Skip to main content
Version: v1.9

vela auth gen-kubeconfig

Generate kubeconfig for user

Synopsis

Generate kubeconfig for user

Generate a new kubeconfig with specified identity. By default, the generated kubeconfig will reuse the certificate-authority-data in the cluster config from the current used kubeconfig. All contexts, clusters and users that are not in use will not be included in the generated kubeconfig.

To generate a new kubeconfig for given user and groups, use the --user and --group flag. Multiple --group flags is allowed. The group kubevela:client is added to the groups by default. The identity in the current kubeconfig should be able to approve CertificateSigningRequest in the kubernetes cluster. See https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/ for details.

To generate a kubeconfig based on existing ServiceAccount in your cluster, use the --serviceaccount flag. The corresponding secret token and ca data will be embedded in the generated kubeconfig, which allows you to act as the serviceaccount.

vela auth gen-kubeconfig

Examples

  # Generate a kubeconfig with provided user
vela auth gen-kubeconfig --user new-user

# Generate a kubeconfig with provided user and group
vela auth gen-kubeconfig --user new-user --group kubevela:developer

# Generate a kubeconfig with provided user and groups
vela auth gen-kubeconfig --user new-user --group kubevela:developer --group my-org:my-team

# Generate a kubeconfig with provided serviceaccount
vela auth gen-kubeconfig --serviceaccount default -n demo

Options

  -e, --env string                   The environment name for the CLI request
-g, --group --user The groups of the generated kubeconfig. This flag only works when --user is set. It will be embedded as the Organization in the X509 certificate.
-h, --help help for gen-kubeconfig
-n, --namespace --serviceaccount The namespace of the serviceaccount. This flag only works when --serviceaccount is set.
--serviceaccount --user The serviceaccount of the generated kubeconfig. If set, a kubeconfig will be generated based on the secret token of the serviceaccount. Cannot be set when --user presents.
-u, --user string The user of the generated kubeconfig. If set, an X509-based kubeconfig will be intended to create. It will be embedded as the Subject in the X509 certificate.

Options inherited from parent commands

  -V, --verbosity Level   number for the log level verbosity
-y, --yes Assume yes for all user prompts

SEE ALSO

  • vela auth - Manage identity and authorizations.

Go Back to CLI Commands Homepage.

Auto generated by spf13/cobra script in KubeVela.