never expire, tokens will expire after the defined period, at which point a new kubeconfig file will need to be generated. An administrator can adjust the token expiry behavior on the Settings page.
Adjusting the token expiry will not affect previously generated kubeconfig files.
Copy link
Edit on GitHub