I have set up a kubernetes cluster a while ago using kube-up (I guess, I am not totally sure as it is really a while ago) and very recently I have set up another kubernetes cluster using coreOS and its tools. They both generated kubeconfig files and those files are working perfectly for each of them respectively. Although, there are some differences and this why this post. I want to understand those differences properly. Here are the two files -
1.> One generate earlier (most likely using kube-up)
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: CERTIFICATE_AUTH_DATA
server: https://our.kube.server.1
name: aws_kubernetes
contexts:
- context:
cluster: aws_kubernetes
user: aws_kubernetes
name: aws_kubernetes
current-context: aws_kubernetes
kind: Config
preferences: {}
users:
- name: aws_kubernetes
user:
client-certificate-data: SECRET_CERTIFICATE
client-key-data: SECRET_CLIENT_KEY
token: SECRET_TOKEN
- name: aws_kubernetes-basic-auth
user:
password: PASSWORD
username: USERNAME2.> Second generated later with the coreOS tools
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: path/to/ca.pem
server: https://our.kube-server.2
name: kube-aws-cluster-cluster
contexts:
- context:
cluster: kube-aws-cluster-cluster
namespace: default
user: kube-aws-
cluster-admin
name: kube-aws-cluster-context
users:
- name: kube-aws-cluster-admin
user:
client-certificate: path/to/admin.pem
client-key: path/to/admin-key.pem
current-context: kube-aws-cluster-contextAs you can see there is difference of names of the keys and their values in between these two version; e.g. - certificate-authority-data vs certificate-authority and also one being a string and another being the relative path to a .pem file.
I was wondering -
1.> Are the names of the keys interchangeable, ex - certificate-authority-data can be certificate-authority or vice versa
2.> Are the types of values pre defined? What I mean is, if I copy the content of the .pem file and paste it against, say certificate-authority, will kubectl be able to authorize?
It will be great if I can have an idea about this.I am sorry if there is any confusion in my question. If so please ask me and I will try to make it clear as much as possible.
Thanks in advance
------------------ EDIT ----------------
I kind of made some experiments and I understand that they are not interchangeable. I have a different question now. Which is more straight forward -
Which among these two is a standard or latest version of kubeconfig file?
The *-data fields inline the content of the referenced files, base64-encoded. That allows the kubeconfig file to be self-contained, and able to be moved/copied/distributed without also carrying along referenced files on disk. Either format is valid, depending on your use case.