DO API token - Kubernetes authentication

Recommended Steps to Secure a DigitalOcean Kubernetes Cluster article states that after completing the prerequisites, one will end up with Kubernetes superuser that authenticates through a predefined DigitalOcean bearer token.

I assume that it refers to the OAuth token available in the Applications & API section as described in The How to Connect to a DigitalOcean Kubernetes Cluster - I assume i.e. this one:


The downloaded kubeconfig file looks like this:

apiVersion: v1
- cluster:
    certificate-authority-data: <CERTIFICATE-AUTHORITY-DATA>
  name: do-fra1-my-cluster
- context:
    cluster: do-fra1-my-cluster
    user: do-fra1-my-cluster-admin
  name: do-fra1-my-cluster
current-context: do-fra1-my-cluster
kind: Config
preferences: {}
- name: do-fra1-my-admin
    token: <TOKEN>

Can someone explain to me how the how the whole kubectl authentication process looks like in this case because I am still missing something. I searched through the users, roles, rolebindings, clusterroles, clusterrolesbinding, serviceaccounts and I can’t find neither the do-fra1-my-admin user nor the token.

The token can be also used in the http request:

curl -k -v -XGET -H ‘Authorization: Bearer <TOKEN>’ ‘’ | jq -C . | less -R

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer