All tools should have a .kube/config file and a namespace created for them. This should happen automatically on new tool creation. The config file would set the path to the kube master as well as credentials to access it. This allows people to use kubectl if they want to, but primary use case will be the 'webservice' command which will read this file as well.
It should probably be only readable by the tool since there's no reason for them to modify it.