Kubernetes cluster connections
The Okta Privileged Access client allows users to synchronize a list of accessible clusters to their local device. The list of clusters may change depending on a specific user's group membership and configured Cluster Groups.
Sync cluster information
During the initial launch, the Okta Privileged Access client is used only for cluster discovery and token management, and users exclusively interact with clusters using kubectl. Whenever the user authenticates the client with an Okta account, the client retrieves available cluster information from Okta Privileged Access and stores it in the local kubeconfig file.
Cluster changes aren't reflected locally until the users authenticates the client.
Task | Description |
Options |
---|---|---|
sft K8s | Lists the available K8s subcommands. |
- |
sft K8s list-clusters |
Lists the clusters available in the current team |
--account: Uses the specified account. --columns: Displays the specified column names in the output. Column names should be lowercase and collected in a comma-delimited list. --config-file: Uses the specified configuration file. --output: Formats result in the specified format. Available options include: default, json, or describe. --team: Uses the specified team. |
sft K8s kubeconfig |
Returns a YAML formatted kubeconfig file for any available clusters, user, and contexts. |
--account: Uses the specified account. --config-file: Uses the specified configuration file. --team: Uses the specified team. |
sft K8s kubeconfig update |
Updates the default kubeconfig file $HOME/.kube/config with any available clusters, user, or contexts. |
--account: Uses the specified account. --config-file: Uses the specified configuration file. --filename=fileName: Update the specified file. --team: Uses the specified team. |
sft K8s kubeconfig remove |
Removes all clusters, users, and contexts for the associated team from the default kubeconfig file $HOME/.kube/config. |
--account: Uses the specified account. --config-file: Uses the specified configuration file. --filename=fileName: Remove data from the specified file --team: Uses the specified team. |
Connect to a K8s cluster
After this list is synchronized, group members can use the kubectl command-line tool to interact with clusters. See the Kubernetes documentation.
Command | Description |
---|---|
Kubernetes cluster not visible in Okta Privileged Access user interface. |
|