11/28/2022, 5:27 PM
If I run this:
kubectl create secret generic kubeconfig --from-file=/etc/rancher/k3s/k3s.yaml
Is there a manifest (or literally any file at all) created somewhere I can reference? I'm trying to ansibilize it and I just want to run it once, with a
directive. So if there was a manifest, that'd be super easy. I need to do this for some argo shenanigans if you're curious why I would yo dawg my kubeconfig.


11/28/2022, 5:57 PM
If you want a file then add
--dry-run=client --output=yaml
and pipe the output into a file
running with
does not send any data to the server, just creates the data which would be sent to the server - and in this case you want it in yaml format


11/28/2022, 6:00 PM
Why would you stick your admin kubeconfig into a Kubernetes secret, instead of just using a service account? If you need access to Kubernetes from within the cluster, that is literally what service accounts are for. Sticking your admin kubeconfig in there so you can use it in pods is definitely an anti-pattern.


11/28/2022, 6:36 PM
I wanted a file as a reaction to running that command or some other way to manage that secret without recreating it every time. However, Brandon's clarity on using a service account is enough for me to push back on this. It didn't make sense (because I know 0 about argo), but now that I know it can be accomplished with an SA instead, I'm going to push for it. Thanks a ton for the help folks.
👍 1
Just wanted to circle back again and say thanks for the input @creamy-pencil-82913 I've finally got the team using a service account today. 😄
🎉 1
👍 1