Skip to content

Allow admins to easily use a viewer kubeconfig by default #71

Open
gardener/gardenctl-v2
#735
Open
Allow admins to easily use a viewer kubeconfig by default#71
gardener/gardenctl-v2
#735
Assignees
jamand
Labels
Q2/2026This topic is relevant for the hackathon in Q2/2026.area/ops-productivityOperator productivity related (how to improve operations)area/securitySecurity relatedkind/enhancementEnhancement, improvement, extensionlifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.teamsize/smallA team of 1-2 people.
@maboehm

Description

@maboehm
maboehm
opened on Apr 20, 2026

How to categorize this topic?

/area security
/area ops-productivity
/kind enhancement

/label teamsize/small

What is the topic about?:
Using gardenctl, a admin always gets a adminkubeconfig when connecting to shoots or seeds. It would be great, if I can configure in my gardenctl something like this:

gardens:
- name: prd
  kubeconfig: /secret/path
  config:
    useViewerKubeconfig: always|shoots|managedseeds|never

And then also introduce a flag like --admin or --viewer to overwrite this for any gardenctl target command.

Metadata

Metadata

Assignees

Labels

Q2/2026This topic is relevant for the hackathon in Q2/2026.area/ops-productivityOperator productivity related (how to improve operations)area/securitySecurity relatedkind/enhancementEnhancement, improvement, extensionlifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.teamsize/smallA team of 1-2 people.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions