Skip to main content
Version: main 🚧

Export Kube-Config

Customize how vCluster exports the kubeconfig file to a secret, so you can use it, for example, in your ArgoCD or Terraform pipelines.

vCluster always creates a kubeconfig in a secret called vc-NAME in the namespace where you deployed vCluster. Configure exportKubeConfig so vCluster creates an additional secret with the given configuration.

Example using the same namespace for the secret​

In this example:

  • You want to call this kubeconfig context my-domain-context.
  • You have exposed the virtual cluster on https://my-domain.org and want the kubeconfig to use that endpoint.
  • You named your cluster "my-cluster" but you want the secret's name to reflect the virtual cluster domain name.
exportKubeConfig:
context: my-domain-context
server: https://my-domain.org
secret:
name: vc-my-domain

Example using a new namespace for the secret​

In this example:

  • You want to call this kubeconfig context my-domain-context.
  • You have exposed the virtual cluster on https://my-domain.org and want the kubeconfig to use that endpoint.
  • You created a namespace called kubeconfig-secret-namespace for the secret.
  • You named your cluster "my-cluster" but you want the secret's name to reflect the virtual cluster domain name.
  • You have acccess to the new namespace by creating a role and rolebinding pointing to the vCluster service account. Make sure that the new role has the same permissions as the vCluster app's role in the vCluster app's namespace. You can copy them directly from the ones created by vCluster when you deployed vCluster. vCluster permissions are dynamic, so updating some configurations may require you to update the unmanaged role in the target namespace.
exportKubeConfig:
context: my-domain-context
server: https://my-domain.org
secret:
namespace: kubeconfig-secret-namespace
name: vc-my-domain

Config reference​

exportKubeConfig required object pro​

ExportKubeConfig describes how vCluster should export the vCluster kubeConfig file.

context required string pro​

Context is the name of the context within the generated kubeconfig to use.

server required string pro​

Override the default https://localhost:8443 and specify a custom hostname for the generated kubeconfig.

insecure required boolean false pro​

If tls should get skipped for the server

serviceAccount required object pro​

ServiceAccount can be used to generate a service account token instead of the default certificates.

name required string pro​

Name of the service account to be used to generate a service account token instead of the default certificates.

namespace required string pro​

Namespace of the service account to be used to generate a service account token instead of the default certificates. If omitted, will use the kube-system namespace.

clusterRole required string pro​

ClusterRole to assign to the service account.

secret required object pro​

Declare in which host cluster secret vCluster should store the generated virtual cluster kubeconfig. If this is not defined, vCluster will create it with vc-NAME. If you specify another name, vCluster creates the config in this other secret.

name required string pro​

Name is the name of the secret where the kubeconfig should get stored.

namespace required string pro​

Namespace where vCluster should store the kubeconfig secret. If this is not equal to the namespace where you deployed vCluster, you need to make sure vCluster has access to this other namespace.