Configuration and Authentication
This document outlines how to configure the Kubernetes Python client to connect to and authenticate with a Kubernetes cluster.
KubeConfig
The client can load configurations from kubeconfig files. These files are commonly found at ~/.kube/config. The client can be initialized using a KubeConfig object.
Example:
from kubernetes.client.configuration import KubeConfig
from kubernetes.client import Configuration
kube_config = KubeConfig()
kube_config.load_kube_config()
configuration = Configuration()
kube_config.load_and_set(configuration)
The KubeConfig object supports loading configuration from various locations and using different authentication methods.
Possible Authentication Methods:
- auth-provider:
gcp,azure,oidc - token: Points to a token file
- exec: Provides a plugin for authentication
- username/password: Basic authentication
Example - auth-provider (gcp):
from kubernetes.client.configuration import KubeConfig
kube_config = KubeConfig()
kube_config.load_kube_config()
configuration = Configuration()
kube_config.load_and_set(configuration)
Example - token:
from kubernetes.client.configuration import KubeConfig
kube_config = KubeConfig()
kube_config.load_kube_config()
configuration = Configuration()
kube_config.load_and_set(configuration)
Example - exec:
from kubernetes.client.configuration import KubeConfig
kube_config = KubeConfig()
kube_config.load_kube_config()
configuration = Configuration()
kube_config.load_and_set(configuration)
Example - username/password:
from kubernetes.client.configuration import KubeConfig
kube_config = KubeConfig()
kube_config.load_kube_config()
configuration = Configuration()
kube_config.load_and_set(configuration)
API Key Authentication (BearerToken)
from __future__ import print_function
import time
import kubernetes.client
from kubernetes.client.rest import ApiException
from pprint import pprint
configuration = kubernetes.client.Configuration()
# Configure API key authorization: BearerToken
configuration.api_key['authorization'] = 'YOUR_API_KEY'
# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
# configuration.api_key_prefix['authorization'] = 'Bearer'
# Defining host is optional and default to http://localhost
configuration.host = "http://localhost"
Top-Level Directory Explanations
doc/ - This directory contains documentation files for the project.
doc/source/ - This directory contains the source files for the documentation.
examples/ - This directory contains example usage of the Kubernetes client library.
examples/dynamic-client/ - This directory contains examples of using the dynamic client to interact with Kubernetes.
examples/yaml_dir/ - This directory contains YAML files used in the examples.
kubernetes/ - This directory contains the main Kubernetes client library.
kubernetes/base/ - This directory contains the base Kubernetes client library.
kubernetes/base/config/ - This directory contains configuration files for the base library.
kubernetes/base/dynamic/ - This directory contains the dynamic client implementation for the base library.
kubernetes/base/leaderelection/ - This directory contains the leader election implementation for the base library.
kubernetes/client/ - This directory contains the top-level client for the Kubernetes client library.
kubernetes/client/api/ - This directory contains the API definitions for the client library.
kubernetes/client/models/ - This directory contains the data models used by the client library.
kubernetes/e2e_test/ - This directory contains end-to-end tests for the Kubernetes client library.
kubernetes/e2e_test/test_yaml/ - This directory contains YAML files used in the end-to-end tests.
scripts/ - This directory contains scripts used in the development and build process.
scripts/util/ - This directory contains utility scripts.
