kubectl config set-credentials
Synopsis
Set a user entry in kubeconfig.
Specifying a name that already exists will merge new fields on top of existing values.
Client-certificate flags:
--client-certificate=certfile --client-key=keyfile
Bearer token flags:
--token=bearer_token
Basic auth flags:
--username=basic_user --password=basic_password
Bearer token and basic auth are mutually exclusive.
kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password] [--auth-provider=provider_name] [--auth-provider-arg=key=value] [--exec-command=exec_command] [--exec-api-version=exec_api_version] [--exec-arg=arg] [--exec-env=key=value]
Examples
# Set only the "client-key" field on the "cluster-admin"
# entry, without touching other values
kubectl config set-credentials cluster-admin --client-key=~/.kube/admin.key
# Set basic auth for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
# Embed client certificate data in the "cluster-admin" entry
kubectl config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true
# Enable the Google Compute Platform auth provider for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --auth-provider=gcp
# Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional arguments
kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
# Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
# Enable new exec auth plugin for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1
# Enable new exec auth plugin for the "cluster-admin" entry with interactive mode
kubectl config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1 --exec-interactive-mode=Never
# Define new exec auth plugin arguments for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2
# Create or update exec auth plugin environment variables for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2
# Remove exec auth plugin environment variables for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --exec-env=var-to-remove-
Options
| --auth-provider string | |
Auth provider for the user entry in kubeconfig |
|
| --auth-provider-arg strings | |
'key=value' arguments for the auth provider |
|
| --client-certificate string | |
Path to client-certificate file for the user entry in kubeconfig |
|
| --client-key string | |
Path to client-key file for the user entry in kubeconfig |
|
| --embed-certs tristate[=true] | |
Embed client cert/key for the user entry in kubeconfig |
|
| --exec-api-version string | |
API version of the exec credential plugin for the user entry in kubeconfig |
|
| --exec-arg strings | |
New arguments for the exec credential plugin command for the user entry in kubeconfig |
|
| --exec-command string | |
Command for the exec credential plugin for the user entry in kubeconfig |
|
| --exec-env strings | |
'key=value' environment values for the exec credential plugin |
|
| --exec-interactive-mode string | |
InteractiveMode of the exec credentials plugin for the user entry in kubeconfig |
|
| --exec-provide-cluster-info tristate[=true] | |
ProvideClusterInfo of the exec credentials plugin for the user entry in kubeconfig |
|
| -h, --help | |
help for set-credentials |
|
| --password string | |
password for the user entry in kubeconfig |
|
| --token string | |
token for the user entry in kubeconfig |
|
| --username string | |
username for the user entry in kubeconfig |
|
Parent Options Inherited
| --as string | |
Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
|
| --as-group strings | |
Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
|
| --as-uid string | |
UID to impersonate for the operation. |
|
| --as-user-extra strings | |
User extras to impersonate for the operation, this flag can be repeated to specify multiple values for the same key. |
|
| --cache-dir string Default: "$HOME/.kube/cache" | |
Default cache directory |
|
| --certificate-authority string | |
Path to a cert file for the certificate authority |
|
| --cluster string | |
The name of the kubeconfig cluster to use |
|
| --context string | |
The name of the kubeconfig context to use |
|
| --disable-compression | |
If true, opt-out of response compression for all requests to the server |
|
| --insecure-skip-tls-verify | |
If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
|
| --kubeconfig string | |
use a particular kubeconfig file |
|
| --kuberc string | |
Path to the kuberc file to use for preferences. This can be disabled by exporting KUBECTL_KUBERC=false feature gate or turning off the feature KUBERC=off. |
|
| --match-server-version | |
Require server version to match client version |
|
| -n, --namespace string | |
If present, the namespace scope for this CLI request |
|
| --profile string Default: "none" | |
Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex|trace) |
|
| --profile-output string Default: "profile.pprof" | |
Name of the file to write the profile to |
|
| --request-timeout string Default: "0" | |
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
|
| -s, --server string | |
The address and port of the Kubernetes API server |
|
| --storage-driver-buffer-duration duration Default: 1m0s | |
Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
|
| --storage-driver-db string Default: "cadvisor" | |
database name |
|
| --storage-driver-host string Default: "localhost:8086" | |
database host:port |
|
| --storage-driver-password string Default: "root" | |
database password |
|
| --storage-driver-secure | |
use secure connection with database |
|
| --storage-driver-table string Default: "stats" | |
table name |
|
| --storage-driver-user string Default: "root" | |
database username |
|
| --tls-server-name string | |
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
|
| --user string | |
The name of the kubeconfig user to use |
|
| --version version[=true] | |
--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
|
| --warnings-as-errors | |
Treat warnings received from the server as errors and exit with a non-zero exit code |
|
See Also
- kubectl config - Modify kubeconfig files
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
This page is automatically generated.
If you plan to report an issue with this page, mention that the page is auto-generated in your issue description. The fix may need to happen elsewhere in the Kubernetes project.