Use kubeconfig files to organize information about clusters, users, namespaces, and
authentication mechanisms. The
kubectl command-line tool uses kubeconfig files to
find the information it needs to choose a cluster and communicate with the API server
of a cluster.
Note: A file that is used to configure access to clusters is called
a kubeconfig file. This is a generic way of referring to configuration files.
It does not mean that there is a file named
kubectl looks for a file named
config in the
You can specify other kubeconfig files by setting the
variable or by setting the
For step-by-step instructions on creating and specifying kubeconfig files, see Configure Access to Multiple Clusters.
Suppose you have several clusters, and your users and components authenticate in a variety of ways. For example:
With kubeconfig files, you can organize your clusters, users, and namespaces. And you can define contexts that enable users to quickly and easily switch between clusters and namespaces.
A kubeconfig file can have context elements. Each context is a triple
(cluster, namespace, user). You can use
kubectl config use-context to set
the current context. The
kubectl command-line tool communicates with the
cluster and namespace listed in the current context. And it uses the
credentials of the user listed in the current context.
KUBECONFIG environment variable holds a list of kubeconfig files.
For Linux and Mac, the list is colon-delimited. For Windows, the list
is semicolon-delimited. The
KUBECONFIG environment variable is not
required. If the
KUBECONFIG environment variable doesn’t exist,
kubectl uses the default kubeconfig file,
KUBECONFIG environment variable does exist,
an effective configuration that is the result of merging the files
listed in the
KUBECONFIG evironment variable.
To see your configuration, enter this command:
kubectl config view
As described previously, the output might be from a single kubeconfig file, or it might be the result of merging several kubeconfig files.
Here are the rules that
kubectl uses when it merges kubeconfig files:
--kubeconfig flag is set, use only the specified file. Do not merge.
Only one instance of this flag is allowed.
Otherwise, if the
KUBECONFIG environment variable is set, use it as a
list of files that should be merged.
Merge the files listed in the
KUBECONFIG envrionment variable
according to these rules:
current-context. Example: If two files specify a
red-user, use only values from the first file’s
red-user. Even if the second file has non-conflicting entries under
red-user, discard them.
For an example of setting the
KUBECONFIG environment variable, see
Setting the KUBECONFIG environment variable.
Otherwise, use the default kubeconfig file,
$HOME/.kube/config, with no merging.
Determine the context to use based on the first hit in this chain:
--contextcommand-line flag if it exits.
current-contextfrom the merged kubeconfig files.
An empty context is allowed at this point.
Determine the cluster and user. At this point, there might or might not be a context. Determine the cluster and user based on the first hit in this chain, which is run twice: once for user and once for cluster:
The user and cluster can be empty at this point.
Determine the actual cluster information to use. At this point, there might or might not be cluster information. Build each piece of the cluster information based on this chain; the first hit wins:
Determine the actual user information to use. Build user information using the same rules as cluster information, except allow only one authentication technique per user:
userfields from the merged kubeconfig files.
For any information still missing, use default values and potentially prompt for authentication information.
File and path references in a kubeconfig file are relative to the location of the kubeconfig file.
File references on the command line are relative to the current working directory.
$HOME/.kube/config, relative paths are stored relatively, and absolute paths
are stored absolutely.