Configure Multiple Users for Access to a Kubernetes Cluster

December 5, 2017 | Docker Kubernetes

I’ve obtained 2 Kubeconfig files for access to the PRP Kubernetes cluster.

One Kubeconfig file, ~/.kube/admin.conf, is for the admin user:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://67.58.53.146:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

I obtained the other Kubeconfig file, ~/.kube/shaw.conf, when I signed in to the portal https://k8s.optiputer.net/, as shaw@ucsc.edu, for the very first time:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://67.58.53.146:6443
  name: calit2
contexts:
- context:
    cluster: calit2
    namespace: ucsc-edu
    user: http://cilogon.org/serverA/users/13576
  name: calit2
current-context: calit2
kind: Config
preferences: {}
users:
- name: http://cilogon.org/serverA/users/13576
  user:
    auth-provider:
      config:
        client-id: REDACTED
        client-secret: REDACTED
        id-token: REDACTED
        idp-issuer-url: https://test.cilogon.org
        refresh-token: REDACTED
      name: oidc

KUBECONFIG environment variable

The first option is to use the KUBECONFIG environment variable to switch between the two Kubeconfig files:

$ export KUBECONFIG=~/.kube/shaw.conf

or

$ export KUBECONFIG=~/.kube/admin.conf

$HOME/.kube/config

Or we can merge the 2 Kubeconfig files into a single file ~/.kube/config (which is the default Kubeconfig file); and make minor modifications so that the file content looks as follows (see also Configure Access to Multiple Clusters):

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://67.58.53.146:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: admin
- context:
    cluster: kubernetes
    namespace: ucsc-edu
    user: http://cilogon.org/serverA/users/13576
  name: shaw
current-context: admin
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: http://cilogon.org/serverA/users/13576
  user:
    auth-provider:
      config:
        client-id: REDACTED
        client-secret: REDACTED
        id-token: REDACTED
        idp-issuer-url: https://test.cilogon.org
        refresh-token: REDACTED
      name: oidc

Now we can switch user by changing current context:

$ kubectl config use-context shaw

or

$ kubectl config use-context admin