Skip to main content

Introduction

The Astro Platform offers a simple API to dynamically generate and retrieve the kubeconfig for any managed Kubernetes cluster, allowing you to access and manage the cluster using the kubectl CLI. The generated kubeconfig includes an expiration date, whether it is token-based or mutual TLS-based. To obtain the kubeconfig for a cluster, you can execute the astroctl infra k8s command. This command requires either the platform admin or admin role to successfully fetch the kubeconfig. This process applies to both managed and self-hosted clusters.

Self Hosted Provisioner

For selfHosted provisioner, you first need to generate the kubeconfig with platform admin or admin role, and then set the context to the cluster.

astroctl infra k8s generate-kubeconfig <cluster-name>

Then set the context to the cluster:

astroctl infra k8s set-context <cluster-name>

This command will update your local ~/.kube/config file to include the new context. You can specify the duration by using the --duration flag.

Expired Kubeconfig

For self-hosted clusters, the kubeconfig is valid for 1 hour by default. If the kubeconfig is expired, you need to generate and set the context again by running the above commands.

EKS Provisioner

For EKS clusters, you can run the following command to export the kubeconfig to your local ~/.kube/config file.

astroctl infra k8s set-context <cluster-name>
Expired Kubeconfig

For EKS clusters, the kubeconfig is valid for 1 hour. If the kubeconfig is expired, you need to set the context again by running the above command.

The EKS kubeconfig uses AWS STS tokens for authentication. Ensure the AWS CLI is installed on your machine.

GKE Provisioner

For GKE clusters, you can run the following command to export the kubeconfig to your local ~/.kube/config file.

astroctl infra k8s set-context <cluster-name>
Expired Kubeconfig

For GKE clusters, the kubeconfig is valid for 1 hour. If the kubeconfig is expired, you need to set the context again by running the above command.

The GKE kubeconfig uses Google Cloud credentials for authentication. Ensure the gcloud CLI is installed on your machine.

AKS Provisioner

For AKS clusters, you can run the following command to export the kubeconfig to your local ~/.kube/config file.

astroctl infra k8s set-context <cluster-name>
Expired Kubeconfig

For AKS clusters, the kubeconfig is valid for 1 hour. If the kubeconfig is expired, you need to set the context again by running the above command.

The AKS kubeconfig uses Microsoft Entra tokens for authentication. Ensure the Azure CLI is installed on your machine.

Bring Your Own Kubernetes Cluster (BYOC)

For registered clusters (any cluster brought in via astroctl infra k8s register), you can run the following command to export the kubeconfig to your local ~/.kube/config file.

astroctl infra k8s set-context <cluster-name>
Expired Kubeconfig

For registered clusters, the kubeconfig is valid for 1 hour. If the kubeconfig is expired, you need to set the context again by running the above command.

The registered cluster kubeconfig connects through the platform's secure tunnel. No cloud provider CLI is required on your machine.

Deleting Kubeconfig

If you want to delete the kubeconfig from your local ~/.kube/config file, you can run the following command to delete the kubeconfig for a cluster.

astroctl infra k8s delete-context <cluster-name>

This command will delete the kubeconfig for a cluster from your local ~/.kube/config file.

This works for all cluster types: self-hosted, EKS, GKE, AKS, and registered clusters.