halo sobat sekolahlinux, kali ini saya mau share tentang bagaimana membuat kubeconfig namun dengan limitasi limitasi tertentu, jadi jika ada developer yang ingin meminta akses ke k8s production tapi kita hanya ingin memberikan diaakses ke spesific namespace tertentu kita bisa menggunakan cara dibawah ini, yuk mari kita mulai tutorialnya
pertama kita akan membuat serviceaccount terlebih dahulu
apiVersion: v1 kind: ServiceAccount metadata: name: sekolahlinux-sa namespace: kube-system
setelah itu kita akan membuat role & cluster role, untuk list apigroups, resources, verbs nya kamu bisa lihat disini:
- https://kubernetes.io/docs/reference/kubectl/overview/#resource-types
- https://kubernetes.io/docs/reference/access-authn-authz/authorization/#determine-the-request-verb
- https://sekolahlinux.com/list-resource-type-subresource-type-in-kubernetes/
clusterrole
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: sekolahlinux-clusterrole rules: - apiGroups: [""] resources: ["pods", "pods/exec", "services", "namespaces", "nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["deployment"] verbs: ["get", "list", "watch"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["clusterroles", "clusterrolebindings", "roles", "rolebindings"] verbs: ["get", "list", "watch"]
role
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: sekolahlinux-role namespace: production rules: - apiGroups: [""] resources: ["pods", "services", "namespaces", "nodes"] verbs: ["create", "get", "update", "list", "watch", "patch", "delete"] - apiGroups: ["apps"] resources: ["deployment"] verbs: ["create", "get", "update", "list", "watch", "patch", "delete"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["roles", "rolebindings"] verbs: ["create", "get", "update", "list", "watch", "patch", "delete"]
clusterrolebinding
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: sekolahlinux-clusterrolebinding subjects: - kind: ServiceAccount name: sekolahlinux-sa namespace: kube-system roleRef: kind: ClusterRole name: sekolahlinux-clusterrole apiGroup: rbac.authorization.k8s.io
rolebinding
apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: sekolahlinux-rolebinding namespace: production subjects: - kind: ServiceAccount name: sekolahlinux-sa namespace: kube-system roleRef: kind: Role name: sekolahlinux-role apiGroup: rbac.authorization.k8s.io
jika sudah selanjutkan kita akan melihat isi dari secret yang di generate secara otomatis ketika membuat serviceaccount, yaitu dengan cara seperti dibawah
sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl get secret -n production NAME TYPE DATA AGE sekolahlinux-sa-token-mc9ks kubernetes.io/service-account-token 3 6s
selanjutnya describe secret sekolahlinux-sa-token-mc9ks untuk melihat tokennya
Name: sekolahlinux-sa-token-9qcgk Namespace: production Labels: <none> Annotations: kubernetes.io/service-account.name: sekolahlinux-sa kubernetes.io/service-account.uid: 22c25c80-b1c0-4780-9317-2927b7054148 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1066 bytes namespace: 7 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImVfdldmcFluX0FCQVc0MllkcHdaU3N1dlZaaEI3VElFVHVfQTBUbUdFT3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFrYmFyLXNhLXRva2VuLTlxY2drIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrYmFyLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjJjMjVjODAtYjFjMC00NzgwLTkzMTctMjkyN2I3MDU0MTQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWtiYXItc2EifQ.b04V0Am3UmGe0tKFzwb68S49AarNgFshvnsLz_dBPOJjcz6n_5DRWa0xNBBesUZY_ReAjs70yjswX2iIMSvaUEO7cXSCWxuQoh37JOXDN--TP_gXqIyfa3SWkdPM470TRoKU2uu3KxX0tTbPtS4MxlRUfxOOs4KEPVBfhXBhIoK2eAqUFIdXEOnBvhHvx92eQSH-9UDa77xHwH9yjUOqD8dsZ-p09KYH9id7Dt1YcL1CjNfWUrKV-NkzXLrCQaIkol-jvw_0qTUEwh9eSMD7uXWvi8ma0KPqAqExm1pMllM3z7BAgy01n3XeaGQf3Fwabn-0SozEO0PbKO_ENd6Dxg
selanjutnya kita coba mendapatkan informasi tentang server cluster k8s yang sedang berjalan dengan command ini
sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl config view --flatten --minify apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hPREE1TXpNeE5Wb1hEVE13TURneE56QTVNek14TlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0RSCkw4Y1VvWG00cEdMZzdLMzlxeDRNem1YODhrUHkxVnp5bXMzM2Rrd1FMYnZyMkFxSXpTQUNLeUl4R1JxNGYzeVUKMW5tY2RxanIydnU0K3diU1VsbURUZFdTWDNmZ2F5UG5iOWoxS0dkblA4UG4vWEh0dVdtcDFXNnk0VDlQTmR1YwpucEpXaG5ySDFwMjN1NmU5RGpYUjZ2UzhIN1RYVFdBTmdqRE5PcURDMnpIazJTU0tTR0cxYUErWDdiaThXQW4yCi9hTUw0cTFFOFNoT3kzMXZmcUJ6eGRjdUJLR2VyMGxsVDc0UFBqdTVhQjkraGJ6Y2xMNFFqMHJ0Mitrd3Jla00KM3pEaXJzdVRNVHRGREljUWRuZ25ydEVKVWJCZjl5cDF0cTdMdUFLSzNLMmFmN0RGcWlMOWh1ZmhYKzFWZzEzSAo2ZjBkWUJxWnU1Skt1Ym42TnJVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCMXBpQkpWUG51VHQwSi9hUUVUQWlMSCtXODRUQ3Qwc2VEVHZ6NG9FTExvTEh4cS9VVwoxcFR4S1p3bEt0UW83RHd4eUQwb1ozNnU4elRuODJobmRWYmF4Qld4Q3Btbms1RDJocE9TbnVLU0c3cnhEeE5WCnB5YjNXekhBc2RSRVBtMkZWZFpFb3ExZW52Zk14bmJ1Q2pTcjdzNS9aYUpxM3QxZmtSdmNrWWQycXNoazhtY2EKK3pOV2FZRVNSUGdUblZNS2RUNDZWa2paaVdwT3pjSlJsUXBwU05Oa05VUCs5SHczY0gwZUcvQW9vMU5QcXdRdQpiMWdGYkFJUHhBTGlCRXFtLzY0aS9rOG8xNmQ2aXBGSkU3WHVSdnBZbkF0OXM5Sy84U29HakRBS2tyUnlxQ2J3CnVWZWdoZnZkWjFtQ0hWMk5MRHVxTmF0anUra0lJWGNBR3BnZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://192.168.99.101:8443 name: minikube contexts: - context: cluster: minikube user: minikube name: minikube current-context: minikube kind: Config preferences: {} users: - name: minikube user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBRENDQWVpZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01USXhNREUwTURZME1Wb1hEVEl4TVRJeE1URTBNRFkwTVZvd01URVhNQlVHQTFVRQpDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGakFVQmdOVkJBTVREVzFwYm1scmRXSmxMWFZ6WlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQTJhbHl1VW1qZzhseE9XSlVNeSsxSFlsNGJEdW8Kc0dkdU9pQ2ljNVRJYjlqd21IeWwzMFNjUkRyRjVBZ2tPb0dBYk5CdkM2YkhhNU44UTNEdXRydGprK3FwRUd0cQpFNStPZmQwb3lEVmYwRFMvYjFoejF4ZDNEei9ZZVo1NEl3UFVNa1JzdTVXQ1FuRTBSaEFwYXRPK3loTTNxcGlrCkdnTitNQnFLdy8zVUxoVGRhcXk4MEtJcCsvaFQvNVFubGlDeTlMR1ZqeE90ZXEyYTY0NVpoeThxOUNHa01WZlYKbGlNMDFHemsyOEpKTFZEQ21GQStnY2JmdnBuMXJUZUtvMlpWTzRmQWxGZTVIZ3NseGdwa0xkMGlCdUFTektsawpmQXBRNFRUNlE5Q1dpNGVpUVZnb3EvbG1ET1FmbDc5ZG1pSGNoSUR4Szk5LzFPVmpyNnVJNGh3RkFnTUJBQUdqClB6QTlNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBaDU2cWNjRWJKeVdjNVQ3NgozVTdieDJSQ3VORXQ3bUpvNStmdVdXQmN6VG9xWmliNjc4S1dWdDVkT05ITGN5bjQyT3A1b2plV3Z2UVZaS3RHCjlRelVWcVQrV0NqMG1ZRm5RR05qRHFyUXFUZGVROEI0Y2VEZ3F0VEFqbTkyeW0vVjdXTzZqeWR6SnRkOTJzS28Kek9NT05pcmp5bkgzT0QxZlJwUk0wYkZHU0ZpVDdTVjU2WDZ3bkxmNTlVcUh0ZWpkeGdjOGN1eVRIT3YxV2xiNgpiOTJxa0daVXg5dFlGVm1Fb2ExdWM1TERrOHVyMUdBUlg0ZHU4VndCd3cxQ3FYQWsyMmxISVFCZVg2b3FCaVdoCjJwUy9yL2ZIMkN1RzJaOTk3eGVkMnRwVS9teWo5QSs2Y2loeXhVcCtuTWN5aTE2OE5RWGcrQTlNK3g3OHlyUHQKM09FMjJ3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd05tcGNybEpvNFBKY1RsaVZETXZ0UjJKZUd3N3FMQm5iam9nb25PVXlHL1k4Smg4CnBkOUVuRVE2eGVRSUpEcUJnR3pRYnd1bXgydVRmRU53N3JhN1k1UHFxUkJyYWhPZmpuM2RLTWcxWDlBMHYyOVkKYzljWGR3OC8ySG1lZUNNRDFESkViTHVWZ2tKeE5FWVFLV3JUdnNvVE42cVlwQm9EZmpBYWlzUDkxQzRVM1dxcwp2TkNpS2Z2NFUvK1VKNVlnc3ZTeGxZOFRyWHF0bXV1T1dZY3ZLdlFocERGWDFaWWpOTlJzNU52Q1NTMVF3cGhRClBvSEczNzZaOWEwM2lxTm1WVHVId0pSWHVSNExKY1lLWkMzZElnYmdFc3lwWkh3S1VPRTAra1BRbG91SG9rRlkKS0t2NVpnemtINWUvWFpvaDNJU0E4U3ZmZjlUbFk2K3JpT0ljQlFJREFRQUJBb0lCQVFDTll3Y0lSUy9uNGNiZQphK1BiTjJ2U3JVVU1OTTNJYnd4bGs5ZzVRZVBpejUyTlJ6NmJuWVQvekVZS3I1UUllNXhXTzNEVStRWGRUdEZpCldVK0N0QlhPZTdPZkg1cWd1cUpRSlpidlAxbGlWWk5XaHB1aTBoOHgrc3drT1lZbExnYXdtK251amRpZkYzZEgKaTladGh4U1czREFhcjhnWkI3bG4ybnliSC9ZSWlEa1JTUCtvVnFuckIreFhnQkVobk8ycXNabjZUWGluSWVPaQppTzhxWTZPNDFrQlFrRHBGWnNwbk9wbFpkeTB1MmttMUVrbnZpbERXbE4xbmVGSU9KTWFZMC96eTUzWkpDY3lUCjI0YWtrTGsrWDZlUkVVSGc1WFFnTlFrNGEzaXYzbUpPYm9JY05ZTjRSU1ZnTWl6OEV2MjN5bThTV2xOLzBSeWEKSE5Qamgzd0JBb0dCQVBTMk54Tmp2K2J3b3hydWkybXp0RXRZdkVQUUFDdks2TTNzR2tpSzRqRnorTUxMTXZuUgpVdWRDamIvSGgxeFpKL1pIZG8xVHdZV1lYTmRlTHFLNjVGOGtyZE5WUGVNL0lkVC9weW5kZUFGZE9XelVDWHNLCnlmSGpEOWVCTExwUW1CMm9tZVhGSkdOTFZEY2p2NzJGanJxVExHUi9IZklSOXJuekJ2RWxrNVMxQW9HQkFNbS8KQkhPcFFBZ3hxanpLdjJUV3NlMkZzMnE1ZjZGeUVra0dwQ3JaNGQ1RzZhem1DSi9pS0dIT25hQk9RbUFiekhLRwpQRWRoL1l2ZHVxY1RmL3JScTZiSmJxVElQQkI2VTJQd2lxanhxRkRSdG55ZVhSK1hTbjREdUd3bU5EeG5hbWlnCjBqME5OOHU4dTJxTUN4WDR4Nm9RUlJCeFVvVmZXZUk4eHl3Ylljd1JBb0dBUlpuTjhHWGVud0N5WTJhVm9Hck0KVE9IZ0tpbHU0d1hEVVU1bDYxd1ZHWnV5bFRUV090ZWVqTWdSS1FySEpTejJnTVd5b2wvQUd3OUsyTGFnN1FmYgpESFNTUEJseWtML1VENURuS3JFakFNQlRKUERxQVdVQUt4dzUxVUdZUnlYRkhpcG1HMFFISlhhM2JUZHR3YW5LCi9xWDlhbGY5WEd4ZmtHUGZCWmQ2Y2tFQ2dZQXVrMVRaeHVjcmZSdktNUnlDa1RZK21iRlVJRU1nNkk3a0lRNWgKZmkrdyt6b1RXbi8vT1YwTlI0QUlkRWpLbTJCVnlEdStWeGNMNVVLa005SkYrNFhmV1gyYnVVWjBuMmtGRjVGTApjNDdpS2FneG1QWHl4eURCZXVabXdXTXAxczR3SFlDcjY1TklDK2hRcnNnWWFIamdBQ1dScURmZTVxWi9ubngwCjZGVnBvUUtCZ0JCOS9ESnhqZ2k3UmcwNWFiSGlLNlFvemcwV0l4VWZueVludVJ6bWRyN0gybHJPWjNsNVhtV2oKbmJLM2JER2FMTW5uK05acjlzd1kvK1JpRkozaDlSUTFlQ0kwMG03M09xUVZXRGFTV0dJbFE4M2ZRVFA5bkhMTgplTTFjanJ6clJDTmlWeHJIYmQyN29qZGhWdjlOcklCM1pxampMd3hUOE1ZY3l4SEQ5V3dvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
dari hasil describe secret dan juga kubectl config view diatas maka kita dapat mengambil data-data seperti dibawah ini
- cluster-name:
minikube
- certificate-authority-data:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hPREE1TXpNeE5Wb1hEVE13TURneE56QTVNek14TlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0RSCkw4Y1VvWG00cEdMZzdLMzlxeDRNem1YODhrUHkxVnp5bXMzM2Rrd1FMYnZyMkFxSXpTQUNLeUl4R1JxNGYzeVUKMW5tY2RxanIydnU0K3diU1VsbURUZFdTWDNmZ2F5UG5iOWoxS0dkblA4UG4vWEh0dVdtcDFXNnk0VDlQTmR1YwpucEpXaG5ySDFwMjN1NmU5RGpYUjZ2UzhIN1RYVFdBTmdqRE5PcURDMnpIazJTU0tTR0cxYUErWDdiaThXQW4yCi9hTUw0cTFFOFNoT3kzMXZmcUJ6eGRjdUJLR2VyMGxsVDc0UFBqdTVhQjkraGJ6Y2xMNFFqMHJ0Mitrd3Jla00KM3pEaXJzdVRNVHRGREljUWRuZ25ydEVKVWJCZjl5cDF0cTdMdUFLSzNLMmFmN0RGcWlMOWh1ZmhYKzFWZzEzSAo2ZjBkWUJxWnU1Skt1Ym42TnJVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCMXBpQkpWUG51VHQwSi9hUUVUQWlMSCtXODRUQ3Qwc2VEVHZ6NG9FTExvTEh4cS9VVwoxcFR4S1p3bEt0UW83RHd4eUQwb1ozNnU4elRuODJobmRWYmF4Qld4Q3Btbms1RDJocE9TbnVLU0c3cnhEeE5WCnB5YjNXekhBc2RSRVBtMkZWZFpFb3ExZW52Zk14bmJ1Q2pTcjdzNS9aYUpxM3QxZmtSdmNrWWQycXNoazhtY2EKK3pOV2FZRVNSUGdUblZNS2RUNDZWa2paaVdwT3pjSlJsUXBwU05Oa05VUCs5SHczY0gwZUcvQW9vMU5QcXdRdQpiMWdGYkFJUHhBTGlCRXFtLzY0aS9rOG8xNmQ2aXBGSkU3WHVSdnBZbkF0OXM5Sy84U29HakRBS2tyUnlxQ2J3CnVWZWdoZnZkWjFtQ0hWMk5MRHVxTmF0anUra0lJWGNBR3BnZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
- server-address:
https://192.168.99.101:8443
- token-user-sekolahlinux-sa
eyJhbGciOiJSUzI1NiIsImtpZCI6ImVfdldmcFluX0FCQVc0MllkcHdaU3N1dlZaaEI3VElFVHVfQTBUbUdFT3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFrYmFyLXNhLXRva2VuLTlxY2drIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrYmFyLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjJjMjVjODAtYjFjMC00NzgwLTkzMTctMjkyN2I3MDU0MTQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWtiYXItc2EifQ.b04V0Am3UmGe0tKFzwb68S49AarNgFshvnsLz_dBPOJjcz6n_5DRWa0xNBBesUZY_ReAjs70yjswX2iIMSvaUEO7cXSCWxuQoh37JOXDN--TP_gXqIyfa3SWkdPM470TRoKU2uu3KxX0tTbPtS4MxlRUfxOOs4KEPVBfhXBhIoK2eAqUFIdXEOnBvhHvx92eQSH-9UDa77xHwH9yjUOqD8dsZ-p09KYH9id7Dt1YcL1CjNfWUrKV-NkzXLrCQaIkol-jvw_0qTUEwh9eSMD7uXWvi8ma0KPqAqExm1pMllM3z7BAgy01n3XeaGQf3Fwabn-0SozEO0PbKO_ENd6Dxg
berdasarkan point-point dari informasi diatas maka kita akan membuat file kube config yang isinya kurang lebih dan jika kita gabungkan akan menjadi seperti dibawah ini, disini saya memberi nama filenya kubeconf.yaml
apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hPREE1TXpNeE5Wb1hEVE13TURneE56QTVNek14TlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0RSCkw4Y1VvWG00cEdMZzdLMzlxeDRNem1YODhrUHkxVnp5bXMzM2Rrd1FMYnZyMkFxSXpTQUNLeUl4R1JxNGYzeVUKMW5tY2RxanIydnU0K3diU1VsbURUZFdTWDNmZ2F5UG5iOWoxS0dkblA4UG4vWEh0dVdtcDFXNnk0VDlQTmR1YwpucEpXaG5ySDFwMjN1NmU5RGpYUjZ2UzhIN1RYVFdBTmdqRE5PcURDMnpIazJTU0tTR0cxYUErWDdiaThXQW4yCi9hTUw0cTFFOFNoT3kzMXZmcUJ6eGRjdUJLR2VyMGxsVDc0UFBqdTVhQjkraGJ6Y2xMNFFqMHJ0Mitrd3Jla00KM3pEaXJzdVRNVHRGREljUWRuZ25ydEVKVWJCZjl5cDF0cTdMdUFLSzNLMmFmN0RGcWlMOWh1ZmhYKzFWZzEzSAo2ZjBkWUJxWnU1Skt1Ym42TnJVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCMXBpQkpWUG51VHQwSi9hUUVUQWlMSCtXODRUQ3Qwc2VEVHZ6NG9FTExvTEh4cS9VVwoxcFR4S1p3bEt0UW83RHd4eUQwb1ozNnU4elRuODJobmRWYmF4Qld4Q3Btbms1RDJocE9TbnVLU0c3cnhEeE5WCnB5YjNXekhBc2RSRVBtMkZWZFpFb3ExZW52Zk14bmJ1Q2pTcjdzNS9aYUpxM3QxZmtSdmNrWWQycXNoazhtY2EKK3pOV2FZRVNSUGdUblZNS2RUNDZWa2paaVdwT3pjSlJsUXBwU05Oa05VUCs5SHczY0gwZUcvQW9vMU5QcXdRdQpiMWdGYkFJUHhBTGlCRXFtLzY0aS9rOG8xNmQ2aXBGSkU3WHVSdnBZbkF0OXM5Sy84U29HakRBS2tyUnlxQ2J3CnVWZWdoZnZkWjFtQ0hWMk5MRHVxTmF0anUra0lJWGNBR3BnZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://192.168.99.101:8443 name: minikube contexts: - context: cluster: minikube user: sekolahlinux-sa name: minikube current-context: minikube kind: Config users: - name: sekolahlinux-sa user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImVfdldmcFluX0FCQVc0MllkcHdaU3N1dlZaaEI3VElFVHVfQTBUbUdFT3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFrYmFyLXNhLXRva2VuLTlxY2drIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrYmFyLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjJjMjVjODAtYjFjMC00NzgwLTkzMTctMjkyN2I3MDU0MTQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWtiYXItc2EifQ.b04V0Am3UmGe0tKFzwb68S49AarNgFshvnsLz_dBPOJjcz6n_5DRWa0xNBBesUZY_ReAjs70yjswX2iIMSvaUEO7cXSCWxuQoh37JOXDN--TP_gXqIyfa3SWkdPM470TRoKU2uu3KxX0tTbPtS4MxlRUfxOOs4KEPVBfhXBhIoK2eAqUFIdXEOnBvhHvx92eQSH-9UDa77xHwH9yjUOqD8dsZ-p09KYH9id7Dt1YcL1CjNfWUrKV-NkzXLrCQaIkol-jvw_0qTUEwh9eSMD7uXWvi8ma0KPqAqExm1pMllM3z7BAgy01n3XeaGQf3Fwabn-0SozEO0PbKO_ENd6Dxg
selanjutnya kita akan test file kube config diatas menjadi seperti dibawah ini, jika kita melakukan get pods pada namespace production maka akan mendapatkan output seperti dibawah ini
sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl get pods -n production --kubeconfig kubeconf.yaml NAME READY STATUS RESTARTS AGE nginx-sekolahlinux 1/1 Running 0 3m55s
dan jika kita melakukan get pods pada namespaces selain namespace production, misalnya ke namespace kube-system maka akan mendapatkan output seperti dibawah ini
sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl get pods -n kube-system --kubeconfig kubeconf.yaml Error from server (Forbidden): pods is forbidden: User "system:serviceaccount:default:akbar-sa" cannot list resource "pods" in API group "" in the namespace "kube-system"
nah sekian tutorial kali ini, semoga bermanfaat, jika ada yang kurang dipahami jangan sungkan bertanya ya, selamat mencoba 😀