kubernetes, kubeconfig file structure

11/22/2016

I have set up a kubernetes cluster a while ago using kube-up (I guess, I am not totally sure as it is really a while ago) and very recently I have set up another kubernetes cluster using coreOS and its tools. They both generated kubeconfig files and those files are working perfectly for each of them respectively. Although, there are some differences and this why this post. I want to understand those differences properly. Here are the two files -

1.> One generate earlier (most likely using kube-up)

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: CERTIFICATE_AUTH_DATA
    server: https://our.kube.server.1
  name: aws_kubernetes
contexts:
- context:
    cluster: aws_kubernetes
    user: aws_kubernetes
  name: aws_kubernetes
current-context: aws_kubernetes
kind: Config
preferences: {}
users:
- name: aws_kubernetes
  user:
    client-certificate-data: SECRET_CERTIFICATE
    client-key-data: SECRET_CLIENT_KEY
    token: SECRET_TOKEN
- name: aws_kubernetes-basic-auth
  user:
    password: PASSWORD
    username: USERNAME

2.> Second generated later with the coreOS tools

apiVersion: v1
kind: Config
clusters:
- cluster:
    certificate-authority: path/to/ca.pem
    server: https://our.kube-server.2
  name: kube-aws-cluster-cluster
contexts:
- context:
    cluster: kube-aws-cluster-cluster
    namespace: default
    user: kube-aws-
cluster-admin
  name: kube-aws-cluster-context
users:
- name: kube-aws-cluster-admin
  user:
    client-certificate: path/to/admin.pem
    client-key: path/to/admin-key.pem
current-context: kube-aws-cluster-context

As you can see there is difference of names of the keys and their values in between these two version; e.g. - certificate-authority-data vs certificate-authority and also one being a string and another being the relative path to a .pem file.

I was wondering -

1.> Are the names of the keys interchangeable, ex - certificate-authority-data can be certificate-authority or vice versa

2.> Are the types of values pre defined? What I mean is, if I copy the content of the .pem file and paste it against, say certificate-authority, will kubectl be able to authorize?

It will be great if I can have an idea about this.I am sorry if there is any confusion in my question. If so please ask me and I will try to make it clear as much as possible.

Thanks in advance

------------------ EDIT ----------------

I kind of made some experiments and I understand that they are not interchangeable. I have a different question now. Which is more straight forward -

Which among these two is a standard or latest version of kubeconfig file?

-- SRC
amazon-ec2
google-cloud-platform
kubectl
kubernetes

1 Answer

11/22/2016

The *-data fields inline the content of the referenced files, base64-encoded. That allows the kubeconfig file to be self-contained, and able to be moved/copied/distributed without also carrying along referenced files on disk. Either format is valid, depending on your use case.

-- Jordan Liggitt
Source: StackOverflow