Interact with Rancher using command line interface (CLI) tools from your workstation.
Follow the steps in rancher cli.
Ensure you can run
rancher kubectl get pods successfully.
kubectl utility. See install kubectl.
Configure kubectl by visiting your cluster in the Rancher Web UI then clicking on
Kubeconfig, copying contents and putting into your
kubectl cluster-info or
kubectl get pods successfully.
Authentication with kubectl and kubeconfig Tokens with TTL
If admins have enforced TTL on kubeconfig tokens, the kubeconfig file requires the Rancher cli to be present in your PATH when you run
kubectl. Otherwise, you’ll see error like:
Unable to connect to the server: getting credentials: exec: exec: "rancher": executable file not found in $PATH.
This feature enables kubectl to authenticate with the Rancher server and get a new kubeconfig token when required. The following auth providers are currently supported:
- Active Directory
- FreeIpa, OpenLdap
- SAML providers - Ping, Okta, ADFS, Keycloak, Shibboleth
When you first run kubectl, for example,
kubectl get pods, it will ask you to pick an auth provider and log in with the Rancher server.
The kubeconfig token is cached in the path where you run kubectl under
./.cache/token. This token is valid till it expires, or gets deleted from the Rancher server
Upon expiration, the next
kubectl get pods will ask you to log in with the Rancher server again.