vela auth gen-kubeconfig
Generate kubeconfig for user
Synopsis
Generate kubeconfig for user
Generate a new kubeconfig with specified identity. By default, the generated kubeconfig will reuse the certificate-authority-data in the cluster config from the current used kubeconfig. All contexts, clusters and users that are not in use will not be included in the generated kubeconfig.
To generate a new kubeconfig for given user and groups, use the --user and --group flag. Multiple --group flags is allowed. The group kubevela:client is added to the groups by default. The identity in the current kubeconfig should be able to approve CertificateSigningRequest in the kubernetes cluster. See https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/ for details.
To generate a kubeconfig based on existing ServiceAccount in your cluster, use the --serviceaccount flag. The corresponding secret token and ca data will be embedded in the generated kubeconfig, which allows you to act as the serviceaccount.
vela auth gen-kubeconfig
Examples
# Generate a kubeconfig with provided user
vela auth gen-kubeconfig --user new-user
# Generate a kubeconfig with provided user and group
vela auth gen-kubeconfig --user new-user --group kubevela:developer
# Generate a kubeconfig with provided user and groups
vela auth gen-kubeconfig --user new-user --group kubevela:developer --group my-org:my-team
# Generate a kubeconfig with provided serviceaccount
vela auth gen-kubeconfig --serviceaccount default -n demo
Options
-e, --env string The environment name for the CLI request
-g, --group --user The groups of the generated kubeconfig. This flag only works when --user is set. It will be embedded as the Organization in the X509 certificate.
-h, --help help for gen-kubeconfig
-n, --namespace --serviceaccount The namespace of the serviceaccount. This flag only works when --serviceaccount is set.
--serviceaccount --user The serviceaccount of the generated kubeconfig. If set, a kubeconfig will be generated based on the secret token of the serviceaccount. Cannot be set when --user presents.
-u, --user string The user of the generated kubeconfig. If set, an X509-based kubeconfig will be intended to create. It will be embedded as the Subject in the X509 certificate.
Options inherited from parent commands
-V, --verbosity Level number for the log level verbosity
-y, --yes Assume yes for all user prompts
SEE ALSO
- vela auth - Manage identity and authorizations.