Next, we are going to set up two credentials for each cluster. Use the subcommand set-credentials as kubectl config set-credentials <CREDENTIAL_NAME> to add a credential into kubeconfig. There are different authentication methods supported in Kubernetes. We could use a password, client-certificate, or token. In this example, we'll use HTTP basic authentication to simplify the scenario. Kubernetes also supports client certificate and token authentications. For more information, please fire the set-credentials command with the flag -h for a detailed introduction to its functionalities:
// check the details of setting up credentials
$ kubectl config set-credentials -h
// in localhost cluster, copy the based file into a new one
$ cp ~/original-kubeconfig ~/new-kubeconfig
// add a user "user-local" with credential named "myself@localhost" in kubeconfig "new-kubeconfig"
$ kubectl config set-credentials myself@localhost --username=user-local --password=passwordlocal --kubeconfig="new-kubeconfig"
User "myself@local" set.
Through the preceding procedures, we successfully add a new credential in the "new-kubeconfig" kubeconfig file. The kubeconfig file will be formatted in YAML by default—you may check the file through a text editor. With this method, we are able to customize new configurations without interfering with the current settings. On the other hand, if there is no --kubeconfig flag, the update will be directly attached to the live kubeconfig:
// renew live kubeconfig file with previous update
$ cp ~/new-kubeconfig ~/.kube/config
// add another credential in localhost cluster, this time, let's update current settings directly
$ kubectl config set-credentials myself@remote --username=user-remote --password=passwordremote
User "myself@remote" set.
At this moment, check your live kubeconfig settings and find out the new credentials:
$ kubectl config view
...
users:
- name: myself@local
user:
password: passwordlocal
username: user-local
- name: myself@remote
user:
password: passwordremote
username: user-remote