Guide to Managing Multiple Kubernetes Clusters with kubectl config
Manage multiple Kubernetes clusters with kubectl contexts, kubeconfig files, namespaces, and safer switching commands.
Guide to Managing Multiple Kubernetes Clusters with kubectl config
Managing multiple Kubernetes clusters is normal once you have development, staging, production, or clusters in more than one cloud. The risk is simple: one command can hit the wrong cluster if your context is not clear.
This guide shows you how to use kubectl config to inspect contexts, switch clusters, set namespaces, and organize multiple kubeconfig files.
Understanding the Kubeconfig File
Before diving into kubectl config commands, it's essential to understand the kubeconfig file. This file stores information about your clusters, users, and the contexts that bind them together. kubectl uses this file to authenticate with and specify which cluster to interact with. By default, kubectl looks for the kubeconfig file at $HOME/.kube/config.
Within this file, you'll find three main sections:
clusters: Defines the Kubernetes clusters, including their API server endpoints and certificate authorities.users: Stores authentication credentials, such as client certificates and tokens.contexts: Associates a cluster, a user, and optionally a namespace. A context provides a convenient way to group these configurations, allowingkubectlto switch between different cluster/user combinations easily.
Managing Contexts with kubectl config
Contexts are the primary way kubectl manages your connection to different Kubernetes clusters. They act as shortcuts, allowing you to switch between them with a single command.
Viewing Available Contexts
To see all the contexts available in your current kubeconfig file, use the following command:
kubectl config get-contexts
This command will output a list of contexts, along with the cluster, user, and namespace associated with each. The currently active context will be marked with an asterisk (*).
Example Output:
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* my-dev-context my-dev-cluster dev-user default
my-prod-context my-prod-cluster prod-user production
staging-context staging-cluster staging-user staging
Getting the Current Context
To quickly check which context you are currently using, run:
kubectl config current-context
This will output the name of the active context.
Switching Contexts
Switching to a different context is straightforward. Use the use-context subcommand followed by the name of the context you wish to activate:
kubectl config use-context <context-name>
For instance, to switch to the my-prod-context from the example above:
kubectl config use-context my-prod-context
After executing this command, subsequent kubectl commands will be directed to the cluster specified in my-prod-context.
Setting a Context
You can also set a specific context for a cluster and user without necessarily making it the default for future use. This is useful for temporary operations.
kubectl config set-context <context-name> --cluster=<cluster-name> --user=<user-name> --namespace=<namespace-name>
If you omit --namespace, the default namespace of the cluster will be used.
Managing Clusters and Users
While contexts are used for switching, you can also directly manage the cluster and user configurations that contexts refer to.
Viewing Cluster Information
To list all configured clusters:
kubectl config get-clusters
To view details of a specific cluster:
kubectl config view --minify -o jsonpath='{.clusters[?(@.name=="<cluster-name>")].cluster}'
Replace <cluster-name> with the actual name of your cluster.
Viewing User Information
To list all configured users:
kubectl config get-users
Adding and Modifying Configurations
You can add new clusters, users, and contexts, or modify existing ones:
- Add a new cluster:
kubectl config set-cluster <cluster-name> --server=<api-server-url> --certificate-authority=<path-to-ca-file> --embed-certs=true - Add a new user:
kubectl config set-credentials <user-name> --client-certificate=<path-to-cert-file> --client-key=<path-to-key-file> --embed-certs=true - Add a new context:
kubectl config set-context <context-name> --cluster=<cluster-name> --user=<user-name> --namespace=<namespace-name>
Managing Multiple Kubeconfig Files
For enhanced security and organization, especially when dealing with many clusters or sensitive credentials, it's a good practice to keep your kubeconfig files separate. kubectl can manage multiple kubeconfig files using the KUBECONFIG environment variable or the --kubeconfig flag.
Using the KUBECONFIG Environment Variable
You can specify a list of kubeconfig files to load. kubectl merges these files. If the same named cluster, user, or context appears in more than one file, merge precedence depends on the order of files in KUBECONFIG, so use unique names to avoid surprises.
To set this variable for your current shell session:
export KUBECONFIG=~/.kube/config:~/.kube/config-dev:~/.kube/config-prod
To make this persistent, add the export line to your shell's profile file (e.g., ~/.bashrc, ~/.zshrc).
Using the --kubeconfig Flag
Alternatively, you can specify a particular kubeconfig file for a single kubectl command:
kubectl --kubeconfig=~/.kube/config-dev get pods
This is useful for one-off commands or when you want to be absolutely sure which file is being used.
Best Practices for Multi-Cluster Management
- Use Separate Files: Store configurations for different environments (dev, staging, prod) or cloud providers in distinct kubeconfig files (e.g.,
config-dev,config-staging,config-prod). - Leverage
KUBECONFIG: Set theKUBECONFIGenvironment variable in your shell profile to easily merge and manage multiple files without manual merging. - Descriptive Context Names: Use clear and descriptive names for your contexts (e.g.,
aws-prod-us-east-1,gke-dev-eu-west-2) to avoid confusion. - Namespace Awareness: Always be mindful of the namespace you are operating in. Use
--namespaceflag or set it in your context to target the correct namespace. - Regularly Audit: Periodically review your contexts and cluster configurations to ensure they are up-to-date and secure.
- Secure Your Kubeconfig: Treat your kubeconfig files as sensitive credentials. Restrict file permissions and avoid committing them to version control.
Final Takeaway
Make context checks part of your workflow. Run kubectl config current-context before risky commands, use descriptive context names, set namespaces intentionally, and keep production credentials out of casual shell sessions when you do not need them.