The Konvoy credentials plugin makes it easy to use external identity providers with kubectl. When using the plugin, kubectl initiates an authentication session in your browser and stores identity tokens locally. When a token expires, the plugin starts a new authentication session and refreshes the token.
The easiest way to get started is to download the plugin binary and a cluster generated kubectl configuration file. If you are using Kommander and add a new cluster, come back to this page to download an updated kubeconfig.
Download both files to your computer. The plugin is a binary and must be marked as executable on Linux and MacOS. To do so, run the following command:
chmod +x konvoy-async-plugin
Copy the binary to a location in your PATH environment variable, /usr/local/bin is a good candidate on most platforms.
To configure kubectl to use the plugin, run kubectl with the --kubeconfig CLI option
kubectl --kubeconfig /path/to/downloaded/config get pods -A
You can also set the KUBECONFIG environment variable so you do not have to type --kubeconfig every time you run the command.
export KUBECONFIG=/path/to/downloaded/config
If this cluster is managing authentication for external clusters, deployed by Kommander, you must set the correct kubectl context. The generated kubeconfig contains contexts for each cluster managed by Kommander.
You can list each context using the config get-contexts command:
kubectl --kubeconfig /path/to/downloaded/kubeconfig config get-contexts
To select a different context, use the config use-context command:
kubectl --kubeconfig /path/to/downloaded/kubeconfig config use-context context-name
For more information on using and managing kubeconfig files, refer to this documentation
The following commands can be pasted directly into a terminal. These instructions configure your global kubeconfig, located at ${HOME}/.kube/config.
At this point you can start using kubectl. Try running a simple kubectl command:
kubectl get pods -A
This opens a browser window and lets you authenticate. If you are using a remote terminal, a link is displayed that you can copy and paste into a local browser window.