Kubeconfig files store parameters and credentials that are used by Kubernetes clients to connect to and authenticate clusters. This topic describes the operations that you can perform to manage kubeconfig files.
Operations
Container Service for Kubernetes (ACK) signs and issues kubeconfig files that contain identity information to Alibaba Cloud accounts, Resource Access Management (RAM) users, or RAM roles. These kubeconfig files can be used to access ACK clusters. The following table describes the operations that you can perform on kubeconfig files in different scenarios.
Based on the shared responsibility model, you are responsible for maintaining the kubeconfig files. Make sure that the kubeconfig files are available and valid. This prevents security risks caused by kubeconfig file leaks.
Operation | Description | References |
Obtain kubeconfig files | You can obtain the kubeconfig file of a cluster to connect to the cluster over the Internet or a private connection. We recommend that you use a temporary kubeconfig file to reduce the security risks caused by kubeconfig file leaks. | Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster |
Revoke kubeconfig files | Revoking the kubeconfig file will invalidate the credentials of RAM users or roles. After the kubeconfig file is revoked, the system automatically generates a new kubeconfig file and binds the new kubeconfig file to the RAM user or RAM role. | |
Delete kubeconfig files |
| |
Restore kubeconfig files | You can use the kubeconfig recycle bin to restore only kubeconfig files that are deleted within the previous 30 days. |