Configuring authentication in
kr8s is optional as it will check the paths that
import kr8s client = kr8s.api()
~/.kube/config(or the path set by the
When reading from a kube config file the following authentication methods are supported:
Support for the legacy
auth-provider methods is not planned.
You can also manually specify authentication information when you create your kr8s client object.
When using the Object API you may not even need to create an API client, however when configuring credentials manually it can still be helpful to create an instance of the client via
kr8s.api as this API client will be cached and reused by objects in the future.
See Client Caching for more information.
Connecting directly to a URL assumes no authentication information is necessary. This is most useful when using with
kubectl proxy which proxies the Kubernetes API on
localhost without requiring authentication.
$ kubectl proxy Starting to serve on 127.0.0.1:8001
import kr8s client = kr8s.api(url="127.0.0.1:8001")
By default the first place
kr8s will look for configuration is in
~/.kube/config. However you can point it anywhere else of the system if your configuration is stored at another location.
import kr8s client = kr8s.api(kubeconfig="/path/to/kube/config")
If you have multiple contexts in your config and you do not want to use the default or currently selected one you can set this explicitly.
import kr8s client = kr8s.api(context="foo-context")
When running inside a Pod with a service account, credentials will be mounted into
kr8s will also check there. However you can specify an alternate path if you know that service account style credentials are stored elsewhere.
import kr8s client = kr8s.api(serviceaccount="/path/to/kube/config")