Obtain kubeconfig with qbert API

You can obtain the kubeconfig file with the Keystone token inserted into kubeconfig, with the help of a script available on Github that uses qbert API.

Follow the steps given below to obtain Keystone token for a user, and insert the Keystone token into kubeconfig programmatically.

Step 1

Run the export command on the command line to export the following environment variables to point to the appropriate URL, region, tenant, user name, and password for which the Keystone token is to be generated.

Bash
Example
    
 
export OS_AUTH_URL= <API Access Page - Keystone Endpoint>export OS_IDENTITY_API_VERSION=3 export OS_REGION_NAME="<region-name>" export OS_USERNAME="<your username>" export OS_PASSWORD="<password>" export OS_PROJECT_NAME="<tenant-name>" export OS_PROJECT_DOMAIN_ID="default"
Copy

Step 2

Use the Platform9 Github project to download kubeconfig from your Platform9 SaaS Managment Plane using the credentials defined in step 1 to authenticate and the cluster UUID for which the kubeconfig is required.

Once the kubeconfig is downloaded, the script writes the token to the downloaded kubeconfig.

The kubeconfig file containing the token is now available to you for further use.

Users can write a script that makes a qbert API GET call within the script to obtain the Keystone token by using the HTTP endpoint: _https://<YOUR_PMK_ACCOUNT_URL>/qbert/v3/<YOUR_TENANT_ID>/kubeconfig/<CLUSTER-UUID>?force_cert_auth=true/false_. If the force_cert_auth query parameter set to true, kubeconfig will contain the certificate-based authentication; otherwise it will be token-based.

Last updated on Mar 15, 2022

Was this page helpful?