4.6 KiB
4.6 KiB
kubectl config set-credentials
Sets a user entry in kubeconfig
Sets a user entry in kubeconfig
Specifying a name that already exists will merge new fields on top of existing values.
Client-certificate flags: --client-certificate=certfile --client-key=keyfile
Bearer token flags: --token=bearer_token
Basic auth flags: --username=basic_user --password=basic_password
Bearer token and basic auth are mutually exclusive.
kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password] [--auth-provider=provider_name] [--auth-provider-arg=key=value]
# Set only the "client-key" field on the "cluster-admin"
# entry, without touching other values:
kubectl config set-credentials cluster-admin --client-key=~/.kube/admin.key
# Set basic auth for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
# Embed client certificate data in the "cluster-admin" entry
kubectl config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true
# Enable the Google Compute Platform auth provider for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --auth-provider=gcp
# Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args
kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
# Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
--auth-provider string auth provider for the user entry in kubeconfig
--auth-provider-arg stringSlice 'key=value' arugments for the auth provider
--client-certificate string path to client-certificate file for the user entry in kubeconfig
--client-key string path to client-key file for the user entry in kubeconfig
--embed-certs tristate[=true] embed client cert/key for the user entry in kubeconfig
--password string password for the user entry in kubeconfig
--token string token for the user entry in kubeconfig
--username string username for the user entry in kubeconfig
Options inherited from parent commands
--alsologtostderr log to standard error as well as files
--as string Username to impersonate for the operation
--certificate-authority string Path to a cert. file for the certificate authority
--cluster string The name of the kubeconfig cluster to use
--context string The name of the kubeconfig context to use
--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string use a particular kubeconfig file
--log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log-dir string If non-empty, write log files in this directory
--logtostderr log to standard error instead of files
--match-server-version Require server version to match client version
-n, --namespace string If present, the namespace scope for this CLI request
--request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-s, --server string The address and port of the Kubernetes API server
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string The name of the kubeconfig user to use
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging