Kubeconfig
Portainer can act as a proxy for other Kubernetes management tools, providing access to the Kubernetes cluster while still retaining the security and governance that Portainer provides. A user can download their own kubeconfig file and use it with their favorite tool to access the Kubernetes cluster with only the permissions afforded to that user. To generate and download your kubeconfig file, from the menu select Kubeconfig.
A downloaded kubeconfig file will look something like the example below.
Note that the server URL is set to the Portainer Server instance, not the Kubernetes cluster.
1
apiVersion: v1
2
clusters:
3
- cluster:
4
insecure-skip-tls-verify: true
5
server: https://my-portainer-server:9443/api/endpoints/1/kubernetes
6
name: portainer-cluster
7
contexts:
8
- context:
9
cluster: portainer-cluster
10
user: my-portainer-username
11
name: portainer-ctx
12
current-context: portainer-ctx
13
kind: Config
14
preferences: {}
15
users:
16
- name: my-portainer-username
17
user:
18
token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Copied!
The context is set based on the specific user, and the token is set to never expire. You can adjust the token expiry behavior on the Settings page.
Tokens used in kubeconfig files become invalid when Portainer restarts — irrespective of the value set for token expiry. In this case, you will need to re-download the kubeconfig file.
Last modified 2mo ago
Copy link
Edit on GitHub