There are two different methods for logging into your Kubernetes cluster,
depending on your use-case:
- Login with your Cockpit account for use on your personal machine
- Login with a service account for automation purposes
The instructions differ slightly for these two methods.
Cockpit Account Login
To authenticate against the cluster using your Cockpit account, you will need
to install kubelogin in addition to kubectl.
Then you should be ready to use the kubeconfig that you can download in
Cockpit when viewing your Kubernetes cluster. Copy the kubeconfig file to a
sensible location on your system, or merge it with your existing kubeconfig.
Now on the first issue of a
kubectl command against the cluster, you should
automatically be directed to your browser where you will need to login with
your cockpit account, in case you are not already logged in. Kubelogin will
take care of the rest and will keep you logged in or in case your token
expires, it will ask you again for credentials.
Service Account Login
Using a service account does not require any additional tooling.
- Create a new Account in Cockpit using the Access Management tab
- Create a Cluster Role Binding and attach it to your previously created Account
- Go to the Account and download the kubeconfig
Now you can use the kubeconfig as you would any other. In case you want to
selectively add permissions to this service account, you can do so using
This service account will map to a service account in your clusters default
namespace with the full name