Question
DO API token - Kubernetes authentication
- Posted on March 9, 2022
- APIKubernetes
Asked by rafalkawecki
Recommended Steps to Secure a DigitalOcean Kubernetes Cluster article states that after completing the prerequisites, one will end up with Kubernetes superuser that authenticates through a predefined DigitalOcean bearer token.
I assume that it refers to the OAuth token available in the Applications & API section as described in The How to Connect to a DigitalOcean Kubernetes Cluster - I assume i.e. this one:
doks:liquizen-staging-cluster:50717113-86a8-4ed3-8011-e7652636929d_20220309161158
The downloaded kubeconfig file looks like this:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <CERTIFICATE-AUTHORITY-DATA>
server: https://SOME_CLUSTER.k8s.ondigitalocean.com
name: do-fra1-my-cluster
contexts:
- context:
cluster: do-fra1-my-cluster
user: do-fra1-my-cluster-admin
name: do-fra1-my-cluster
current-context: do-fra1-my-cluster
kind: Config
preferences: {}
users:
- name: do-fra1-my-admin
user:
token: <TOKEN>
Can someone explain to me how the how the whole kubectl authentication process looks like in this case because I am still missing something. I searched through the users, roles, rolebindings, clusterroles, clusterrolesbinding, serviceaccounts and I can’t find neither the do-fra1-my-admin user nor the token.
The token can be also used in the http request:
curl -k -v -XGET -H ‘Authorization: Bearer <TOKEN>’ ‘https://SOME_CLUSTER_ID.k8s.ondigitalocean.com/api/v1/nodes?limit=50’ | jq -C . | less -R
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!