KKPCTL: The Command Line Tool for Kubermatic Kubernetes Platform


KKPCTL is a command line tool written by Cedric Kienzler in early 2021 which implements parts of the Kubermatic Kubernetes Platform (KKP) API and lets you access the API via your command line. The way to use it is similar to tools like kubectl. It’s an open source project hosted on https://github.com/cedi/kkpctl.

The Author

Cedric Kienzler is a software engineer who leads the Kubernetes Site Reliability Engineering team at German Edge Cloud. In his free time he likes to contribute to open source projects, as well as create his own. Cedric created KKPCTL to streamline his work with the Kubermatic API. He also founded Open Infrastructure, a project which focuses on making infrastructure more accessible.


KKPCTL is a go project, so you should have go installed and your GOPATH should be set before you proceed with the installation.

Instead of installing KKPCTL with go get, follow these instructions to clone and build it:

mkdir -p $GOPATH/src/github.com/cedi/
git clone https://github.com/cedi/kkpctl.git $GOPATH/src/github.com/cedi/kkpctl
cd $GOPATH/src/github.com/cedi/kkpctl
make install_release

This installs KKPCTL as a binary tool. To check that it works, run:

kkpctl help

It should print out the help page:

This is a CLI for interacting with the REST API of Kubermatic Kubernetes Platform.
  kkpctl [command]

Available Commands:

If it didn’t work, you should check that the directory with the kkpctl binary ($GOPATH/bin) is in your $PATH.

OIDC login:

kubectl get configmap -n oauth dex -ojson | jq '.data."config.yaml"' --raw-output | yq eval --tojson | jq '.staticClients | [ .[] | select( .id | contains("kubermatic")) ] | .[].secret' --raw-output

KKPCTL Configuration

There are two ways to configure your KKPCTL tool. You can use the kkpctl config command, which lets you configure KKPCTL via your command line. This option, however, only supports the openstack provider at the present time.

# Add your first cloudprovider
kkpctl config add provider openstack --username "user@email.de" --password "my-super-secure-password" --tenant "internal-openstack-tenant" optimist

The second option is to manually set your configuration in the config.yaml file, stored in your $HOME/.config/kkpctl directory. You can generate an empty config file with kkpctl config generate:

# Create an empty configuration
kkpctl config generate -w

# Edit the just created configuration and fill in the details yourself
vim ~/.config/kkpctl/config.yaml

Working With Clusters With KKPCTL

Create your first cluster:

kkpctl add cluster --project 6tmbnhdl7h --datacenter ix2 --provider optimist --version 1.18.13 --labels stage=dev kkpctltest

List your clusters:

kkpctl get cluster --project 6tmbnhdl7h

Describe your first cluster:

kkpctl describe cluster --project 6tmbnhdl7h qvjdddt72t

Working With Cloud Providers

Here are the options for working with cloud providers:

kkpctl add provider $providername

# cmdline options:
# 	--cloud $cloudname	# uses the specified cloud (Default: uses the cloud defined in ctx.cloud
#	--type	 			# MUST match the provider name in the configured KKP (i. e. if the KKP supports an openstack cloud provider, this field must be set to "openstack" to enable this config for this openstack provider)
#	--username			# The username for this cloud provider
#	--password			# the password for this cloud provider
#	--project			# the project where to deploy the worker nodes of a cluster
# example:
# kkpctl add provider optimist_prod --cloud imke-prod --type openstack --username "user@email.com" --password "superSecurePassword!1337"

kkpctl get provider $providername
kkpctl describe provider $providername
kkpctl delete provider $providername

Working With Context

You have the following options for working with context in KKPCTL:

kkpctl ctx get # get all context variables
kkpctl ctx set cloud $cloudname # set the cloud name to the context, for the cloud to use
kkpctl ctx set project $projectname # set the project name to the context, for kkpctl to use

Connecting Your Kubectl to One of the KKP Clusters

This command outputs a kubeconfig file to which you can connect your kubectl:

kkpctl get kubeconfig --project 6tmbnhdl7h qvjdddt72t -w
export KUBECONFIG=./kubeconfig-admin-qvjdddt72t

How Can I Contribute to KKPCTL?

Since KKPCTL is open source, you can start by looking through its issues on github and finding one that you would like to contribute to.

KKPCTL provides an easy way to set up your development environment with devcontainer, which lets you run VSCode inside a Docker container with the setup already prepared for you. See the .devcontainer file in your KKPCTL installation folder.

How Can I Contribute to KKP?

Do you want to contribute to the Kubermatic Kubernetes Platform open source tools? We have a blogpost on that! Find out how you can set up your own development environment here and start to contribute to our projects right away!

Open Source Network of Kubermatic

Kubermatic Kubernetes Platform is now open source, which means you can contribute to its projects by submitting pull requests. Here are some projects that you might be interested in contributing to:

Kubermatic Kubernetes Platform (KKP)

KKP is an open source project under the AGPL-3.0 license, designed to let you manage Kubernetes clusters across multicloud, on-prem and edge. It is hosted under https://github.com/kubermatic/kubermatic. If you want to talk to us about contributing to KKP, you can join the #kubermatic channel on Kubermatic Slack and read the contributing guide for information on the development workflow and how to complete the Certificate of Origin that we require.


KubeOne is a command line tool designed to let you automate cluster operations on cloud, on-prem, edge, and in IoT environments. It’s an open source project under the Apache-2.0 license and hosted under https://github.com/kubermatic/kubeone. For a chat about contributing to Kubeone, join the #kubeone channel on Kubernetes Slack and read the contributing guide for information on how to participate and complete the Certificate of Origin that is required.


KubeCarrier is an open source project under the Apache-2.0 license that enables you to manage applications and services across multiple Kubernetes clusters. It is hosted under https://github.com/kubermatic/kubecarrier. If you would like to contribute, you can look through our list of issues https://github.com/kubermatic/kubecarrier/issues and see our guide on how to contribute to Kubecarrier, as well as the Certificate of Origin required.

Cedric Kienzler

Cedric Kienzler

Site Reliability Engineer

Irina Lindt

Irina Lindt

Software Engineer