Kubernetes cluster connections

The Okta Privileged Access client allows users to synchronize a list of accessible clusters to their local device. The list of clusters may change depending on a specific user's group membership and configured Cluster Groups.

Sync cluster information

During the initial launch, the Okta Privileged Access client is used only for cluster discovery and token management, and users exclusively interact with clusters using kubectl. Whenever the user authenticates the client with an Okta account, the client retrieves available cluster information from Okta Privileged Access and stores it in the local kubeconfig file.

Cluster changes aren't reflected locally until the users authenticates the client.

Task Description

Options
sft K8s Lists the available K8s subcommands.

-

sft K8s list-clusters

Lists the clusters available in the current team

--account: Uses the specified account.

--columns: Displays the specified column names in the output. Column names should be lowercase and collected in a comma-delimited list.

--config-file: Uses the specified configuration file.

--output: Formats result in the specified format. Available options include: default, json, or describe.

--team: Uses the specified team.

sft K8s kubeconfig

Returns a YAML formatted kubeconfig file for any available clusters, user, and contexts.

--account: Uses the specified account.

--config-file: Uses the specified configuration file.

--team: Uses the specified team.

sft K8s kubeconfig update

Updates the default kubeconfig file $HOME/.kube/config with any available clusters, user, or contexts.

--account: Uses the specified account.

--config-file: Uses the specified configuration file.

--filename=fileName: Update the specified file.

--team: Uses the specified team.

sft K8s kubeconfig remove

Removes all clusters, users, and contexts for the associated team from the default kubeconfig file $HOME/.kube/config.

--account: Uses the specified account.

--config-file: Uses the specified configuration file.

--filename=fileName: Remove data from the specified file

--team: Uses the specified team.

Connect to a K8s cluster

After this list is synchronized, group members can use the kubectl command-line tool to interact with clusters. See the Kubernetes documentation.

Command Description

Kubernetes cluster not visible in Okta Privileged Access user interface.

  • Verify that the correct Okta Privileged Access team name was used in the Terraform provider configuration.

  • Verify that the terraform plan terraform apply command executed successfully.

Related topics

Kubernetes access management

Configure Kubernetes access management