Cluster Login
Prerequisitesβ
There are two different methods for logging into your Kubernetes cluster, depending on your use-case:
- Login with your Cockpit account for use on your personal machine
- Login with a service account for automation purposes
The instructions differ slightly for these two methods.
Cockpit Account Loginβ
First you will need to login to your Cockpit account with the CLI. The auth login command will automatically open your browser where you can login
interactively.
$ nctl auth login
β added nineapis.ch to kubeconfig π
β logged into cluster nineapis.ch π
Now you can authenticate with any cluster within your organization using the
auth cluster command:
$ nctl auth cluster <cluster-name>
β added <cluster-name>/<org> to kubeconfig π
Alternatively you can also download the kubeconfig from Cockpit when viewing
your Kubernetes cluster and use that directly instead of letting nctl create
the config.
Now you are ready to use kubectl as usual. nctl will take care keeping you
logged in at all times.
Service Account Loginβ
Using a service account does not require any additional tooling.
- Create a new Account in Cockpit using the Access Management tab
- Create a Cluster Role Binding and attach it to your previously created Account
- Go to the Account and download the kubeconfig
Now you can use the kubeconfig as you would any other. In case you want to
selectively add permissions to this service account, you can do so using
normal
rbac.
This service account will map to a service account in your clusters default
namespace with the full name system:serviceaccount:default:<service account name>.