halo sobat sekolahlinux, kali ini saya mau share tentang bagaimana membuat kubeconfig namun dengan limitasi limitasi tertentu, jadi jika ada developer yang ingin meminta akses ke k8s production tapi kita hanya ingin memberikan diaakses ke spesific namespace tertentu kita bisa menggunakan cara dibawah ini, yuk mari kita mulai tutorialnya
pertama kita akan membuat serviceaccount terlebih dahulu
apiVersion: v1 kind: ServiceAccount metadata: name: sekolahlinux-sa namespace: kube-system
setelah itu kita akan membuat role & cluster role, untuk list apigroups, resources, verbs nya kamu bisa lihat disini:
- https://kubernetes.io/docs/reference/kubectl/overview/#resource-types
- https://kubernetes.io/docs/reference/access-authn-authz/authorization/#determine-the-request-verb
- https://sekolahlinux.com/list-resource-type-subresource-type-in-kubernetes/
clusterrole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: sekolahlinux-clusterrole
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec", "services", "namespaces", "nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployment"]
verbs: ["get", "list", "watch"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterroles", "clusterrolebindings", "roles", "rolebindings"]
verbs: ["get", "list", "watch"]
role
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: sekolahlinux-role
namespace: production
rules:
- apiGroups: [""]
resources: ["pods", "services", "namespaces", "nodes"]
verbs: ["create", "get", "update", "list", "watch", "patch", "delete"]
- apiGroups: ["apps"]
resources: ["deployment"]
verbs: ["create", "get", "update", "list", "watch", "patch", "delete"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles", "rolebindings"]
verbs: ["create", "get", "update", "list", "watch", "patch", "delete"]
clusterrolebinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: sekolahlinux-clusterrolebinding
subjects:
- kind: ServiceAccount
name: sekolahlinux-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: sekolahlinux-clusterrole
apiGroup: rbac.authorization.k8s.io
rolebinding
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: sekolahlinux-rolebinding
namespace: production
subjects:
- kind: ServiceAccount
name: sekolahlinux-sa
namespace: kube-system
roleRef:
kind: Role
name: sekolahlinux-role
apiGroup: rbac.authorization.k8s.io
jika sudah selanjutkan kita akan melihat isi dari secret yang di generate secara otomatis ketika membuat serviceaccount, yaitu dengan cara seperti dibawah
sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl get secret -n production NAME TYPE DATA AGE sekolahlinux-sa-token-mc9ks kubernetes.io/service-account-token 3 6s
selanjutnya describe secret sekolahlinux-sa-token-mc9ks untuk melihat tokennya
Name: sekolahlinux-sa-token-9qcgk
Namespace: production
Labels: <none>
Annotations: kubernetes.io/service-account.name: sekolahlinux-sa
kubernetes.io/service-account.uid: 22c25c80-b1c0-4780-9317-2927b7054148
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImVfdldmcFluX0FCQVc0MllkcHdaU3N1dlZaaEI3VElFVHVfQTBUbUdFT3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFrYmFyLXNhLXRva2VuLTlxY2drIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrYmFyLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjJjMjVjODAtYjFjMC00NzgwLTkzMTctMjkyN2I3MDU0MTQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWtiYXItc2EifQ.b04V0Am3UmGe0tKFzwb68S49AarNgFshvnsLz_dBPOJjcz6n_5DRWa0xNBBesUZY_ReAjs70yjswX2iIMSvaUEO7cXSCWxuQoh37JOXDN--TP_gXqIyfa3SWkdPM470TRoKU2uu3KxX0tTbPtS4MxlRUfxOOs4KEPVBfhXBhIoK2eAqUFIdXEOnBvhHvx92eQSH-9UDa77xHwH9yjUOqD8dsZ-p09KYH9id7Dt1YcL1CjNfWUrKV-NkzXLrCQaIkol-jvw_0qTUEwh9eSMD7uXWvi8ma0KPqAqExm1pMllM3z7BAgy01n3XeaGQf3Fwabn-0SozEO0PbKO_ENd6Dxg
selanjutnya kita coba mendapatkan informasi tentang server cluster k8s yang sedang berjalan dengan command ini
sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl config view --flatten --minify
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hPREE1TXpNeE5Wb1hEVE13TURneE56QTVNek14TlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0RSCkw4Y1VvWG00cEdMZzdLMzlxeDRNem1YODhrUHkxVnp5bXMzM2Rrd1FMYnZyMkFxSXpTQUNLeUl4R1JxNGYzeVUKMW5tY2RxanIydnU0K3diU1VsbURUZFdTWDNmZ2F5UG5iOWoxS0dkblA4UG4vWEh0dVdtcDFXNnk0VDlQTmR1YwpucEpXaG5ySDFwMjN1NmU5RGpYUjZ2UzhIN1RYVFdBTmdqRE5PcURDMnpIazJTU0tTR0cxYUErWDdiaThXQW4yCi9hTUw0cTFFOFNoT3kzMXZmcUJ6eGRjdUJLR2VyMGxsVDc0UFBqdTVhQjkraGJ6Y2xMNFFqMHJ0Mitrd3Jla00KM3pEaXJzdVRNVHRGREljUWRuZ25ydEVKVWJCZjl5cDF0cTdMdUFLSzNLMmFmN0RGcWlMOWh1ZmhYKzFWZzEzSAo2ZjBkWUJxWnU1Skt1Ym42TnJVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCMXBpQkpWUG51VHQwSi9hUUVUQWlMSCtXODRUQ3Qwc2VEVHZ6NG9FTExvTEh4cS9VVwoxcFR4S1p3bEt0UW83RHd4eUQwb1ozNnU4elRuODJobmRWYmF4Qld4Q3Btbms1RDJocE9TbnVLU0c3cnhEeE5WCnB5YjNXekhBc2RSRVBtMkZWZFpFb3ExZW52Zk14bmJ1Q2pTcjdzNS9aYUpxM3QxZmtSdmNrWWQycXNoazhtY2EKK3pOV2FZRVNSUGdUblZNS2RUNDZWa2paaVdwT3pjSlJsUXBwU05Oa05VUCs5SHczY0gwZUcvQW9vMU5QcXdRdQpiMWdGYkFJUHhBTGlCRXFtLzY0aS9rOG8xNmQ2aXBGSkU3WHVSdnBZbkF0OXM5Sy84U29HakRBS2tyUnlxQ2J3CnVWZWdoZnZkWjFtQ0hWMk5MRHVxTmF0anUra0lJWGNBR3BnZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://192.168.99.101:8443
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBRENDQWVpZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01USXhNREUwTURZME1Wb1hEVEl4TVRJeE1URTBNRFkwTVZvd01URVhNQlVHQTFVRQpDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGakFVQmdOVkJBTVREVzFwYm1scmRXSmxMWFZ6WlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQTJhbHl1VW1qZzhseE9XSlVNeSsxSFlsNGJEdW8Kc0dkdU9pQ2ljNVRJYjlqd21IeWwzMFNjUkRyRjVBZ2tPb0dBYk5CdkM2YkhhNU44UTNEdXRydGprK3FwRUd0cQpFNStPZmQwb3lEVmYwRFMvYjFoejF4ZDNEei9ZZVo1NEl3UFVNa1JzdTVXQ1FuRTBSaEFwYXRPK3loTTNxcGlrCkdnTitNQnFLdy8zVUxoVGRhcXk4MEtJcCsvaFQvNVFubGlDeTlMR1ZqeE90ZXEyYTY0NVpoeThxOUNHa01WZlYKbGlNMDFHemsyOEpKTFZEQ21GQStnY2JmdnBuMXJUZUtvMlpWTzRmQWxGZTVIZ3NseGdwa0xkMGlCdUFTektsawpmQXBRNFRUNlE5Q1dpNGVpUVZnb3EvbG1ET1FmbDc5ZG1pSGNoSUR4Szk5LzFPVmpyNnVJNGh3RkFnTUJBQUdqClB6QTlNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBaDU2cWNjRWJKeVdjNVQ3NgozVTdieDJSQ3VORXQ3bUpvNStmdVdXQmN6VG9xWmliNjc4S1dWdDVkT05ITGN5bjQyT3A1b2plV3Z2UVZaS3RHCjlRelVWcVQrV0NqMG1ZRm5RR05qRHFyUXFUZGVROEI0Y2VEZ3F0VEFqbTkyeW0vVjdXTzZqeWR6SnRkOTJzS28Kek9NT05pcmp5bkgzT0QxZlJwUk0wYkZHU0ZpVDdTVjU2WDZ3bkxmNTlVcUh0ZWpkeGdjOGN1eVRIT3YxV2xiNgpiOTJxa0daVXg5dFlGVm1Fb2ExdWM1TERrOHVyMUdBUlg0ZHU4VndCd3cxQ3FYQWsyMmxISVFCZVg2b3FCaVdoCjJwUy9yL2ZIMkN1RzJaOTk3eGVkMnRwVS9teWo5QSs2Y2loeXhVcCtuTWN5aTE2OE5RWGcrQTlNK3g3OHlyUHQKM09FMjJ3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd05tcGNybEpvNFBKY1RsaVZETXZ0UjJKZUd3N3FMQm5iam9nb25PVXlHL1k4Smg4CnBkOUVuRVE2eGVRSUpEcUJnR3pRYnd1bXgydVRmRU53N3JhN1k1UHFxUkJyYWhPZmpuM2RLTWcxWDlBMHYyOVkKYzljWGR3OC8ySG1lZUNNRDFESkViTHVWZ2tKeE5FWVFLV3JUdnNvVE42cVlwQm9EZmpBYWlzUDkxQzRVM1dxcwp2TkNpS2Z2NFUvK1VKNVlnc3ZTeGxZOFRyWHF0bXV1T1dZY3ZLdlFocERGWDFaWWpOTlJzNU52Q1NTMVF3cGhRClBvSEczNzZaOWEwM2lxTm1WVHVId0pSWHVSNExKY1lLWkMzZElnYmdFc3lwWkh3S1VPRTAra1BRbG91SG9rRlkKS0t2NVpnemtINWUvWFpvaDNJU0E4U3ZmZjlUbFk2K3JpT0ljQlFJREFRQUJBb0lCQVFDTll3Y0lSUy9uNGNiZQphK1BiTjJ2U3JVVU1OTTNJYnd4bGs5ZzVRZVBpejUyTlJ6NmJuWVQvekVZS3I1UUllNXhXTzNEVStRWGRUdEZpCldVK0N0QlhPZTdPZkg1cWd1cUpRSlpidlAxbGlWWk5XaHB1aTBoOHgrc3drT1lZbExnYXdtK251amRpZkYzZEgKaTladGh4U1czREFhcjhnWkI3bG4ybnliSC9ZSWlEa1JTUCtvVnFuckIreFhnQkVobk8ycXNabjZUWGluSWVPaQppTzhxWTZPNDFrQlFrRHBGWnNwbk9wbFpkeTB1MmttMUVrbnZpbERXbE4xbmVGSU9KTWFZMC96eTUzWkpDY3lUCjI0YWtrTGsrWDZlUkVVSGc1WFFnTlFrNGEzaXYzbUpPYm9JY05ZTjRSU1ZnTWl6OEV2MjN5bThTV2xOLzBSeWEKSE5Qamgzd0JBb0dCQVBTMk54Tmp2K2J3b3hydWkybXp0RXRZdkVQUUFDdks2TTNzR2tpSzRqRnorTUxMTXZuUgpVdWRDamIvSGgxeFpKL1pIZG8xVHdZV1lYTmRlTHFLNjVGOGtyZE5WUGVNL0lkVC9weW5kZUFGZE9XelVDWHNLCnlmSGpEOWVCTExwUW1CMm9tZVhGSkdOTFZEY2p2NzJGanJxVExHUi9IZklSOXJuekJ2RWxrNVMxQW9HQkFNbS8KQkhPcFFBZ3hxanpLdjJUV3NlMkZzMnE1ZjZGeUVra0dwQ3JaNGQ1RzZhem1DSi9pS0dIT25hQk9RbUFiekhLRwpQRWRoL1l2ZHVxY1RmL3JScTZiSmJxVElQQkI2VTJQd2lxanhxRkRSdG55ZVhSK1hTbjREdUd3bU5EeG5hbWlnCjBqME5OOHU4dTJxTUN4WDR4Nm9RUlJCeFVvVmZXZUk4eHl3Ylljd1JBb0dBUlpuTjhHWGVud0N5WTJhVm9Hck0KVE9IZ0tpbHU0d1hEVVU1bDYxd1ZHWnV5bFRUV090ZWVqTWdSS1FySEpTejJnTVd5b2wvQUd3OUsyTGFnN1FmYgpESFNTUEJseWtML1VENURuS3JFakFNQlRKUERxQVdVQUt4dzUxVUdZUnlYRkhpcG1HMFFISlhhM2JUZHR3YW5LCi9xWDlhbGY5WEd4ZmtHUGZCWmQ2Y2tFQ2dZQXVrMVRaeHVjcmZSdktNUnlDa1RZK21iRlVJRU1nNkk3a0lRNWgKZmkrdyt6b1RXbi8vT1YwTlI0QUlkRWpLbTJCVnlEdStWeGNMNVVLa005SkYrNFhmV1gyYnVVWjBuMmtGRjVGTApjNDdpS2FneG1QWHl4eURCZXVabXdXTXAxczR3SFlDcjY1TklDK2hRcnNnWWFIamdBQ1dScURmZTVxWi9ubngwCjZGVnBvUUtCZ0JCOS9ESnhqZ2k3UmcwNWFiSGlLNlFvemcwV0l4VWZueVludVJ6bWRyN0gybHJPWjNsNVhtV2oKbmJLM2JER2FMTW5uK05acjlzd1kvK1JpRkozaDlSUTFlQ0kwMG03M09xUVZXRGFTV0dJbFE4M2ZRVFA5bkhMTgplTTFjanJ6clJDTmlWeHJIYmQyN29qZGhWdjlOcklCM1pxampMd3hUOE1ZY3l4SEQ5V3dvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
dari hasil describe secret dan juga kubectl config view diatas maka kita dapat mengambil data-data seperti dibawah ini
- cluster-name:
minikube
- certificate-authority-data:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hPREE1TXpNeE5Wb1hEVE13TURneE56QTVNek14TlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0RSCkw4Y1VvWG00cEdMZzdLMzlxeDRNem1YODhrUHkxVnp5bXMzM2Rrd1FMYnZyMkFxSXpTQUNLeUl4R1JxNGYzeVUKMW5tY2RxanIydnU0K3diU1VsbURUZFdTWDNmZ2F5UG5iOWoxS0dkblA4UG4vWEh0dVdtcDFXNnk0VDlQTmR1YwpucEpXaG5ySDFwMjN1NmU5RGpYUjZ2UzhIN1RYVFdBTmdqRE5PcURDMnpIazJTU0tTR0cxYUErWDdiaThXQW4yCi9hTUw0cTFFOFNoT3kzMXZmcUJ6eGRjdUJLR2VyMGxsVDc0UFBqdTVhQjkraGJ6Y2xMNFFqMHJ0Mitrd3Jla00KM3pEaXJzdVRNVHRGREljUWRuZ25ydEVKVWJCZjl5cDF0cTdMdUFLSzNLMmFmN0RGcWlMOWh1ZmhYKzFWZzEzSAo2ZjBkWUJxWnU1Skt1Ym42TnJVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCMXBpQkpWUG51VHQwSi9hUUVUQWlMSCtXODRUQ3Qwc2VEVHZ6NG9FTExvTEh4cS9VVwoxcFR4S1p3bEt0UW83RHd4eUQwb1ozNnU4elRuODJobmRWYmF4Qld4Q3Btbms1RDJocE9TbnVLU0c3cnhEeE5WCnB5YjNXekhBc2RSRVBtMkZWZFpFb3ExZW52Zk14bmJ1Q2pTcjdzNS9aYUpxM3QxZmtSdmNrWWQycXNoazhtY2EKK3pOV2FZRVNSUGdUblZNS2RUNDZWa2paaVdwT3pjSlJsUXBwU05Oa05VUCs5SHczY0gwZUcvQW9vMU5QcXdRdQpiMWdGYkFJUHhBTGlCRXFtLzY0aS9rOG8xNmQ2aXBGSkU3WHVSdnBZbkF0OXM5Sy84U29HakRBS2tyUnlxQ2J3CnVWZWdoZnZkWjFtQ0hWMk5MRHVxTmF0anUra0lJWGNBR3BnZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
- server-address:
https://192.168.99.101:8443
- token-user-sekolahlinux-sa
eyJhbGciOiJSUzI1NiIsImtpZCI6ImVfdldmcFluX0FCQVc0MllkcHdaU3N1dlZaaEI3VElFVHVfQTBUbUdFT3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFrYmFyLXNhLXRva2VuLTlxY2drIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrYmFyLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjJjMjVjODAtYjFjMC00NzgwLTkzMTctMjkyN2I3MDU0MTQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWtiYXItc2EifQ.b04V0Am3UmGe0tKFzwb68S49AarNgFshvnsLz_dBPOJjcz6n_5DRWa0xNBBesUZY_ReAjs70yjswX2iIMSvaUEO7cXSCWxuQoh37JOXDN--TP_gXqIyfa3SWkdPM470TRoKU2uu3KxX0tTbPtS4MxlRUfxOOs4KEPVBfhXBhIoK2eAqUFIdXEOnBvhHvx92eQSH-9UDa77xHwH9yjUOqD8dsZ-p09KYH9id7Dt1YcL1CjNfWUrKV-NkzXLrCQaIkol-jvw_0qTUEwh9eSMD7uXWvi8ma0KPqAqExm1pMllM3z7BAgy01n3XeaGQf3Fwabn-0SozEO0PbKO_ENd6Dxg
berdasarkan point-point dari informasi diatas maka kita akan membuat file kube config yang isinya kurang lebih dan jika kita gabungkan akan menjadi seperti dibawah ini, disini saya memberi nama filenya kubeconf.yaml
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hPREE1TXpNeE5Wb1hEVE13TURneE56QTVNek14TlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0RSCkw4Y1VvWG00cEdMZzdLMzlxeDRNem1YODhrUHkxVnp5bXMzM2Rrd1FMYnZyMkFxSXpTQUNLeUl4R1JxNGYzeVUKMW5tY2RxanIydnU0K3diU1VsbURUZFdTWDNmZ2F5UG5iOWoxS0dkblA4UG4vWEh0dVdtcDFXNnk0VDlQTmR1YwpucEpXaG5ySDFwMjN1NmU5RGpYUjZ2UzhIN1RYVFdBTmdqRE5PcURDMnpIazJTU0tTR0cxYUErWDdiaThXQW4yCi9hTUw0cTFFOFNoT3kzMXZmcUJ6eGRjdUJLR2VyMGxsVDc0UFBqdTVhQjkraGJ6Y2xMNFFqMHJ0Mitrd3Jla00KM3pEaXJzdVRNVHRGREljUWRuZ25ydEVKVWJCZjl5cDF0cTdMdUFLSzNLMmFmN0RGcWlMOWh1ZmhYKzFWZzEzSAo2ZjBkWUJxWnU1Skt1Ym42TnJVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCMXBpQkpWUG51VHQwSi9hUUVUQWlMSCtXODRUQ3Qwc2VEVHZ6NG9FTExvTEh4cS9VVwoxcFR4S1p3bEt0UW83RHd4eUQwb1ozNnU4elRuODJobmRWYmF4Qld4Q3Btbms1RDJocE9TbnVLU0c3cnhEeE5WCnB5YjNXekhBc2RSRVBtMkZWZFpFb3ExZW52Zk14bmJ1Q2pTcjdzNS9aYUpxM3QxZmtSdmNrWWQycXNoazhtY2EKK3pOV2FZRVNSUGdUblZNS2RUNDZWa2paaVdwT3pjSlJsUXBwU05Oa05VUCs5SHczY0gwZUcvQW9vMU5QcXdRdQpiMWdGYkFJUHhBTGlCRXFtLzY0aS9rOG8xNmQ2aXBGSkU3WHVSdnBZbkF0OXM5Sy84U29HakRBS2tyUnlxQ2J3CnVWZWdoZnZkWjFtQ0hWMk5MRHVxTmF0anUra0lJWGNBR3BnZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://192.168.99.101:8443
name: minikube
contexts:
- context:
cluster: minikube
user: sekolahlinux-sa
name: minikube
current-context: minikube
kind: Config
users:
- name: sekolahlinux-sa
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImVfdldmcFluX0FCQVc0MllkcHdaU3N1dlZaaEI3VElFVHVfQTBUbUdFT3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFrYmFyLXNhLXRva2VuLTlxY2drIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrYmFyLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjJjMjVjODAtYjFjMC00NzgwLTkzMTctMjkyN2I3MDU0MTQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWtiYXItc2EifQ.b04V0Am3UmGe0tKFzwb68S49AarNgFshvnsLz_dBPOJjcz6n_5DRWa0xNBBesUZY_ReAjs70yjswX2iIMSvaUEO7cXSCWxuQoh37JOXDN--TP_gXqIyfa3SWkdPM470TRoKU2uu3KxX0tTbPtS4MxlRUfxOOs4KEPVBfhXBhIoK2eAqUFIdXEOnBvhHvx92eQSH-9UDa77xHwH9yjUOqD8dsZ-p09KYH9id7Dt1YcL1CjNfWUrKV-NkzXLrCQaIkol-jvw_0qTUEwh9eSMD7uXWvi8ma0KPqAqExm1pMllM3z7BAgy01n3XeaGQf3Fwabn-0SozEO0PbKO_ENd6Dxg
selanjutnya kita akan test file kube config diatas menjadi seperti dibawah ini, jika kita melakukan get pods pada namespace production maka akan mendapatkan output seperti dibawah ini
sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl get pods -n production --kubeconfig kubeconf.yaml NAME READY STATUS RESTARTS AGE nginx-sekolahlinux 1/1 Running 0 3m55s
dan jika kita melakukan get pods pada namespaces selain namespace production, misalnya ke namespace kube-system maka akan mendapatkan output seperti dibawah ini
sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl get pods -n kube-system --kubeconfig kubeconf.yaml Error from server (Forbidden): pods is forbidden: User "system:serviceaccount:default:akbar-sa" cannot list resource "pods" in API group "" in the namespace "kube-system"
nah sekian tutorial kali ini, semoga bermanfaat, jika ada yang kurang dipahami jangan sungkan bertanya ya, selamat mencoba 😀