Question

Extend kubernetes config lease

Currently, the only way to access Kubernetes is by downloading the config file on the dashboard: https://cloud.digitalocean.com/kubernetes/clusters/mycluster , and adding it into ~/.kube/config . By default, this config file lives a few days at most.

Is there a way to either get extended lease on this config, or generate a permanent authorization config for development?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

For anyone else who’s interested. This API is undocumented, but if you have an api token with read access, this will get you the current valid kubeconfig.

curl --request GET \
  --url https://api.digitalocean.com/v2/kubernetes/clusters/<cluster-id>/kubeconfig \
  --header 'authorization: Bearer <digitalocean-token>'

That’s all you’d need for your CI config.

This comment has been deleted

I think it’s in the known issues here: https://www.digitalocean.com/docs/kubernetes/overview/

The Certificate Authority, Client Certificate, and Client Key data in the kubeconfig.yaml file are rotated weekly.

I understand why. I just wish it was easy to generate one restricted to a namespace, or to retrieve the config somehow via an api using an API token. My CI builds fail every week because of this.

I noticed that from time-to time our pipeline fails because of conf becomes invalid? is it documented somewhere?