https://rancher.com/ logo
Title
j

jolly-waitress-71272

11/28/2022, 5:27 PM
If I run this:
kubectl create secret generic kubeconfig --from-file=/etc/rancher/k3s/k3s.yaml
Is there a manifest (or literally any file at all) created somewhere I can reference? I'm trying to ansibilize it and I just want to run it once, with a
creates
directive. So if there was a manifest, that'd be super easy. I need to do this for some argo shenanigans if you're curious why I would yo dawg my kubeconfig.
s

sticky-summer-13450

11/28/2022, 5:57 PM
If you want a file then add
--dry-run=client --output=yaml
and pipe the output into a file
running with
--dry-run=client
does not send any data to the server, just creates the data which would be sent to the server - and in this case you want it in yaml format
c

creamy-pencil-82913

11/28/2022, 6:00 PM
Why would you stick your admin kubeconfig into a Kubernetes secret, instead of just using a service account? If you need access to Kubernetes from within the cluster, that is literally what service accounts are for. Sticking your admin kubeconfig in there so you can use it in pods is definitely an anti-pattern.
j

jolly-waitress-71272

11/28/2022, 6:36 PM
I wanted a file as a reaction to running that command or some other way to manage that secret without recreating it every time. However, Brandon's clarity on using a service account is enough for me to push back on this. It didn't make sense (because I know 0 about argo), but now that I know it can be accomplished with an SA instead, I'm going to push for it. Thanks a ton for the help folks.
👍 1
Just wanted to circle back again and say thanks for the input @creamy-pencil-82913 I've finally got the team using a service account today. 😄
🎉 1
👍 1