if client-certificate is not available on KUBECONFIG
kubectl and runnablekore-board
$ kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: kore-board-secret
namespace: kore
annotations:
kubernetes.io/service-account.name: kore-board
type: kubernetes.io/service-account-token
EOF
cluster-admin permission to the serviceaccount$ kubectl create clusterrolebinding kore-board-binding --clusterrole=cluster-admin --serviceaccount=kore:kore-board
$ echo -e "apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: $(kubectl get secret kore-board-secret -n kore -o jsonpath='{.data.ca\.crt}')
server: $(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$(kubectl config view -o jsonpath="{.contexts[?(@.name==\"$(kubectl config current-context)\")].context.cluster}")\")].cluster.server}")
name: token-cluster
contexts:
- context:
cluster: token-cluster
user: token-user
name: admin
current-context: token
users:
- name: token-user
user:
token: $(kubectl get secret kore-board-secret -n kore -o jsonpath='{.data.token}' | base64 --decode)
" > kubeconfig-token.yaml
$ kubectl get sa kore-board -n kore --kubeconfig="$(pwd)/kubeconfig-token.yaml"
$ kubectl get secret kore-board-secret -n kore --kubeconfig="$(pwd)/kubeconfig-token.yaml"
$ kubectl get nodes --kubeconfig="$(pwd)/kubeconfig-token.yaml"
gcloud container command$ export KUBECONFIG="kubeconfig-gke-autopilot.yaml"
$ gcloud container clusters get-credentials autopilot-cluster-1 --region asia-northeast3 --project kore-project
$ kubectl get nodes
ERROR: (gcloud.container.clusters.get-credentials) get-credentials requires edit permission on ....
$ gcloud config set container/use_client_certificate False