How does a User get its kubeconfig without access to the Rancher GUI

5/29/2019

I have a Rancher installation with LDAP integration. Some of our users should be able to work with kubectl but should not be able to access the Rancher web-GUI. How can I generate the kubeconfig files for those users?

Usually the users can get the kubeconfig file themselves in the GUI, but how does the process look like without Rancher GUI access? Is there a way to generate those kubeconfig files with an admin user?

Thanks for your help.

-- RemoH
kubernetes
rancher

1 Answer

6/12/2019

look here :

get_kubeconfig_custom_cluster_rancher2.sh

Each user is having his own namespace with associated secret. You can get the kubeconfig file as mentionned in the script with something like :

docker exec $CONTID kubectl get secret c-$CLUSTERID -n cattle-system -o json | jq -r .data.cluster | base64 -d | jq -r .metadata.state > kubeconfig

However, this is working only in the case of a local user created by an admin. A ldap/AD user should login one time before having an existing ID.

-- lowmath
Source: StackOverflow