Saiyam Pathak avatar
By Saiyam Pathak
Field CTO


In the Kubernetes landscape, ensuring secure access to the cluster is of utmost importance. This lesson delves into the intricacies of Kubernetes cluster authentication, demonstrating how to authenticate a specific cluster in your environment

Introduction to Kubernetes Cluster Authentication

Kubernetes cluster authentication is a critical process that verifies the identity of users or entities interacting with the cluster. In this demo, we'll explore how to use the `curl` command to communicate with the Kubernetes API endpoint, leveraging a token for authentication.

Diving into the Configuration

To begin, we can view the cluster`s configuration using the command kubectl config view. This command reveals essential details about the cluster, such as the API server endpoint, cluster name, and the current context. For a more detailed view of the Kube config data, one can use the cat ~/.kube/config command.

Fetching Additional Configuration Details

To further understand the cluster's configuration, we can run the command cat This command provides additional insights into the cluster`s setup. From this command, we can retrieve the cluster name. However, since we`ve already observed it in the config view, we can directly set it using the command export CLUSTER_NAME= "kubernetes". After setting the cluster name, we can again view the detailed configuration by running `kubectl config view`.

Fetching the API Server Endpoint

The API server endpoint is crucial for our authentication process. To fetch it, use the command APISERVER=$(kubectl config view -o jsonpath="{.clusters[?(`$CLUSTER_NAME`)].cluster.server}").

Understanding Secrets and Tokens in Kubernetes

In Kubernetes, when a cluster is created, a secret associated with it is also generated. To view this secret, use the `kubectl get secret` command. The primary goal here is to obtain the token, which is initially encoded. To decode this token, use the command TOKEN=$(kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations[`kubernetes\\.io/service-account\\.name`]==`default`)].data.token}"|base64 -d).

Executing the Curl Command with Authentication

With the API server endpoint and decoded token in hand, we can now execute the `curl` command. This command requires the CSRF header and token-based authorization to ensure the user's authenticity. The API server then validates the provided token, ensuring secure access.


This lesson provided a hands-on demonstration of Kubernetes cluster authentication using the `curl` command, token, and certificate. It's a foundational step in ensuring secure interactions with the Kubernetes cluster.

Don't stop now, check out your next lesson