kubectl Utility
kubectl
Interact with Rancher using kubectl.
kubectl Utility
Install the kubectl
utility. See install kubectl.
Configure kubectl by visiting your cluster in the Rancher Web UI, clicking on Kubeconfig
, copying contents, and putting them into your ~/.kube/config
file.
Run kubectl cluster-info
or kubectl get pods
successfully.
Authentication with kubectl and kubeconfig Tokens with TTL
Requirements
If admins have kubeconfig token generation turned off, the kubeconfig file requires the Rancher CLI to be present in your PATH when you run kubectl
. Otherwise, you’ll see an error like:
Unable to connect to the server: getting credentials: exec: exec: "rancher": executable file not found in $PATH
.
This feature enables kubectl to authenticate with the Rancher server and get a new kubeconfig token when required. The following auth providers are currently supported:
-
Local
-
Active Directory (LDAP only)
-
FreeIPA
-
OpenLDAP
-
SAML providers: Ping, Okta, ADFS, Keycloak, Shibboleth
-
Azure AD
When you first run kubectl, for example, kubectl get pods
, you are prompted to pick an auth provider and log in with the Rancher server. The kubeconfig token is cached in the path where you run kubectl under ./.cache/token
. This token is valid until it expires, or gets deleted from the Rancher server. Upon expiration, you must log in with the Rancher server again to run the kubectl get pods
command.