Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/superbrothers/kubectl-view-serviceaccount-kubeconfig-plugin

A kubectl plugin that show a kubeconfig to access the apiserver with a specified serviceaccount.
https://github.com/superbrothers/kubectl-view-serviceaccount-kubeconfig-plugin

kubectl kubectl-plugins kubernetes

Last synced: about 1 month ago
JSON representation

A kubectl plugin that show a kubeconfig to access the apiserver with a specified serviceaccount.

Host: GitHub
URL: https://github.com/superbrothers/kubectl-view-serviceaccount-kubeconfig-plugin
Owner: superbrothers
License: mit
Created: 2018-05-04T12:30:58.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-04-21T08:52:55.000Z (8 months ago)
Last Synced: 2024-10-15T13:59:11.569Z (about 2 months ago)
Topics: kubectl, kubectl-plugins, kubernetes
Language: Go
Homepage:
Size: 6.95 MB
Stars: 112
Watchers: 4
Forks: 8
Open Issues: 6
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-kubectl-plugins - kubectl-view-serviceaccount-kubeconfig-plugin
awesome-starred - superbrothers/kubectl-view-serviceaccount-kubeconfig-plugin - A kubectl plugin that show a kubeconfig to access the apiserver with a specified serviceaccount. (kubernetes)

README

# kubectl plugin view-serviceaccount-kubeconfig SERVICEACCOUNT

Show a kubeconfig setting for serviceaccount from bound token or secret-based token.

Note that in Kubernetes 1.24+, secret-based tokens are no longer auto-created
by default for new service accounts. Using bound tokens created by "kubectl
create token" command to access the Kubernetes API is recommended instead.

See [Configure Service Accounts for Pods \| Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) for more information.

```
Usage:
kubectl view-serviceaccount-kubeconfig [SERVICEACCOUNT] [options] [flags]

Examples:
# Show a kubeconfig setting using bound token for serviceaccount/myapp in the current namespace
kubectl create token myapp | kubectl view-serviceaccount-kubeconfig

# Show a kubeconfig setting using bound token for a serviceaccount in a custom namspcae
kubectl create token myapp --namespace myns | kubectl view-serviceaccount-kubeconfig

# Show a kubeconfig setting using bound token with a custom expiration
kubectl create token myapp --duration 10m | kubectl view-serviceaccount-kubeconfig

# Show a kubeconfig setting using bound token in JSON format
kubectl create token myapp | kubectl view-serviceaccount-kubeconfig --output json

# Show a kubeconfig setting using secret-based token for serviceaccount/myapp in the current namespace
kubectl view-serviceaccount-kubeconfig default

# Show a kubeconfig setting using secret-based token for serviceaccount/bot in namespace/kube-system
kubectl view-serviceaccount-kubeconfig bot -n kube-system
```

## Try the plugin

```
# create a serviceaccount "myapp" in the current namespace
$ kubectl create serviceaccount myapp

# save a kubeconfig setting for serviceaccount "myapp"
$ kubectl create token myapp | kubectl view-serviceaccount-kubeconfig >./kubeconfig

# list pods as serviceaccount "myapp" from outside of kubernetes cluster
$ kubectl get pods --kubeconfig=./kubeconfig
```

## Install the plugin

1. Install [krew](https://github.com/GoogleContainerTools/krew) that is a plugin manager for kubectl.
2. Run:

kubectl krew install view-serviceaccount-kubeconfig

3. Try it out:

kubectl view-serviceaccount-kubeconfig default

## License

This software is released under the MIT License.