Skip to main content
版本:预览版

vela auth gen-kubeconfig

Generate kubeconfig for user

Synopsis

Generate kubeconfig for user

Generate a new kubeconfig with specified identity. By default, the generated kubeconfig will reuse the certificate-authority-data in the cluster config from the current used kubeconfig. All contexts, clusters and users that are not in use will not be included in the generated kubeconfig.

To generate a new kubeconfig for given user and groups, use the --user and --group flag. Multiple --group flags is allowed. The group kubevela:client is added to the groups by default. The identity in the current kubeconfig should be able to approve CertificateSigningRequest in the kubernetes cluster. See https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/ for details.

To generate a kubeconfig based on existing ServiceAccount in your cluster, use the --serviceaccount flag. The corresponding secret token and ca data will be embedded in the generated kubeconfig, which allows you to act as the serviceaccount.

vela auth gen-kubeconfig

Examples

  # Generate a kubeconfig with provided user
  vela auth gen-kubeconfig --user new-user
  
  # Generate a kubeconfig with provided user and group
  vela auth gen-kubeconfig --user new-user --group kubevela:developer
  
  # Generate a kubeconfig with provided user and groups
  vela auth gen-kubeconfig --user new-user --group kubevela:developer --group my-org:my-team
  
  # Generate a kubeconfig with provided serviceaccount
  vela auth gen-kubeconfig --serviceaccount default -n demo

Options

  -e, --env string                   The environment name for the CLI request
  -g, --group --user                 The groups of the generated kubeconfig. This flag only works when --user is set. It will be embedded as the Organization in the X509 certificate.
  -h, --help                         help for gen-kubeconfig
  -n, --namespace --serviceaccount   The namespace of the serviceaccount. This flag only works when --serviceaccount is set.
      --serviceaccount --user        The serviceaccount of the generated kubeconfig. If set, a kubeconfig will be generated based on the secret token of the serviceaccount. Cannot be set when --user presents.
  -u, --user string                  The user of the generated kubeconfig. If set, an X509-based kubeconfig will be intended to create. It will be embedded as the Subject in the X509 certificate.

Options inherited from parent commands

  -y, --yes   Assume yes for all user prompts

SEE ALSO

  • vela auth - Manage identity and authorizations.

Go Back to CLI Commands Homepage.

Auto generated by spf13/cobra script in KubeVela.