Log in a specific cluster

Before you begin

This procedure requires the following configurations and background:

• A Konvoy cluster with Kommander installed.
• An Identity Provider. This tutorial uses GitHub’s identity provider.
• A configured group in Kommander.
• At least one user in that group.

Access a cluster

If your group can access a cluster managed by Kommander, you can connect to that cluster from the Kommander landing page.

In this example, the Kommander cluster has two managed clusters on Azure but, as a user, you can only access the management cluster. In a different scenario, if you do have access to the other clusters, follow these steps to create a kubectl token for the desired attached or managed cluster.

1. Go to the landing page provided by an administrator, and select Generate Kubectl Token.

   

2. Select the cluster you want to log into.

   

3. Login using an identity provider.

   

4. Attach kubectl to the cluster using the instructions provided in the UI.

   

Your local kubectl can now communicate with the cluster. Depending on your rights, you can view and edit different api-resources.

Switch from a cluster to another cluster

To log in to another cluster that is part of your Kommander infrastructure, use the Access a cluster procedure again for the other cluster.

Once kubectl is on this new cluster, you can switch between clusters using contexts. Open-source tools such as kubectx can make this operation faster.

Messages when attached to a cluster that you do not have access

The Access a Cluster instructions work for any clusters (management and attached ones) even if you do not have access to them.

The difference is that, once you have attached the cluster, none of the kubectl commands will succeed as the user does not have access:

kubectl get pods -A

Error from server (Forbidden): pods is forbidden: User "user@yourcompany.com" cannot list resource "pods" in API group "" at the cluster scope

Downloading a kubeconfig from the UI

You can use the UI to download certain managed clusters’ kubeconfigs.

If you are in the Clusters page from the Global workspace view, or the Clusters page from any workspace with clusters, you can click on the three button action menu from the card, and select Download kubeconfig.

If you are in the detailed page for the specific cluster, you can click on the top right Actions dropdown menu, and select Download kubeconfig.

After it is downloaded, you can apply this kubeconfig to your kubectl.

If you select the Download kubeconfig from the UI and Kommander presents a modal that says the kubeconfig is not available for download, you must retrieve the Kubernetes credentials using the Access a cluster instructions.

Related information

• Installing and configuring Kommander
• Identity Providers in Kommander
• Configuring a GitHub Identity Provider in Kommander
• Granting access to Kubernetes resources in the CLI
• Access control in Kommander
• Kubernetes RBAC authorization