diff --git a/pkg/clientaccess/kubeconfig.go b/pkg/clientaccess/kubeconfig.go
new file mode 100644
index 0000000000..4aa5db4303
--- /dev/null
+++ b/pkg/clientaccess/kubeconfig.go
@@ -0,0 +1,48 @@
+package clientaccess
+
+import (
+	"io/ioutil"
+
+	"github.com/pkg/errors"
+	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+)
+
+// WriteClientKubeConfig generates a kubeconfig at destFile that can be used to connect to a server at url with the given certs and keys
+func WriteClientKubeConfig(destFile string, url string, serverCAFile string, clientCertFile string, clientKeyFile string) error {
+	serverCA, err := ioutil.ReadFile(serverCAFile)
+	if err != nil {
+		return errors.Wrapf(err, "failed to read %s", serverCAFile)
+	}
+
+	clientCert, err := ioutil.ReadFile(clientCertFile)
+	if err != nil {
+		return errors.Wrapf(err, "failed to read %s", clientCertFile)
+	}
+
+	clientKey, err := ioutil.ReadFile(clientKeyFile)
+	if err != nil {
+		return errors.Wrapf(err, "failed to read %s", clientKeyFile)
+	}
+
+	config := clientcmdapi.NewConfig()
+
+	cluster := clientcmdapi.NewCluster()
+	cluster.CertificateAuthorityData = serverCA
+	cluster.Server = url
+
+	authInfo := clientcmdapi.NewAuthInfo()
+	authInfo.ClientCertificateData = clientCert
+	authInfo.ClientKeyData = clientKey
+
+	context := clientcmdapi.NewContext()
+	context.AuthInfo = "default"
+	context.Cluster = "default"
+
+	config.Clusters["default"] = cluster
+	config.AuthInfos["default"] = authInfo
+	config.Contexts["default"] = context
+	config.CurrentContext = "default"
+
+	return clientcmd.WriteToFile(*config, destFile)
+}
diff --git a/pkg/clientaccess/clientaccess.go b/pkg/clientaccess/token.go
similarity index 84%
rename from pkg/clientaccess/clientaccess.go
rename to pkg/clientaccess/token.go
index bb981d8b6a..585130f1ae 100644
--- a/pkg/clientaccess/clientaccess.go
+++ b/pkg/clientaccess/token.go
@@ -12,8 +12,6 @@ import (
 	"strings"
 
 	"github.com/pkg/errors"
-	"k8s.io/client-go/tools/clientcmd"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 )
 
 var (
@@ -33,45 +31,6 @@ const (
 
 type OverrideURLCallback func(config []byte) (*url.URL, error)
 
-// WriteClientKubeConfig generates a kubeconfig at destFile that can be used to connect to a server at url with the given certs and keys
-func WriteClientKubeConfig(destFile string, url string, serverCAFile string, clientCertFile string, clientKeyFile string) error {
-	serverCA, err := ioutil.ReadFile(serverCAFile)
-	if err != nil {
-		return errors.Wrapf(err, "failed to read %s", serverCAFile)
-	}
-
-	clientCert, err := ioutil.ReadFile(clientCertFile)
-	if err != nil {
-		return errors.Wrapf(err, "failed to read %s", clientCertFile)
-	}
-
-	clientKey, err := ioutil.ReadFile(clientKeyFile)
-	if err != nil {
-		return errors.Wrapf(err, "failed to read %s", clientKeyFile)
-	}
-
-	config := clientcmdapi.NewConfig()
-
-	cluster := clientcmdapi.NewCluster()
-	cluster.CertificateAuthorityData = serverCA
-	cluster.Server = url
-
-	authInfo := clientcmdapi.NewAuthInfo()
-	authInfo.ClientCertificateData = clientCert
-	authInfo.ClientKeyData = clientKey
-
-	context := clientcmdapi.NewContext()
-	context.AuthInfo = "default"
-	context.Cluster = "default"
-
-	config.Clusters["default"] = cluster
-	config.AuthInfos["default"] = authInfo
-	config.Contexts["default"] = context
-	config.CurrentContext = "default"
-
-	return clientcmd.WriteToFile(*config, destFile)
-}
-
 type Info struct {
 	CACerts  []byte `json:"cacerts,omitempty"`
 	BaseURL  string `json:"baseurl,omitempty"`