From 83494a7d4074a756892a2ce80827d68525c350a4 Mon Sep 17 00:00:00 2001 From: Ivan Stukov Date: Fri, 13 Feb 2026 21:26:55 +0500 Subject: [PATCH 1/5] docs: add serviceaccount-api-access and update faq Co-Authored-By: Claude Signed-off-by: Ivan Stukov --- content/en/docs/v0/operations/faq/_index.md | 75 ++++++++++++++--- .../v0/operations/faq/generate-kubeconfig.md | 2 + .../faq/serviceaccount-api-access.md | 83 +++++++++++++++++++ content/en/docs/v1/operations/faq/_index.md | 75 ++++++++++++++--- .../v1/operations/faq/generate-kubeconfig.md | 3 + .../faq/serviceaccount-api-access.md | 82 ++++++++++++++++++ 6 files changed, 296 insertions(+), 24 deletions(-) create mode 100644 content/en/docs/v0/operations/faq/serviceaccount-api-access.md create mode 100644 content/en/docs/v1/operations/faq/serviceaccount-api-access.md diff --git a/content/en/docs/v0/operations/faq/_index.md b/content/en/docs/v0/operations/faq/_index.md index 5b4f3829..6f8dec7d 100644 --- a/content/en/docs/v0/operations/faq/_index.md +++ b/content/en/docs/v0/operations/faq/_index.md @@ -18,20 +18,32 @@ Troubleshooting advice can be found on our [Troubleshooting Cheatsheet](/docs/v0 ## Deploying Cozystack -### How to allocate space on system disk for user storage +
+How to allocate space on system disk for user storage Deploying Cozystack, [How to install Talos on a single-disk machine]({{% ref "/docs/v0/install/how-to/single-disk" %}}) -### How to Enable KubeSpan +
+
+ +
+How to Enable KubeSpan Deploying Cozystack, [How to Enable KubeSpan]({{% ref "/docs/v0/install/how-to/kubespan" %}}) -### How to enable Hugepages +
+
+ +
+How to enable Hugepages Deploying Cozystack, [How to enable Hugepages]({{% ref "/docs/v0/install/how-to/hugepages" %}}). +
+
-### What if my cloud provider does not support MetalLB +
+What if my cloud provider does not support MetalLB Most cloud providers don't support MetalLB. Instead of using it, you can expose the main ingress controller using the external IPs method. @@ -39,42 +51,81 @@ Instead of using it, you can expose the main ingress controller using the extern For deploying on Hetzner, follow the specialized [Hetzner installation guide]({{% ref "/docs/v0/install/providers/hetzner" %}}). For other providers, follow the [Cozystack installation guide, Public IP Setup]({{% ref "/docs/v0/install/cozystack#4b-public-ip-setup" %}}). -### Public-network Kubernetes deployment +
+
+ +
+Public-network Kubernetes deployment Deploying Cozystack, [Deploy with public networks]({{% ref "/docs/v0/install/how-to/public-ip" %}}). +
+ ## Operations -### How to enable access to dashboard via ingress-controller +
+How to enable access to dashboard via ingress-controller Update your `ingress` application and enable `dashboard: true` option in it. Dashboard will become available under: `https://dashboard.` +
+
-### How to configure Cozystack using FluxCD or ArgoCD +
+How to configure Cozystack using FluxCD or ArgoCD Here you can find reference repository to learn how to configure Cozystack services using GitOps approach: - https://github.com/aenix-io/cozystack-gitops-example -### How to generate kubeconfig for tenant users +
+
+ +
+How to generate kubeconfig for tenant users Moved to [How to generate kubeconfig for tenant users]({{% ref "/docs/v0/operations/faq/generate-kubeconfig" %}}). -### How to Rotate Certificate Authority +
+
+ +
+How to use ServiceAccount tokens for API access + +See [ServiceAccount Tokens for API Access]({{% ref "/docs/v0/operations/faq/serviceaccount-api-access" %}}). + +
+
+ +
+How to Rotate Certificate Authority Moved to Cluster Maintenance, [How to Rotate Certificate Authority]({{% ref "/docs/v0/operations/cluster/rotate-ca" %}}). -### How to cleanup etcd state +
+
+ +
+How to cleanup etcd state Moved to Troubleshooting: [How to clean up etcd state]({{% ref "/docs/v0/operations/troubleshooting/etcd#how-to-clean-up-etcd-state" %}}). +
+ ## Bundles -### How to overwrite parameters for specific components +
+How to overwrite parameters for specific components Moved to Cluster configuration, [Components reference]({{% ref "/docs/v0/operations/configuration/components#overwriting-component-parameters" %}}). -### How to disable some components from bundle +
+
+ +
+How to disable some components from bundle Moved to Cluster configuration, [Components reference]({{% ref "/docs/v0/operations/configuration/components#enabling-and-disabling-components" %}}). + +
diff --git a/content/en/docs/v0/operations/faq/generate-kubeconfig.md b/content/en/docs/v0/operations/faq/generate-kubeconfig.md index 51836ffe..747ecfec 100644 --- a/content/en/docs/v0/operations/faq/generate-kubeconfig.md +++ b/content/en/docs/v0/operations/faq/generate-kubeconfig.md @@ -2,7 +2,9 @@ title: "How to generate kubeconfig for tenant users" linkTitle: "Generate tenant kubeconfig" description: "A guide on how to generate a kubeconfig file for tenant users in Cozystack." +weight: 30 aliases: + - /docs/v0/operations/faq/generate-kubeconfig - /docs/operations/faq/generate-kubeconfig --- diff --git a/content/en/docs/v0/operations/faq/serviceaccount-api-access.md b/content/en/docs/v0/operations/faq/serviceaccount-api-access.md new file mode 100644 index 00000000..09eb5a78 --- /dev/null +++ b/content/en/docs/v0/operations/faq/serviceaccount-api-access.md @@ -0,0 +1,83 @@ +--- +title: "ServiceAccount Tokens for API Access" +linkTitle: "ServiceAccount API Access" +description: "How to retrieve and use ServiceAccount tokens in Cozystack." +weight: 20 +aliases: + - /docs/v0/operations/api-access + - /docs/operations/api-access +--- + +## Prerequisites + +Before you begin: + +- A tenant must already exist in Cozystack. + See [Create a User Tenant]({{% ref "/docs/v0/getting-started/create-tenant" %}}) if you haven't created one yet. +- Access to the tenant namespace — either via OIDC credentials or an administrative kubeconfig. +- `kubectl` and `jq` installed and configured. + +## Retrieving the ServiceAccount Token + +Each tenant in Cozystack has a Secret that contains a ServiceAccount token. +The Secret has the same name as the tenant and is located in the tenant's namespace. + +{{< tabs name="get_token" >}} +{{% tab name="Dashboard" %}} + +1. Log in to the Dashboard as a user with access to the tenant. +1. Switch context to the target tenant if needed. +1. On the left sidebar, navigate to the **Administration** → **Info** page and open the **Secrets** tab. +1. Find the secret named `tenant-` (e.g. `tenant-team1`). +1. Click the eye icon to reveal the **Value** field, then click the revealed data. The text will be copied to the clipboard automatically. + +{{% /tab %}} + +{{% tab name="kubectl" %}} + +Retrieve the token for a tenant named ``: + +```bash +kubectl -n tenant- get secret tenant- -o json | jq -r '.data.token | @base64d' +``` + +To store the token in a variable for subsequent commands: + +```bash +export TOKEN=$(kubectl -n tenant- get secret tenant- -o json | jq -r '.data.token | @base64d') +``` + +{{% /tab %}} +{{< /tabs >}} + +## Using the Token for API Access + +Once you have the token, you can [generate a kubeconfig]({{% ref "/docs/v0/operations/faq/generate-kubeconfig" %}}) for kubectl access, or use it directly with `curl` as shown below. + +{{% alert color="warning" %}} +**Token Security** + +ServiceAccount tokens in Cozystack **do not expire** by default. Handle them with the same care as passwords. +{{% /alert %}} + +### Test the Connection + +First, get the API server address: + +```bash +export API_SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') +``` + +Next, extract the CA certificate to a file: + +```bash +kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 -d > ca.crt +``` + +Now, test the connection: + +```bash +curl --cacert ca.crt -H "Authorization: Bearer ${TOKEN}" ${API_SERVER}/api +``` + +> You can remove `ca.crt` after testing. diff --git a/content/en/docs/v1/operations/faq/_index.md b/content/en/docs/v1/operations/faq/_index.md index fee04a3c..8b763509 100644 --- a/content/en/docs/v1/operations/faq/_index.md +++ b/content/en/docs/v1/operations/faq/_index.md @@ -15,20 +15,32 @@ Troubleshooting advice can be found on our [Troubleshooting Cheatsheet](/docs/op ## Deploying Cozystack -### How to allocate space on system disk for user storage +
+How to allocate space on system disk for user storage Deploying Cozystack, [How to install Talos on a single-disk machine]({{% ref "/docs/v1/install/how-to/single-disk" %}}) -### How to Enable KubeSpan +
+
+ +
+How to Enable KubeSpan Deploying Cozystack, [How to Enable KubeSpan]({{% ref "/docs/v1/install/how-to/kubespan" %}}) -### How to enable Hugepages +
+
+ +
+How to enable Hugepages Deploying Cozystack, [How to enable Hugepages]({{% ref "/docs/v1/install/how-to/hugepages" %}}). +
+
-### What if my cloud provider does not support MetalLB +
+What if my cloud provider does not support MetalLB Most cloud providers don't support MetalLB. Instead of using it, you can expose the main ingress controller using the external IPs method. @@ -36,42 +48,81 @@ Instead of using it, you can expose the main ingress controller using the extern For deploying on Hetzner, follow the specialized [Hetzner installation guide]({{% ref "/docs/v1/install/providers/hetzner" %}}). For other providers, follow the [Cozystack installation guide, Public IP Setup]({{% ref "/docs/v1/install/cozystack#4b-public-ip-setup" %}}). -### Public-network Kubernetes deployment +
+
+ +
+Public-network Kubernetes deployment Deploying Cozystack, [Deploy with public networks]({{% ref "/docs/v1/install/how-to/public-ip" %}}). +
+ ## Operations -### How to enable access to dashboard via ingress-controller +
+How to enable access to dashboard via ingress-controller Update your `ingress` application and enable `dashboard: true` option in it. Dashboard will become available under: `https://dashboard.` +
+
-### How to configure Cozystack using FluxCD or ArgoCD +
+How to configure Cozystack using FluxCD or ArgoCD Here you can find reference repository to learn how to configure Cozystack services using GitOps approach: - https://github.com/aenix-io/cozystack-gitops-example -### How to generate kubeconfig for tenant users +
+
+ +
+How to generate kubeconfig for tenant users Moved to [How to generate kubeconfig for tenant users]({{% ref "/docs/v1/operations/faq/generate-kubeconfig" %}}). -### How to Rotate Certificate Authority +
+
+ +
+How to use ServiceAccount tokens for API access + +See [ServiceAccount Tokens for API Access]({{% ref "/docs/v1/operations/faq/serviceaccount-api-access" %}}). + +
+
+ +
+How to Rotate Certificate Authority Moved to Cluster Maintenance, [How to Rotate Certificate Authority]({{% ref "/docs/v1/operations/cluster/rotate-ca" %}}). -### How to cleanup etcd state +
+
+ +
+How to cleanup etcd state Moved to Troubleshooting: [How to clean up etcd state]({{% ref "/docs/v1/operations/troubleshooting/etcd#how-to-clean-up-etcd-state" %}}). +
+ ## Bundles -### How to overwrite parameters for specific components +
+How to overwrite parameters for specific components Moved to Cluster configuration, [Components reference]({{% ref "/docs/v1/operations/configuration/components#overwriting-component-parameters" %}}). -### How to disable some components from bundle +
+
+ +
+How to disable some components from bundle Moved to Cluster configuration, [Components reference]({{% ref "/docs/v1/operations/configuration/components#enabling-and-disabling-components" %}}). + +
diff --git a/content/en/docs/v1/operations/faq/generate-kubeconfig.md b/content/en/docs/v1/operations/faq/generate-kubeconfig.md index f8c49da2..35debcdd 100644 --- a/content/en/docs/v1/operations/faq/generate-kubeconfig.md +++ b/content/en/docs/v1/operations/faq/generate-kubeconfig.md @@ -2,6 +2,9 @@ title: "How to generate kubeconfig for tenant users" linkTitle: "Generate tenant kubeconfig" description: "A guide on how to generate a kubeconfig file for tenant users in Cozystack." +weight: 30 +aliases: + - /docs/v1/operations/faq/generate-kubeconfig --- To generate a `kubeconfig` for tenant users, use the following script. diff --git a/content/en/docs/v1/operations/faq/serviceaccount-api-access.md b/content/en/docs/v1/operations/faq/serviceaccount-api-access.md new file mode 100644 index 00000000..c79dd189 --- /dev/null +++ b/content/en/docs/v1/operations/faq/serviceaccount-api-access.md @@ -0,0 +1,82 @@ +--- +title: "ServiceAccount Tokens for API Access" +linkTitle: "ServiceAccount API Access" +description: "How to retrieve and use ServiceAccount tokens in Cozystack." +weight: 20 +aliases: + - /docs/v1/operations/api-access +--- + +## Prerequisites + +Before you begin: + +- A tenant must already exist in Cozystack. + See [Create a User Tenant]({{% ref "/docs/v1/getting-started/create-tenant" %}}) if you haven't created one yet. +- Access to the tenant namespace — either via OIDC credentials or an administrative kubeconfig. +- `kubectl` and `jq` installed and configured. + +## Retrieving the ServiceAccount Token + +Each tenant in Cozystack has a Secret that contains a ServiceAccount token. +The Secret has the same name as the tenant and is located in the tenant's namespace. + +{{< tabs name="get_token" >}} +{{% tab name="Dashboard" %}} + +1. Log in to the Dashboard as a user with access to the tenant. +1. Switch context to the target tenant if needed. +1. On the left sidebar, navigate to the **Administration** → **Info** page and open the **Secrets** tab. +1. Find the secret named `tenant-` (e.g. `tenant-team1`). +1. Click the eye icon to reveal the **Value** field, then click the revealed data. The text will be copied to the clipboard automatically. + +{{% /tab %}} + +{{% tab name="kubectl" %}} + +Retrieve the token for a tenant named ``: + +```bash +kubectl -n tenant- get secret tenant- -o json | jq -r '.data.token | @base64d' +``` + +To store the token in a variable for subsequent commands: + +```bash +export TOKEN=$(kubectl -n tenant- get secret tenant- -o json | jq -r '.data.token | @base64d') +``` + +{{% /tab %}} +{{< /tabs >}} + +## Using the Token for API Access + +Once you have the token, you can [generate a kubeconfig]({{% ref "/docs/v1/operations/faq/generate-kubeconfig" %}}) for kubectl access, or use it directly with `curl` as shown below. + +{{% alert color="warning" %}} +**Token Security** + +ServiceAccount tokens in Cozystack **do not expire** by default. Handle them with the same care as passwords. +{{% /alert %}} + +### Test the Connection + +First, get the API server address: + +```bash +export API_SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') +``` + +Next, extract the CA certificate to a file: + +```bash +kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 -d > ca.crt +``` + +Now, test the connection: + +```bash +curl --cacert ca.crt -H "Authorization: Bearer ${TOKEN}" ${API_SERVER}/api +``` + +> You can remove `ca.crt` after testing. From db74e5a2f492b438cbbe4f87ec83d62c060b1802 Mon Sep 17 00:00:00 2001 From: Ivan Stukov Date: Fri, 13 Feb 2026 22:04:51 +0500 Subject: [PATCH 2/5] clarify dashboard flow Signed-off-by: Ivan Stukov --- content/en/docs/v0/operations/faq/serviceaccount-api-access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/v0/operations/faq/serviceaccount-api-access.md b/content/en/docs/v0/operations/faq/serviceaccount-api-access.md index 09eb5a78..2ab87049 100644 --- a/content/en/docs/v0/operations/faq/serviceaccount-api-access.md +++ b/content/en/docs/v0/operations/faq/serviceaccount-api-access.md @@ -28,7 +28,7 @@ The Secret has the same name as the tenant and is located in the tenant's namesp 1. Log in to the Dashboard as a user with access to the tenant. 1. Switch context to the target tenant if needed. 1. On the left sidebar, navigate to the **Administration** → **Info** page and open the **Secrets** tab. -1. Find the secret named `tenant-` (e.g. `tenant-team1`). +1. Find the secret named `tenant-` (e.g. `tenant-team1`), where the **Key** is **token**. 1. Click the eye icon to reveal the **Value** field, then click the revealed data. The text will be copied to the clipboard automatically. {{% /tab %}} From c07d1f99fb2adb45f056682748e6e6c3cb7effa5 Mon Sep 17 00:00:00 2001 From: Ivan Stukov Date: Fri, 13 Feb 2026 22:17:25 +0500 Subject: [PATCH 3/5] edit secret extraction command Signed-off-by: Ivan Stukov --- .../en/docs/v0/operations/faq/serviceaccount-api-access.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/v0/operations/faq/serviceaccount-api-access.md b/content/en/docs/v0/operations/faq/serviceaccount-api-access.md index 2ab87049..73ccad27 100644 --- a/content/en/docs/v0/operations/faq/serviceaccount-api-access.md +++ b/content/en/docs/v0/operations/faq/serviceaccount-api-access.md @@ -38,13 +38,13 @@ The Secret has the same name as the tenant and is located in the tenant's namesp Retrieve the token for a tenant named ``: ```bash -kubectl -n tenant- get secret tenant- -o json | jq -r '.data.token | @base64d' +kubectl -n tenant- get tenantsecret tenant- -o json | jq -r '.data.token | @base64d' ``` To store the token in a variable for subsequent commands: ```bash -export TOKEN=$(kubectl -n tenant- get secret tenant- -o json | jq -r '.data.token | @base64d') +export TOKEN=$(kubectl -n tenant- get tenantsecret tenant- -o json | jq -r '.data.token | @base64d') ``` {{% /tab %}} From 0ef41f6dd25630e4632bea5ea18e637e028a2c81 Mon Sep 17 00:00:00 2001 From: Ivan Stukov Date: Fri, 13 Feb 2026 22:21:45 +0500 Subject: [PATCH 4/5] add last edits to v1 Signed-off-by: Ivan Stukov --- .../en/docs/v1/operations/faq/serviceaccount-api-access.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/docs/v1/operations/faq/serviceaccount-api-access.md b/content/en/docs/v1/operations/faq/serviceaccount-api-access.md index c79dd189..938433c8 100644 --- a/content/en/docs/v1/operations/faq/serviceaccount-api-access.md +++ b/content/en/docs/v1/operations/faq/serviceaccount-api-access.md @@ -27,7 +27,7 @@ The Secret has the same name as the tenant and is located in the tenant's namesp 1. Log in to the Dashboard as a user with access to the tenant. 1. Switch context to the target tenant if needed. 1. On the left sidebar, navigate to the **Administration** → **Info** page and open the **Secrets** tab. -1. Find the secret named `tenant-` (e.g. `tenant-team1`). +1. Find the secret named `tenant-` (e.g. `tenant-team1`), where the **Key** is **token**. 1. Click the eye icon to reveal the **Value** field, then click the revealed data. The text will be copied to the clipboard automatically. {{% /tab %}} @@ -37,13 +37,13 @@ The Secret has the same name as the tenant and is located in the tenant's namesp Retrieve the token for a tenant named ``: ```bash -kubectl -n tenant- get secret tenant- -o json | jq -r '.data.token | @base64d' +kubectl -n tenant- get tenantsecret tenant- -o json | jq -r '.data.token | @base64d' ``` To store the token in a variable for subsequent commands: ```bash -export TOKEN=$(kubectl -n tenant- get secret tenant- -o json | jq -r '.data.token | @base64d') +export TOKEN=$(kubectl -n tenant- get tenantsecret tenant- -o json | jq -r '.data.token | @base64d') ``` {{% /tab %}} From 0406f6e8864390f4dbf4f9f4ee25ddd1c952506e Mon Sep 17 00:00:00 2001 From: Ivan Stukov Date: Tue, 17 Feb 2026 04:47:33 +0500 Subject: [PATCH 5/5] improve serviceaccount-api-access clarity and consistency Co-Authored-By: Claude Signed-off-by: Ivan Stukov --- .../v0/operations/faq/generate-kubeconfig.md | 1 - .../faq/serviceaccount-api-access.md | 24 ++++++++++++------- .../faq/serviceaccount-api-access.md | 23 +++++++++++------- 3 files changed, 31 insertions(+), 17 deletions(-) diff --git a/content/en/docs/v0/operations/faq/generate-kubeconfig.md b/content/en/docs/v0/operations/faq/generate-kubeconfig.md index 747ecfec..9f190178 100644 --- a/content/en/docs/v0/operations/faq/generate-kubeconfig.md +++ b/content/en/docs/v0/operations/faq/generate-kubeconfig.md @@ -4,7 +4,6 @@ linkTitle: "Generate tenant kubeconfig" description: "A guide on how to generate a kubeconfig file for tenant users in Cozystack." weight: 30 aliases: - - /docs/v0/operations/faq/generate-kubeconfig - /docs/operations/faq/generate-kubeconfig --- diff --git a/content/en/docs/v0/operations/faq/serviceaccount-api-access.md b/content/en/docs/v0/operations/faq/serviceaccount-api-access.md index 73ccad27..a874e04f 100644 --- a/content/en/docs/v0/operations/faq/serviceaccount-api-access.md +++ b/content/en/docs/v0/operations/faq/serviceaccount-api-access.md @@ -10,12 +10,13 @@ aliases: ## Prerequisites -Before you begin: - -- A tenant must already exist in Cozystack. +Before you begin, make sure that: +- A tenant already exists in Cozystack. See [Create a User Tenant]({{% ref "/docs/v0/getting-started/create-tenant" %}}) if you haven't created one yet. -- Access to the tenant namespace — either via OIDC credentials or an administrative kubeconfig. -- `kubectl` and `jq` installed and configured. +- You have access to the tenant namespace — either via OIDC credentials or an administrative kubeconfig. +- `kubectl` is installed and configured. +- (Optional) `jq` is installed. + ## Retrieving the ServiceAccount Token @@ -62,16 +63,23 @@ ServiceAccount tokens in Cozystack **do not expire** by default. Handle them wit ### Test the Connection -First, get the API server address: +First, verify your kubectl context points to the correct Cozystack cluster: + +```bash +kubectl config current-context +kubectl cluster-info +``` + +Next, get the API server address: ```bash export API_SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') ``` -Next, extract the CA certificate to a file: +Then, extract the CA certificate from the tenant secret: ```bash -kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 -d > ca.crt +kubectl -n tenant- get secret tenant- -o jsonpath='{.data.ca\.crt}' | base64 -d > ca.crt ``` Now, test the connection: diff --git a/content/en/docs/v1/operations/faq/serviceaccount-api-access.md b/content/en/docs/v1/operations/faq/serviceaccount-api-access.md index 938433c8..97b69ef1 100644 --- a/content/en/docs/v1/operations/faq/serviceaccount-api-access.md +++ b/content/en/docs/v1/operations/faq/serviceaccount-api-access.md @@ -9,12 +9,12 @@ aliases: ## Prerequisites -Before you begin: - -- A tenant must already exist in Cozystack. +Before you begin, make sure that: +- A tenant already exists in Cozystack. See [Create a User Tenant]({{% ref "/docs/v1/getting-started/create-tenant" %}}) if you haven't created one yet. -- Access to the tenant namespace — either via OIDC credentials or an administrative kubeconfig. -- `kubectl` and `jq` installed and configured. +- You have access to the tenant namespace — either via OIDC credentials or an administrative kubeconfig. +- `kubectl` is installed and configured. +- (Optional) `jq` is installed. ## Retrieving the ServiceAccount Token @@ -61,16 +61,23 @@ ServiceAccount tokens in Cozystack **do not expire** by default. Handle them wit ### Test the Connection -First, get the API server address: +First, verify your kubectl context points to the correct Cozystack cluster: + +```bash +kubectl config current-context +kubectl cluster-info +``` + +Next, get the API server address: ```bash export API_SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') ``` -Next, extract the CA certificate to a file: +Then, extract the CA certificate from the tenant secret: ```bash -kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 -d > ca.crt +kubectl -n tenant- get secret tenant- -o jsonpath='{.data.ca\.crt}' | base64 -d > ca.crt ``` Now, test the connection: