Export Kube-Config
Customize how vCluster exports the kubeconfig file to a secret, so you can use it, for example, in your ArgoCD or Terraform pipelines.
vCluster always creates a kubeconfig in a secret called vc-NAME
in the namespace where you deployed vCluster. Configure exportKubeConfig
so vCluster creates an additional secret with the given configuration.
Example using the same namespace for the secret​
In this example:
- You want to call this kubeconfig context
my-domain-context
. - You have exposed the virtual cluster on
https://my-domain.org
and want the kubeconfig to use that endpoint. - You named your cluster "my-cluster" but you want the secret's name to reflect the virtual cluster domain name.
exportKubeConfig:
context: my-domain-context
server: https://my-domain.org
secret:
name: vc-my-domain
Example using a new namespace for the secret​
In this example:
- You want to call this kubeconfig context
my-domain-context
. - You have exposed the virtual cluster on
https://my-domain.org
and want the kubeconfig to use that endpoint. - You created a namespace called
kubeconfig-secret-namespace
for the secret. - You named your cluster "my-cluster" but you want the secret's name to reflect the virtual cluster domain name.
- You have acccess to the new namespace by creating a role and rolebinding pointing to the vCluster service account. Make sure that the new role has the same permissions as the vCluster app's role in the vCluster app's namespace. You can copy them directly from the ones created by vCluster when you deployed vCluster. vCluster permissions are dynamic, so updating some configurations may require you to update the unmanaged role in the target namespace.
exportKubeConfig:
context: my-domain-context
server: https://my-domain.org
secret:
namespace: kubeconfig-secret-namespace
name: vc-my-domain
Config reference​
exportKubeConfig
required object pro​
ExportKubeConfig describes how vCluster should export the vCluster kubeConfig file.
exportKubeConfig
required object pro​context
required string pro​
Context is the name of the context within the generated kubeconfig to use.
context
required string pro​server
required string pro​
Override the default https://localhost:8443 and specify a custom hostname for the generated kubeconfig.
server
required string pro​insecure
required boolean false pro​
If tls should get skipped for the server
insecure
required boolean false pro​serviceAccount
required object pro​
ServiceAccount can be used to generate a service account token instead of the default certificates.
serviceAccount
required object pro​name
required string pro​
Name of the service account to be used to generate a service account token instead of the default certificates.
name
required string pro​namespace
required string pro​
Namespace of the service account to be used to generate a service account token instead of the default certificates.
If omitted, will use the kube-system namespace.
namespace
required string pro​clusterRole
required string pro​
ClusterRole to assign to the service account.
clusterRole
required string pro​secret
required object pro​
Declare in which host cluster secret vCluster should store the generated virtual cluster kubeconfig.
If this is not defined, vCluster will create it with vc-NAME
. If you specify another name,
vCluster creates the config in this other secret.
secret
required object pro​vc-NAME
. If you specify another name,
vCluster creates the config in this other secret.name
required string pro​
Name is the name of the secret where the kubeconfig should get stored.
name
required string pro​namespace
required string pro​
Namespace where vCluster should store the kubeconfig secret. If this is not equal to the namespace
where you deployed vCluster, you need to make sure vCluster has access to this other namespace.
namespace
required string pro​