How do I authenticate with Kubernetes kubectl using a username and password?

4
votes

I've got a username and password, how do I authenticate kubectl with them?

Which command do I run?

I've read through: https://kubernetes.io/docs/reference/access-authn-authz/authorization/ and https://kubernetes.io/docs/reference/access-authn-authz/authentication/ though can not find any relevant information in there for this case.

kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif

https://kubernetes-v1-4.github.io/docs/user-guide/kubectl/kubectl_config_set-credentials/

The above does not seem to work: kubectl get pods
Error from server (Forbidden): pods is forbidden: User "client" cannot list pods in the namespace "default": Unknown user "client"

2
kuberneteskubectl

2 Answers

2
votes

Kubernetes provides a number of different authentication mechanisms. Providing a username and password directly to the cluster (as opposed to using an OIDC provider) would indicate that you're using Basic authentication, which hasn't been the default option for a number of releases.

The syntax you've listed appears right, assuming that the cluster supports basic authentication.

The error you're seeing is similar to the one here which may suggest that the cluster you're using doesn't currently support the authentication method you're using.

Additional information about what Kubernetes distribution and version you're using would make it easier to provide a better answer, as there is a lot of variety in how k8s handles authentication.

0
votes

You should have a group set for the authenticating user.

Example:

password1,user1,userid1,system:masters

password2,user2,userid2

Reference:

"Use a credential with the system:masters group, which is bound to the cluster-admin super-user role by the default bindings." https://kubernetes.io/docs/reference/access-authn-authz/rbac/