Question

DO API token - Kubernetes authentication

Recommended Steps to Secure a DigitalOcean Kubernetes Cluster article states that after completing the prerequisites, one will end up with Kubernetes superuser that authenticates through a predefined DigitalOcean bearer token.

I assume that it refers to the OAuth token available in the Applications & API section as described in The How to Connect to a DigitalOcean Kubernetes Cluster - I assume i.e. this one:

doks:liquizen-staging-cluster:50717113-86a8-4ed3-8011-e7652636929d_20220309161158

The downloaded kubeconfig file looks like this:

kubeconfig.yaml
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <CERTIFICATE-AUTHORITY-DATA>
    server: https://SOME_CLUSTER.k8s.ondigitalocean.com
  name: do-fra1-my-cluster
contexts:
- context:
    cluster: do-fra1-my-cluster
    user: do-fra1-my-cluster-admin
  name: do-fra1-my-cluster
current-context: do-fra1-my-cluster
kind: Config
preferences: {}
users:
- name: do-fra1-my-admin
  user:
    token: <TOKEN>

Can someone explain to me how the how the whole kubectl authentication process looks like in this case because I am still missing something. I searched through the users, roles, rolebindings, clusterroles, clusterrolesbinding, serviceaccounts and I can’t find neither the do-fra1-my-admin user nor the token.

The token can be also used in the http request:

curl -k -v -XGET -H ‘Authorization: Bearer <TOKEN>’ ‘https://SOME_CLUSTER_ID.k8s.ondigitalocean.com/api/v1/nodes?limit=50’ | jq -C . | less -R


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer