Creating a Kubernetes Configuration File
On Compute Cloud@Customer, you can set up a Kubernetes configuration file for each OKE cluster that you work with. Your Kubernetes configuration file enables you to access OKE clusters using the kubectl
command and
the Kubernetes Dashboard.
Kubernetes configuration files organize information about
clusters, users, namespaces, and authentication mechanisms. You can define contexts to
easily switch between clusters and namespaces. The kubectl
tool uses
Kubernetes configuration files to find the information it
needs to choose a cluster and communicate with the API server of a cluster.
Installing the Kubernetes Command Line Tool
Install and configure the Kubernetes command line tool
kubectl
. The kubectl
tool enables you to
perform operations on OKE clusters such as deploy
applications, inspect and manage cluster resources, and view logs.
To install kubectl
, see Kubernetes Install Tools. The kubectl
version must be
within one minor version of the OKE cluster Kubernetes version. For example, a v1.29 client can
communicate with v1.28, v1.29, and v1.30 control planes. See Supported Versions of Kubernetes.
For more information, including a complete list of kubectl
operations, see the https://kubernetes.io/docs/reference/kubectl/ reference page.
Create a Kubernetes Configuration File
Use the CLI to create your Kubernetes configuration file.
The Quick Start button on a cluster details page in the Compute Cloud@Customer Console shows how to create a Kubernetes configuration file, and provides the OCID of the cluster.
-
Get the OCID of the cluster:
oci ce cluster list
-
Run the oci ce cluster create-kubeconfig command as described to create the configuration file:
The
--cluster-id
option is required.The default value of the
--file
option is~/.kube/config
. If you already have a file at the specified location and you want to replace it, use the--overwrite
option. To maintain more than one configuration file, select a different file by using theKUBECONFIG
environment variable or the--kubeconfig
option.The value of the
--kube-endpoint
option must bePUBLIC_ENDPOINT
.If you don't specify the
--profile
option, the current value of yourOCI_CLI_PROFILE
environment variable is used. Best practice is to specify this value.If provided, the value of the
--token-version
option must be 2.0.0.Example:
Use the following command to configure a Kubernetes configuration file for the specified cluster using the public endpoint:
$ oci ce cluster create-kubeconfig --cluster-id ocid1.cluster.unique_ID \ --file $HOME/.kube/config --kube-endpoint PUBLIC_ENDPOINT --profile profile-name New config written to the Kubeconfig file /home/username/.kube/config
A Kubernetes configuration file includes a CLI command that dynamically generates an authentication token and inserts it when you run a
kubectl
command. By default, the CLI command in the Kubernetes configuration file uses your current CLI profile when generating an authentication token. If you have defined multiple profiles in your CLI configuration file, use one of the following methods to specify which profile to use when generating the authentication token. The value ofprofile-name
is the name of the profile in your CLI configuration file.-
Ensure that your
OCI_CLI_PROFILE
environment variable is set to the profile for the tenancy where theocid1.cluster.unique_ID
resides. This setting is ignored if one of the following methods was used to specify the profile for this cluster in the Kubernetes configuration file. -
Specify the
--profile
option on thecreate-kubeconfig
command line as shown in the preceding example command. -
Edit the generated configuration file as shown in the following example.
user: exec: apiVersion: client.authentication.k8s.io/v1beta1 args: - ce - cluster - generate-token - --cluster-id - cluster ocid - --profile - profile-name command: oci env: []
Use the following command to set your
KUBECONFIG
environment variable to the Kubernetes configuration file that you created or updated in the preceding command:$ export KUBECONFIG=$HOME/.kube/config
The following command shows the content of your new YAML configuration file:
$ kubectl config view
If you run the command again with a different cluster OCID, the new information is merged with the existing information. The following message is displayed:
Existing Kubeconfig file found at /home/username/.kube/config and new config merged into it
-
Next Step:
Verify Your Cluster Access
Before you run kubectl
commands, enure that your OCI_CLI_PROFILE
environment variable is set to the name of the profile that is defined in your OCI configuration file:
$ export OCI_CLI_PROFILE=<profile-name>
Run the following command to confirm that you can access your cluster:
$ kubectl cluster-info
Every Kubernetes namespace contains at least one ServiceAccount: the default
ServiceAccount for that namespace, which is named default
. If you
don't specify a ServiceAccount when you create a Pod, the OKE service automatically assigns the ServiceAccount
named default
in that namespace.
An application running inside a Pod can access the Kubernetes API using automatically mounted service account credentials.
Next Step:
Create a Kubernetes Dashboard
The dashboard helps you manage the cluster and manage and troubleshoot applications running in the cluster.
On the Kubernetes site, see Deploy and Access the Kubernetes Dashboard
Next Step: