I have a Rancher installation with LDAP integration. Some of our users should be able to work with kubectl but should not be able to access the Rancher web-GUI. How can I generate the kubeconfig files for those users?
Usually the users can get the kubeconfig file themselves in the GUI, but how does the process look like without Rancher GUI access? Is there a way to generate those kubeconfig files with an admin user?
Thanks for your help.
look here :
get_kubeconfig_custom_cluster_rancher2.sh
Each user is having his own namespace with associated secret. You can get the kubeconfig file as mentionned in the script with something like :
docker exec $CONTID kubectl get secret c-$CLUSTERID -n cattle-system -o json | jq -r .data.cluster | base64 -d | jq -r .metadata.state > kubeconfigHowever, this is working only in the case of a local user created by an admin. A ldap/AD user should login one time before having an existing ID.