Zum Inhalt

Working with VS Code

This guide helps you connet your recommended IDE VS Code.

Setup the IDE VS Code

  • Install the IDE VS Code
  • Install the kubernetes extension in VS Code
  • Install the remote SSH extension in VS Code
  • Aquire a kubeconfig from an administrator from a service account with sufficent rights to connect to the api.
  • Place the kubeconfig in the standard kubernetes directory ~/.kube/config
  • Use the kubernetes extension, select the proper kubeconfig and connect to kubernetes via the extension. Errors fetching namespaces might be desired from the administrator.
  • Create a Developer CRD wiht your public key credentials
  • Navigate to your developer pod created by the Developer CRD under workloads and right click to forward all ports
  • Connect via remote SSH wiht this recommended settings:


Host "Development Pod"
  User root
  Port 2222
  ForwardAgent yes
  IdentityFile ~/.ssh/id_ed25519
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
  # ProxyJump vagrant
  • If you are connecting over a vs code remote shell, you can use the ProxyJump setting from above.
  • If you are connected, open the projects root folder
  • You are now ready to start coding. You can switch to the master branch and create for example a feature branch.
  • You can access your webserver via or

In case you use vs code via a remote host you can make kubectl port-forward listen to all interfaces via alias in your profile (e.g. /etc/profile.d/vscode.sh).


# Make vs code listen too all interfaces
kubectl() {
    if [ "$1" = "port-forward" ]
        echo "Alias kubectl port-forward --address $vars"
        command kubectl port-forward --address $vars
        command kubectl $@

If you don`t use a ForwardAgent SSH agent you can add the key to development pod

  1. Add a new connection
  2. Place your key in ~/.ssh/id_ed25519 or create a new key with ssh-keygen -t ed25519
  3. chmod 600 ~/.ssh/id_ed25519

Guide to create a kubeconfig from the default service account

This is not fully working or incomplete. We keep this part for future reference.

mkdir -p ~/.kube
chmod 600 ~/.kube

# Point to the internal API server hostname
# Path to ServiceAccount token
# Read this Pod's namespace
# Read the ServiceAccount bearer token
# Reference the internal certificate authority (CA)
# Explore the API with TOKEN
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api

TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
cat << EOF > ~/.kube/config
apiVersion: v1
- cluster:
    server: https://kubernetes.default.svc:8443
  name: local
- context:
    cluster: local
    namespace: $NAMESPACE
    user: namespace-token-user
  name: default
current-context: default
kind: Config
preferences: {}
- name: namespace-token-user
    token: $TOKEN
chmod 600 ~/.kube/config