Cloud Native

Kubectl without Configuration Files

July 21, 2020


Marc Boorshtein


  • The oulogin plugin creates your kubectl command for you
  • No distributing configuration files
  • All of the OpenUnison Kubernetes projects support the oulogin plugin
  • Simpler and faster then the OpenID Connect plugin

Deploying kubectl Without Configuration

You have Kubernetes deployed. Your users are distributed. How do you get users their kubectl configuration? A central file server? Vault? Are you considering writing a script or kubectl plugin? How many clusters do you have? How are users managing access to those clusters? If you're using OpenUnison, you can just open a browser and get your configuration with a simple copy & paste of the command line. Another solution is to run a plugin that creates your configuration for you making it ridiculously easy to switch between clusters.

Enter the oulogin kubectl plugin. This plugin lets you login to your cluster with zero up-front configuration. Just run the plugin with the host of your OpenUnison deployment and your kubectl configuration will be built for you. All certificates will be installed to talk to your API server, hosts will be set. Its as simple as:

$ kubectl oulogin --host=k8sou.apps.domain.lan

Seeing is believing!

Installing The Plugin

Installing the plugin is as easy as installing any other kubectl plugin via krew. Once krew is installed:

$ kubectl krew install oulogin

If you're using a self signed certificate, you'll need to trust it on your local workstation. You can quickly get the certificate from the same token screen you get the kubectl login cli from.

The Krew OpenID Connect Plugin

The Krew index lets you install and OpenID Connect plugin. The oidc-login plugin is a generic plugin that will work with any OpenID Connect identity provider. It requires that you pre-configure kubectl for use with the OpenID Connect identity provider. This means you need to create a file and distribute it to each workstation. The oulogin plugin is designed to work with OpenUnison and creates your kubectl configuration for you. There's nothing to pre-configure on the client.

Next Steps

Ready to have the simplest login experience for your Kubernetes cluster? Combine kubectl access with the dashboard and a single entry point. Take a look at how OpenUnison can help you secure your clusters!

Related Posts